https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33284
Bug ID: 33284
Summary: checkout_renewals table retains checkout history in
violation of patron privacy
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Circulation
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected], [email protected]
Depends on: 30275
The checkout_renewals table introduced in bug 30275 can retain a link between a
patron and an issue_id when the patron's privacy is set to Never. That data
should be anonymized.
To recreate:
- have a patron with their privacy set to Never retain reading history
- check an item out to the patron, renew it via the OPAC
- confirm your patron's borrowernumber can be found in
checkout_renewals.renewer_id and the issue_id for your checkout can be found in
checkout_renewals.checkout_id
- check your item in
- confirm your patron's borrowernumber has been removed from
old_issues.borrowernumber
- confirm your patron's borrowernumber and the issue_id for your checkout can
still be found in checkout_renewals.checkout_id (along with a note that the
renewal happened via the OPAC, thereby making it perfectly clear that this was
a patron renewing the item they had checked out themselves).
Should we not replace checkout_renewals.renewer_id with the anonymous patron's
borrowernumber when the item is returned, if the patron is set to not retain
reading history?
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30275
[Bug 30275] Checkout renewals should be stored in their own table
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
