[wp-meta] [Making WordPress.org] #3244: Data Protection and Bank Detail issues
Making WordPress.org
noreply at wordpress.org
Thu Nov 2 11:00:40 UTC 2017
#3244: Data Protection and Bank Detail issues
-------------------------------------+-----------------
Reporter: Hugo Finley | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: WordCamp Site & Plugins | Keywords:
-------------------------------------+-----------------
Within the Reimbursement back end of the WordCamp Sites personal details
are being stored forever, and any organiser who has access can still see
everyones personal details.
1. Scrub the financial bank details after the set auditing time or at time
of reimbursement.
Solution: I am aware that WordCamp will have to store financial data for a
while but it is important to know that volunteers bank details will not be
stored after they are no longer needed. WordCamp can retain the amounts
but scrub the bank details as soon as they are allowed to. I do generally
believe that personal bank details should be scrubbed as soon as the claim
is paid, mostly because WordCamp should of stored this information
somewhere more secure when making payments and also because you have
receipts which are proof of payment.
2. Currently any organiser continues to have access to the back end of any
WordCamp site they were an organiser for and all of these sites hold
peoples personal addresses and bank details too.
Solution: Deny access to all financial information apart from budgets once
the camp has been signed off.
I am concerned about data protection and a little about financial conduct,
I have a good understanding about data protection too, and kind of feel
some of these changes need to be considered carefully. If WordCamp was
hacked it is potentially a identity theft goldmine as it stores peoples
home addresses and bank details.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3244>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list