[wp-meta] [Making WordPress.org] #1817: Add Notes Field to Invoice

Making WordPress.org noreply at wordpress.org
Fri Jul 19 00:25:10 UTC 2019 

#1817: Add Notes Field to Invoice
-------------------------------------------------+-------------------------
 Reporter:  Kenshino                             |       Owner:  (none)
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:
Component:  WordCamp Site & Plugins              |  Resolution:
 Keywords:  dev-feedback needs-patch has-        |
  privacy-review                                 |
-------------------------------------------------+-------------------------
Changes (by garrett-eclipse):

 * keywords:  dev-feedback needs-patch needs-privacy-review => dev-feedback
     needs-patch has-privacy-review


Comment:

 Hi @iandunn thanks for flagging the potential GDPR implications.

 From reviewing the original Slack thread and description this seems almost
 more of an admin informative field for notes and I don't see it being used
 to store Personally Identifiable Information (PII). That being said to
 avoid admins from using the field for PII it could be implemented with a
 small note below the field to indicate to Admins that they shouldn't place
 any client/user/admin PII into this field. I personally don't see much of
 a privacy implication here if it's strictly used for admin information and
 won't contain personal information.

 I'm unsure if the current setup for Invoice post types provides that
 information in an export request but feel it should and this field could
 be included in that. As to erasure requests this seems like a field where
 admins will provide information about the invoice such as referring to
 secondary invoices to cover the Paypal fees (From the original Slack
 example), in that case it would be considered potentially integral
 information and would be omitted from needing to be removed on erasure as
 it meets the criteria for section f ("processing is necessary for the
 purposes of the legitimate interests") of the GDPR regulations. When
 dealing with invoices storage of that information is quite integral to the
 operation of the website and in many cases is required to achieve PCI
 compliance.

 So, in short, I don't see any privacy concerns by introducing this Notes
 field. A bonus would be including it in the export requests. And another
 bonus might be to indicate to admins that they should avoid placing PII
 into the field.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/1817#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list