[wp-meta] [Making WordPress.org] #3244: Data Protection and Bank Detail issues

Making WordPress.org noreply at wordpress.org
Thu Nov 2 11:00:40 UTC 2017

#3244: Data Protection and Bank Detail issues
 Reporter:  Hugo Finley              |      Owner:
     Type:  defect                   |     Status:  new
 Priority:  normal                   |  Milestone:
Component:  WordCamp Site & Plugins  |   Keywords:
 Within the Reimbursement back end of the WordCamp Sites personal details
 are being stored forever, and any organiser who has access can still see
 everyones personal details.

 1. Scrub the financial bank details after the set auditing time or at time
 of reimbursement.

 Solution: I am aware that WordCamp will have to store financial data for a
 while but it is important to know that volunteers bank details will not be
 stored after they are no longer needed. WordCamp can retain the amounts
 but scrub the bank details as soon as they are allowed to. I do generally
 believe that personal bank details should be scrubbed as soon as the claim
 is paid, mostly because WordCamp should of stored this information
 somewhere more secure when making payments and also because you have
 receipts which are proof of payment.

 2. Currently any organiser continues to have access to the back end of any
 WordCamp site they were an organiser for and all of these sites hold
 peoples personal addresses and bank details too.

 Solution: Deny access to all financial information apart from budgets once
 the camp has been signed off.

 I am concerned about data protection and a little about financial conduct,
 I have a good understanding about data protection too, and kind of feel
 some of these changes need to be considered carefully. If WordCamp was
 hacked it is potentially a identity theft goldmine as it stores peoples
 home addresses and bank details.

Ticket URL: <https://meta.trac.wordpress.org/ticket/3244>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list