I wrote a piece in Skrift on Umbraco & Privacy this month and would love to spur a bit of discussion from the community on how we might move privacy considerations forward within the project.
Below, I’ve summarised a few of the points from it and would value any feedback you may have:
Recognise Privacy as a core ongoing component of the project
Give greater visibility to Privacy issues on the tracker by being able to label them project/privacy or category/privacy. There are a few existing issues that could be included in this.
Any other suggestions for how Privacy can be given greater visibility?
Create a Privacy Team
This team could:
develop a privacy roadmap;
triage privacy-related issues on the issue tracker;
develop best-practice guidance/documentation for building packages with privacy by design;
The team could be a mix of community and HQ. A point person HQ would be key to giving the team a voice.
Any other functions a Privacy Team could carry out?
Data Discovery in Core
One of the ways that would make it easier to provide compliance features within the Core or by extending it via packages is to have a dependable way of discovering personal data. This can be an issue at the moment because beyond Core, packages can store personal data in tables that they create, and Core does not know anything about.
One way of doing this is to provide API’s for packages to register where personal data is stored. This is how other CMSs (e.g. Drupal) has achieved this.
Is there a different approach Umbraco could take?
Privacy & Package Development
This is a challenge – how do we work towards a way to provide confidence to people using packages that they have been developed with privacy compliance in mind?
It’s been suggested to me that we’d need to move toward an Apple App Store model where submissions are reviewed to make sure they meet standards. But are there other steps we can take in the short term?
As mentioned above – creating Core API’s to aid in data discovery and creating privacy guidance for package developers could be a start. Some other suggestions are:
Provide a package privacy audit that developers could answer questions to, the results of which would be available on the packages’ page on Our, that could give an indication to the person installing it what privacy considerations have been included.
Could the Privacy Team/HQ audit packages? For some businesses where compliance of the components they use are required, this could be a useful service and one that may work as a paid HQ service, the outcome of which the community would benefit from if a package passes such an audit and the results are available to the community.
Do you have any suggestions for how package development could be improved for Privacy?
Use the Consent Service
We have a Consent Service – but is it used? There is a consent property that can be put on Umbraco Forms – but it doesn’t link with the Consent Service.
Does it solve a problem for people as is, or does it need to provide more utility to be used?
Encrypted Fields
This is a discussion that has come up before. We’ve seen other CMSs provide for it in Core if the developer chooses to use it. It’s mentioned in the GDPR (data protection regulation) numerous times as a means to achieve better security and some businesses have an absolute requirement to use it.
We have the concept of Sensitive fields in Forms & Member profiles, but this data that has been explicitly marked as sensitive, is not currently encrypted at rest in the database.
Is it time to provide for the ability to encrypt personal data within the Core, how best could that be provided for?
It would be really great if you friendly community folks could weigh in on any of the points above that grab you. I’d also love to hear any input from HQ.
I was a good post and great initiative part-taking in the cross-cms workgroup! #h5yr
I don't know if a dedicated privacy team is called for, but I would like to take part in the discussion with both community and HQ.
I see a large part of it possible with collaboration with the docs team and pr team. I particularly like the focus on ensuring that package devs has accessible information on what to be aware of. On the other hand a privacy check list as a documented step of pull request reviews may be something worth investigating?
I see a pitfall in over-engineering these features in core. Tool support is good but may not be trivial to implement and come at a cost of complexity.
Data discovery may be something that should be done at the db level with dedicated tools?
A paid-for review service is a good thing but I doubt we have critical mass of commercial packages who can/will pay for this? A community team could be an option?
Encryption at rest is a must for PII etc. Again, can we lean on db features here to keep things simple? I am not too familiar with the db access level and currently unable to evaluate the best approach here.
Unstructured, random ramblings. I'd be happy to dig a bit deeper at a later point in time.
Umbraco and Privacy - Where to from here?
Hello all!
I wrote a piece in Skrift on Umbraco & Privacy this month and would love to spur a bit of discussion from the community on how we might move privacy considerations forward within the project.
You can find it here.
Below, I’ve summarised a few of the points from it and would value any feedback you may have:
Recognise Privacy as a core ongoing component of the project
Give greater visibility to Privacy issues on the tracker by being able to label them project/privacy or category/privacy. There are a few existing issues that could be included in this.
Any other suggestions for how Privacy can be given greater visibility?
Create a Privacy Team
This team could:
The team could be a mix of community and HQ. A point person HQ would be key to giving the team a voice.
Any other functions a Privacy Team could carry out?
Data Discovery in Core
One of the ways that would make it easier to provide compliance features within the Core or by extending it via packages is to have a dependable way of discovering personal data. This can be an issue at the moment because beyond Core, packages can store personal data in tables that they create, and Core does not know anything about.
One way of doing this is to provide API’s for packages to register where personal data is stored. This is how other CMSs (e.g. Drupal) has achieved this.
Is there a different approach Umbraco could take?
Privacy & Package Development
This is a challenge – how do we work towards a way to provide confidence to people using packages that they have been developed with privacy compliance in mind?
It’s been suggested to me that we’d need to move toward an Apple App Store model where submissions are reviewed to make sure they meet standards. But are there other steps we can take in the short term?
As mentioned above – creating Core API’s to aid in data discovery and creating privacy guidance for package developers could be a start. Some other suggestions are:
Do you have any suggestions for how package development could be improved for Privacy?
Use the Consent Service
We have a Consent Service – but is it used? There is a consent property that can be put on Umbraco Forms – but it doesn’t link with the Consent Service.
Does it solve a problem for people as is, or does it need to provide more utility to be used?
Encrypted Fields
This is a discussion that has come up before. We’ve seen other CMSs provide for it in Core if the developer chooses to use it. It’s mentioned in the GDPR (data protection regulation) numerous times as a means to achieve better security and some businesses have an absolute requirement to use it.
We have the concept of Sensitive fields in Forms & Member profiles, but this data that has been explicitly marked as sensitive, is not currently encrypted at rest in the database.
Is it time to provide for the ability to encrypt personal data within the Core, how best could that be provided for?
It would be really great if you friendly community folks could weigh in on any of the points above that grab you. I’d also love to hear any input from HQ.
Thanks for reading my ramblings!
Alan
I was a good post and great initiative part-taking in the cross-cms workgroup! #h5yr
I don't know if a dedicated privacy team is called for, but I would like to take part in the discussion with both community and HQ.
I see a large part of it possible with collaboration with the docs team and pr team. I particularly like the focus on ensuring that package devs has accessible information on what to be aware of. On the other hand a privacy check list as a documented step of pull request reviews may be something worth investigating?
I see a pitfall in over-engineering these features in core. Tool support is good but may not be trivial to implement and come at a cost of complexity. Data discovery may be something that should be done at the db level with dedicated tools?
A paid-for review service is a good thing but I doubt we have critical mass of commercial packages who can/will pay for this? A community team could be an option?
Encryption at rest is a must for PII etc. Again, can we lean on db features here to keep things simple? I am not too familiar with the db access level and currently unable to evaluate the best approach here.
Unstructured, random ramblings. I'd be happy to dig a bit deeper at a later point in time.
Thanks for taking the lead on this!
/Frederik
is working on a reply...