Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59720

Delete personal data when it is no longer required

    XMLWordPrintable

Details

    • MOODLE_34_STABLE
    • MDL-59720_master
    • Hide

      Note that this issue is blocked by MDL-61743; MDL-61743 is a requirement because otherwise the link to core_privacy does not work properly and you may get errors during the scheduled task execution.

      Prerequisites

      1. You will need the following:
        • course1, A course without end date
        • course2, An ongoing course (course start date < now < course end date)
        • course3, A finished course (course end date < now)
        • user1, A non-admin user that has logged in at some point in the past (just log in if you don't have any) and without enrolments
        • user3, A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course1
        • user4, A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course2
        • user2, A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course3

      Test

      1. Log in as admin
      2. Go to "Site admin > Privacy and policy > Data registry"
      3. Select 'Site' node from the contexts tree if it is not already selected
      4. Create a new category and a new purpose (the purpose with retention period of 0 years)
      5. Press 'Save changes' so the category and the purpose you just added are linked to the 'Site' node
      6. Open a CLI and execute this: php admin/tool/task/cli/schedule_task.php --execute=\\tool_dataprivacy\\task
        expired_retention_period
      7. You SHOULD see some "Deleting context XX - User: YY" messages; user1 and user2 SHOULD appear there
      8. You SHOULD see some "Deleting context XX - Course: YY" messages; course3 SHOULD appear there
      Show
      Note that this issue is blocked by MDL-61743 ; MDL-61743 is a requirement because otherwise the link to core_privacy does not work properly and you may get errors during the scheduled task execution. Prerequisites You will need the following: course1 , A course without end date course2 , An ongoing course (course start date < now < course end date) course3 , A finished course (course end date < now) user1 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) and without enrolments user3 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course1 user4 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course2 user2 , A non-admin user that has logged in at some point in the past (just log in if you don't have any) with an enrolment to course3 Test Log in as admin Go to "Site admin > Privacy and policy > Data registry" Select 'Site' node from the contexts tree if it is not already selected Create a new category and a new purpose (the purpose with retention period of 0 years) Press 'Save changes' so the category and the purpose you just added are linked to the 'Site' node Open a CLI and execute this: php admin/tool/task/cli/schedule_task.php --execute=\\tool_dataprivacy\\task expired_retention_period You SHOULD see some "Deleting context XX - User: YY" messages; user1 and user2 SHOULD appear there You SHOULD see some "Deleting context XX - Course: YY" messages; course3 SHOULD appear there

    Description

      This is a new setting that will allow user data to be anonymised if a user has not logged into Moodle for X period (years?). 

      We should exclude site admins and consider what will happen with ldap syncs etc.

       

      User Stories Acceptance Criteria
      Moodle should delete personal data when it is no longer required in order to comply with the principals of "privacy by design".
      • There should be a site administration setting (under privacy) which will delete user data automatically if they have not been used for X period.
      • Admin accounts should never be deleted according to this setting.
      • Authentication plugins should be able to specify that their users are exempt (e.g. ldap users). 
      • If a user matches this criteria, they should be deleted from Moodle using the standard deletion functions.

      Attachments

        Issue Links

          Activity

            People

              dmonllao David Monllaó
              damyon Damyon Wiese
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: