[wp-trac] [WordPress Trac] #44222: GDPR - Add Archive state to erasure requests

Fri May 25 06:34:37 UTC 2018

#44222: GDPR - Add Archive state to erasure requests
-----------------------------+-----------------------------
 Reporter:  garrett-eclipse  |      Owner:  (none)
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Privacy          |    Version:  trunk
 Severity:  normal           |   Keywords:
  Focuses:  administration   |
-----------------------------+-----------------------------
 Hello,

 A suggestion for v2 of GDPR is to add an archive/trash state and list view
 to erasure requests.

 Currently, the last state/phase in the erasure process is 'Completed' with
 the 'Next Steps' action being 'Remove request'.

 This automatically prompts the admin to remove and clear the deck. In many
 if not most cases though the site holds backups which upon site failure
 will be used to restore the site/content and thus the users PII data.
 Under GDPR my understanding is the admin is required to re-remove the
 users data.

 Backups are partially safe with GDPR because they are required for site
 security/integrity, but under retention can only be kept for a reasonable
 timeframe.

 So I was thinking a way to safeguard admins would be to introduce a
 trash/archive which would have the action for Completed be 'Archive'
 instead of 'Remove'. This would place the request in the trash and remove
 from the 'All' view to reduce the clutter. On a new Trash view you're find
 these requests with the ability to delete permanently.

 And I think I heard something about privacy settings at some point in
 slack which could allow a retention period setting for these archives be
 set and a cron to auto-remove. So admins would be able to have their
 database retention and erasure archive retention periods basically match.
 This would enable them to use the archive list, export it possible, and
 use it to re-remove users upon database restore.

 Most of it is up to the admin to disclose their backup policy and how
 they'll re-remove users but would definitely help safeguard them from
 losing requests by running through the workflow too quickly.

 Hope that mostly makes sense, mainly just wanted the idea out there.

 All the best,
 *Note: Most of this is to 'my understanding' so I defer to those more
 versed in the new regulations.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44222>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform