Polishing functions in the Privacy module (MGNLPRIV-20)

[MGNLPRIV-23] Disallow specifying email on the consent confirmation page Created: 01/Jun/18  Updated: 15/Jun/18  Resolved: 15/Jun/18

Status: Closed
Project: Privacy
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Sub-task Priority: Neutral
Reporter: Martin Drápela Assignee: Unassigned
Resolution: Obsolete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2018-06-01-10-56-40-189.png    
Template:
Date of First Response:
Sprint: Kromeriz 151, Kromeriz 152

 Description   

On this page

/travel/contact/confirmation

we should disallow specifying the email address to which the GDPR report will be sent.

  • The Report should be sent only to the user who is authorized to create, send and read the report, hence probably the one whose email is already registered in the system under one of the personalFields.
  • Cause if the user made a typo while entering "his/her" email, the report with all the personal data could potentially end up in somebody else's hands which is a big GDPR no no.

The page in the end should probably look only just like this:

A second sub-issue:

The email which delivers the report could have GDPR Report in the subject line and the following text in the body:

 

Hello

Please find in the attachment a zipped GDPR report containing files with references to all your personal data used by the site.

Thank you


 Comments   
Comment by Roman Kovařík [ 01/Jun/18 ]

The Report should be sent only to the user who is authorized to create, send and read the report

The report is send only to the visitor clicking the button. You would need to know the visitor ID (which is stored in visitor browser or email, so you'd need an access to his computer), to get his data.

Cause if the user made a typo while entering "his/her" email.

Visitor can always expose his own data in different ways, but that's not a problem of the data processor.
Moreover there is no "proper" way to get the visitor email, visitor can have multiple records with different emails or no email at all.

In reality, you can execute multiple confirmation levels (phone/email/post office ) before providing the data, but that would be hard to demo.

Comment by Martin Drápela [ 01/Jun/18 ]

If we leave the mail address input field, could we attach to it a processor that would make sure that the report is sent only when the email entered in the field is found in the database and the visitorID is the same for both (in simple terms):

createdReport(visitorID)
email(visitorID)

?

If somebody enters a wrong email, no send action will occur.

(just a suggestion ... but this is what actually happens underneath when the form is being created and sent)

Comment by Roman Kovařík [ 15/Jun/18 ]

Closing as obsolete, the email is now the visitor ID itself.

Generated at Mon Feb 12 10:30:53 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.