Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66752

Develop an automatic approval tool for delete/export of personal data with a standard completion reply

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      Prerequisite
      1. A working outgoing email setup. You can use Mailcatcher or Mailhog.
      2. Make sure that the "noreplyaddress" admin setting is properly set (e.g. noreply@example.com)
      Automatic data export request approval turned on. Requesting as student.
      1. Go to "Site administration / Users / Privacy and policies / Privacy settings"
      2. Turn on "Contact the privacy officer" (tool_dataprivacy | contactdataprotectionofficer)
      3. Turn on "Automatic data export request approval" (tool_dataprivacy | automaticdataexportapproval) as well.
      4. Save the changes.
      5. Log in as a student.
      6. Go to your profile
      7. Press "Export all of my personal data"
      8. Enter a comment and press "Save changes"
      9. Confirm that you see that your request is already marked as approved.
      10. Check your email inbox (e.g. in the mailcatcher UI)
      11. Confirm that you did not get an email addressed to the admin about the data export request.
      12. Run cron.
      13. Confirm that you get an email addressed to the student that the student's data is now ready for download.
      14. Check the email's "Reply-To" data.
      15. Confirm that the "Reply-To" email address is from the site's noreplyaddress.
      Automatic data export request approval turned on. Requesting as a privacy officer.
      1. Log in as admin/privacy officer.
      2. Go to "Site administration / Users / Privacy and policies / Data requests"
      3. Press "New request"
      4. Create a data export request for a student.
      5. Enter a comment and press "Save changes"
      6. Confirm that you see that the data export request for the student is already marked as approved.
      7. Run cron.
      8. Confirm that you get an email addressed to the student that the student's data is now ready for download.
      9. Check the email's "Reply-To" data.
      10. Confirm that the "Reply-To" email address is from the privacy officer who made the data export request.
      Automatic data export request approval turned off
      1. Log in as admin and turn off "Automatic data export request approval" (tool_dataprivacy | automaticdataexportapproval) as well.
      2. Now create a data export request either as a student or as an admin.
      3. Confirm that the data request's status is set to "Awaiting approval".
      Automatic data deletion request approval turned on. Requesting as student.
      1. Go to "Site administration / Users / Privacy and policies / Privacy settings"
      2. Turn on "Contact the privacy officer" (tool_dataprivacy | contactdataprotectionofficer)
      3. Turn on "Automatic data deletion request approval" (tool_dataprivacy | automaticdatadeletionapproval) as well.
      4. Save the changes.
      5. Log in as a student.
      6. Go to your profile
      7. Press "Delete my account"
      8. Enter a comment and press "Save changes"
      9. Confirm that you see that your request is already marked as approved.
      10. Check your email inbox (e.g. in the mailcatcher UI)
      11. Confirm that you did not get an email addressed to the admin about the data dletion request.
      12. Run cron.
      13. Confirm that you get an email addressed to the student that the student's data is now deleted.
      14. Check the email's "Reply-To" data.
      15. Confirm that the "Reply-To" email address is from the site's noreplyaddress.
      Automatic data deletion request approval turned on. Requesting as a privacy officer.
      1. Log in as admin/privacy officer.
      2. Go to "Site administration / Users / Privacy and policies / Data requests"
      3. Press "New request"
      4. Create a data deletion request for a student.
      5. Enter a comment and press "Save changes"
      6. Confirm that you see that the data deletion request for the student is already marked as approved.
      7. Run cron.
      8. Confirm that you get an email addressed to the student that the student's account has now been deleted.
      9. Check the email's "Reply-To" data.
      10. Confirm that the "Reply-To" email address is from the site's noreplyaddress. (since we're using "email_to_user()" when processing deletion requests and not "message_send()")
      Automatic data deletion request approval turned off
      1. Log in as admin and turn off "Automatic data deletion request approval" (tool_dataprivacy | automaticdatadeletionapproval) as well.
      2. Now create a data deletion request either as a student or as an admin.
      3. Confirm that the data request's status is set to "Awaiting approval".
      Show
      Prerequisite A working outgoing email setup. You can use Mailcatcher or Mailhog. Make sure that the " noreplyaddress " admin setting is properly set (e.g. noreply@example.com) Automatic data export request approval turned on. Requesting as student. Go to " Site administration / Users / Privacy and policies / Privacy settings " Turn on " Contact the privacy officer " ( tool_dataprivacy | contactdataprotectionofficer ) Turn on " Automatic data export request approval " ( tool_dataprivacy | automaticdataexportapproval ) as well. Save the changes. Log in as a student. Go to your profile Press " Export all of my personal data " Enter a comment and press " Save changes " Confirm that you see that your request is already marked as approved. Check your email inbox (e.g. in the mailcatcher UI) Confirm that you did not get an email addressed to the admin about the data export request. Run cron. Confirm that you get an email addressed to the student that the student's data is now ready for download. Check the email's "Reply-To" data. Confirm that the " Reply-To " email address is from the site's noreplyaddress . Automatic data export request approval turned on. Requesting as a privacy officer. Log in as admin/privacy officer. Go to " Site administration / Users / Privacy and policies / Data requests " Press " New request " Create a data export request for a student. Enter a comment and press " Save changes " Confirm that you see that the data export request for the student is already marked as approved. Run cron. Confirm that you get an email addressed to the student that the student's data is now ready for download. Check the email's "Reply-To" data. Confirm that the " Reply-To " email address is from the privacy officer who made the data export request. Automatic data export request approval turned off Log in as admin and turn off " Automatic data export request approval " ( tool_dataprivacy | automaticdataexportapproval ) as well. Now create a data export request either as a student or as an admin. Confirm that the data request's status is set to " Awaiting approval ". Automatic data deletion request approval turned on. Requesting as student. Go to " Site administration / Users / Privacy and policies / Privacy settings " Turn on " Contact the privacy officer " ( tool_dataprivacy | contactdataprotectionofficer ) Turn on " Automatic data deletion request approval " ( tool_dataprivacy | automaticdatadeletionapproval ) as well. Save the changes. Log in as a student. Go to your profile Press " Delete my account " Enter a comment and press " Save changes " Confirm that you see that your request is already marked as approved. Check your email inbox (e.g. in the mailcatcher UI) Confirm that you did not get an email addressed to the admin about the data dletion request. Run cron. Confirm that you get an email addressed to the student that the student's data is now deleted. Check the email's "Reply-To" data. Confirm that the " Reply-To " email address is from the site's noreplyaddress . Automatic data deletion request approval turned on. Requesting as a privacy officer. Log in as admin/privacy officer. Go to " Site administration / Users / Privacy and policies / Data requests " Press " New request " Create a data deletion request for a student. Enter a comment and press " Save changes " Confirm that you see that the data deletion request for the student is already marked as approved. Run cron. Confirm that you get an email addressed to the student that the student's account has now been deleted. Check the email's "Reply-To" data. Confirm that the " Reply-To " email address is from the site's noreplyaddress . (since we're using " email_to_user() " when processing deletion requests and not " message_send() ") Automatic data deletion request approval turned off Log in as admin and turn off " Automatic data deletion request approval " ( tool_dataprivacy | automaticdatadeletionapproval ) as well. Now create a data deletion request either as a student or as an admin. Confirm that the data request's status is set to " Awaiting approval ".
    • Affected Branches:
      MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_39_STABLE
    • Pull Master Branch:
      MDL-66752-master-2
    • Story Points:
      4
    • Sprint:
      Internationals - 3.9 Sprint 1, International 3.9 - Sprint 3

