2017-04-25 - Privacy SIG Notes
Date
Meeting recording: https://zoom.us/recording/play/Y3vp3edJxhL7JUlRoBV6fY3Rkxm9YVcTrNza8xTKqhISC8h6zAUIG9ERaki65ydo (recording expires 9-May-2017)
Attendees
Goals
- Introductions, overview of the FOLIO project,
Discussion items
| Time | Item | Who | Notes |
|---|---|---|---|
| 10 min | Introductions | everyone |
|
| 5-15 min | FOLIO overview | ||
| 10 min | Communication tools overview | ||
| 20 min | Start work on the Release 2018 document | How common is it that user data is encrypted and that encryption is auditable? In legacy systems, this may not be common. In a modern system, tools exist to help this to happen. This could mean that access to data is provided through APIs only as the point where the data is decrypted. For reporting purposes, anonymizing/tokenizing data early in the retrieval process may be sufficient to address reporting needs. This is part of the compromise between functionality and privacy. In some cases, information about patrons will be kept in external systems (such as single sign-on), and so what might be kept in FOLIO might be very thin. Just the link to the directory system is required. Encryption of all data globally is not a Release 1 priority but may be important to certain domains. For next meeting: talking about which APIs need to be HTTPs | |
| 5 min | Next steps | Peter Murray | SIGs identify two representatives
Peter Murray is the interim convener and facilitator representative. We will transition both roles to others in the next few meetings. |
| 5 min | Meeting review |
|