I try... ;-)

Am 11.04.2018 um 13:11 schrieb Maxim Solodovnik:
Will write it as a requirement, will see what can be done here
Thanks a lot for the quick answers!

On Wed, Apr 11, 2018 at 5:34 PM, Peter Dähn <da...@vcrp.de <mailto:da...@vcrp.de>> wrote:

    ip-address is now a private date... it have to be at least
    anonymised  after 7 (maybe 14 days)... ipv4 addresses delete last
    8 recommended 16 bit (192.168.123.0 or 192.168.0.0) and ipv6
    preserve first 48 -8 or better 16 Bit (2a00:1234:56:: or
    2a00:1234::) Maybe this could be done automated after 7 Days?

    Greetings Peter

    Am 11.04.2018 um 09:31 schrieb Maxim Solodovnik:
    According "Hash algorithm" I planned to use random UUID
    so All fields will look like this:
    "Purged_54cd4426-1c0a-4ab8-bb35-eb6d26da99cf"

    Are you sure IP should be cleaned-up? There will be no chance to
    "restore" who was this user .....

    On Wed, Apr 11, 2018 at 2:18 PM, Peter Dähn <da...@vcrp.de
    <mailto:da...@vcrp.de>> wrote:

        Hi Maxim,

        I think this list is complete and you are right, this is a
        lot of stuff.

        The option that you suggest sound much more feasible. From my
        point of few this should be enough.

        Hash algorithm need to be state of the art. IP-address in
        ConferenceLog need to be cleaned.

        I think this is a good way.

        Btw... is there is a way/setting to anonymize IP-adresses
        while logging? Otherwise I need to write a script to do so.
        Maybe I need to do it anyway to kick out usernames. Logfiles
        need to be delete after 7 (maybe 14) days or they need to be
        without any userdata.

        Greetings Peter


        Am 11.04.2018 um 06:43 schrieb Maxim Solodovnik:
        Hello Peter,

        Here is the high level list of what need to done to "hard
        delete" user from the system:

         1. delete user
         2. delete all user contacts (also users, so we might have
            recursion here)
         3. delete user from all groups
         4. delete user from room moderators
         5. delete all appointments withowner == user
         6. delete all calendars withowner == user
         7. delete all meeting members in appointments where owner
            != user
         8. delete all Private Messages whereuseris in to/from fields
         9. delete all UserContact + Requests
        10. delete all invitation sent by this user
        11. delete all private rooms owned by this user
        12. delete all user private files/recordings
        13. delete all chat messages send/received by this user
        14. clean email messages
        15. clean all Polls/answers


        This list scares me a lot :(((

        So let's discuss the option: "Mark user deleted and clean-up
        sensitive information"

        What I would propose:

        In Admin->User area

         1. display all users (deleted should be "read-only" with
            restore and purge options only)
         2. add additional "Purge" button
         3. In case Purge will be selected:
             1. User will be marked deleted
             2. AsteriskSipUser and Address will be replaced with
                empty objects
             3. User fields "age, externaluserid, firstname,
                lastname, login, pictureuri" will be replaced with
                "Purged_some_hash"
             4. User profile picture will be deleted
             5. ChatMessage: fromName will be replaced with "Purged
                User"
             6. MailMessage: should be purged (some search by email
                will be required)

        ConferenceLog right now contains userId+UserIp right now, so
        it is 2 numbers should it be cleaned up?

        SOAPLogin contains clientURL and doesn't contains userId, so
        it is impossible to associate SoapLogin object with
        particular user


        Would it be enough?


        On Fri, Apr 6, 2018 at 4:21 PM, Peter Dähn <da...@vcrp.de
        <mailto:da...@vcrp.de>> wrote:

            Hi Maxim,

            hard delete as only option would be the easiest way (for
            the admin). One doesn't need to remind "hard delete" at
            a given time... I think it need to be implemented
            anyway. I thought just the ones that doesn't need to
            take care about these regulation could keep things as
            they are now...

            Greetings Peter


            Am 06.04.2018 um 10:09 schrieb Maxim Solodovnik:

                I'm afraid there will be no option to "final delete
                one record"
                It will be: perform total clean-up and hard delete
                all soft deleted records

                Or better to perform: hard delete as the only option?

                On Fri, Apr 6, 2018 at 2:44 PM, Peter Dähn
                <da...@vcrp.de <mailto:da...@vcrp.de>> wrote:

                    Hi Maxim,

                    "soft" and "final delete" should be enough I
                    think...

                    It just need to be "findable" and described for
                    new admins that provide the
                    service in the EU...

                    jira in a second...

                    Greetings Peter


                    Am 05.04.2018 um 17:47 schrieb Maxim Solodovnik:

                        Hello Peter,

                        This sounds like lots of new testing :(
                        Will try to find time and include it in
                        4.0.3/4.0.4

                        (have very limited time right now :( )
                        Will appreciated any help with testing

                        Would it be OK to perform "final delete" in
                        clean-up widget? i.e.
                        delete will be "soft delete", then in if
                        will push "Clean-up" all soft
                        deleted data will be hard deleted ...
                        Or it doesn't worth to have both? only hard
                        delete will be enough?

                        On Thu, Apr 5, 2018 at 5:55 PM, Peter Dähn
                        <da...@vcrp.de <mailto:da...@vcrp.de>> wrote:

                            Hey there,

                            new privacy regulations will take place
                            on the 25th May 2018 in Europe.
                            You
                            could find informations about it by
                            searching for General Data Protection
                            Regulation (EU) 2016/679.

                            To use openmeetings after the 25th of
                            May (in Europe) there need to be a
                            few
                            changes. We use openmeetings integrated.
                            So I will mainly be focused on
                            the
                            room.

                            I have 3 points that are really necessary:

                            1. User deletion: Datasets of users that
                            will be deleted need to be
                            remove
                            from the database, not just marked as
                            deleted. Probably it is enough to
                            hash
                            those fields.

                                  I think critical fields are in table:

                                         om_user -> age,
                            externaluserid, firstname, lastname, login,
                            pictureuri (and picture itself) and
                            sip_user_id

                             conferencelog -> email,
                            external_user_id, firstname,
                            lastname,
                            user_id, userip

                             soaplogin -> client_url (contains the
                            ip-address)

                             sipusers (here empty so please check)
                            -> defaultuser, host,
                            ipaddr, name

                                         address ->  email, fax, phone

                                         chat -> from_name

                             e-mail_queue (if not empty) ->
                            recipients, replyto

                            2. There need to be a place to place a
                            (customized) privacy policy.

                            3. Registration-Dialog need to have a
                            button/step to agree the data
                            processing. And to this belongs a button
                            to disagree.


                            As far as I can see this need to be done
                            in the first place. I'm sure
                            there
                            are more things to do. Maybe someone can
                            complete it.


                            Greetings Peter









-- WBR
        Maxim aka solomax




-- WBR
    Maxim aka solomax




--
WBR
Maxim aka solomax

Reply via email to