      Description

      Hi,

      every time a user logged in a Community site makes a request of deletion or export of his personal data to privacy@moodle.com this request is in “awaiting status” on all the community sites. I have then to approve it manually. Screenshot attached.

       

      For every request I receive a notification in my inbox (in fact privacy@moodle.com is linked with carlo@moodle.com on Salesforce and in my inbox of course): the idea is that I would like to process only tickets with general inquiries because they need an a case by case response. So that, I can reply to the person that made the request that the request made has been processed.

      Now, considering that I receive about 60 requests per week, the logical thing is developing an automated way to process deletion and export of personal data and automatically reply that the request has been processed.

      The email address privacy@moodle.com should be checked by me only in case of General inquiries (this possibility is already an option of any user and can be activated on the profile page.)

      My request is perfectly compliant with Privacy law since every request we receive is made while the person is logged in so the verification of his identity is ok.

      This automation would save me lots of time.

      The automatic response for deletion and export should be:

       

      "

      Hi,

      your request has been processed.

       

      Regards,

      Moodle Privacy officer

       

      "

      To sum up, we need:

       

      1) Developing the tool to automatize the export/deletion request

      2) Enable such option 1) in our sites

       

      Could you please work on that?

      Thanks in advance,

       

      Carlo

       

        Attachments

        1. Screenshot_4.png
          Screenshot_4.png
          52 kB
        2. Screenshot_3.png
          Screenshot_3.png
          240 kB
        3. Screenshot_2.png
          Screenshot_2.png
          143 kB
        4. Screenshot_1.png
          Screenshot_1.png
          168 kB
        5. AWAITING STATUS.jpg
          AWAITING STATUS.jpg
          164 kB

          Issue Links

            Activity

              People

              Assignee:
              jpataleta Jun Pataleta
              Reporter:
              carlopolizzi Carlo Polizzi
              Peer reviewer:
              Shamim Rezaie
              Integrator:
              Sara Arjona (@sarjona)
              Tester:
              Janelle Barcega
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Jun/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 6 hours, 56 minutes
                  2d 6h 56m