[wp-trac] [WordPress Trac] #45889: Include Session Tokens as personal information in data exports and erasure (was: Include personal information from within the user_meta table in data exports)
WordPress Trac
noreply at wordpress.org
Thu Jan 17 21:08:11 UTC 2019
#45889: Include Session Tokens as personal information in data exports and erasure
-------------------------+-----------------------------
Reporter: lakenh | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: | Focuses: administration
-------------------------+-----------------------------
Changes (by garrett-eclipse):
* focuses: privacy => administration
* component: Users => Privacy
* version: 5.0.2 => 4.9.6
Old description:
> #44161 raised some concerns about if we missed any personal data when the
> personal information export was released. Upon further investigation, the
> core-privacy team found multiple places in the user_meta table that still
> contains information that we should include in exports.
>
> The currently known ones are the following:
> - Session Tokens: Contains IP address and user agent
> - Community Events: Contains IP address
>
> The scope of this ticket isn't about removing/anonymizing this
> information, instead just including it within the current user export and
> erasure tools.
New description:
#44161 raised some concerns about if we missed any personal data when the
personal information export was released. Upon further investigation, the
core-privacy team found multiple places in the user_meta table that still
contains information that we should include in exports.
The currently known ones are the following:
- Session Tokens: Contains IP address and user agent
- Community Events: Contains IP address
*Community Events data will be handled via #43921
The scope of this ticket isn't about removing/anonymizing this
information, instead just including it within the current user export and
erasure tools.
--
Comment:
As #43921 already exists with an existing patch we'll continue work for
the Community Events Location information through that ticket. As such
I've updated this ticket to change it's focus to be specific to Session
Tokens.
And to answer my question from previous [comment:2 garrett-eclipse]:
> One question I had about the use of IP in the Community Events is would
an anonymized IP be sufficient to geolocate an area to surface community
events from? If so we could avoid needing to include it in export and
erasure by anonymizing it prior to storing in the usermeta table which
would make it no longer PII. Just a thought.
*This was answered on the other ticket indicating that the IP address is
already partially anonymized as was indicated on this ticket comment;
https://core.trac.wordpress.org/ticket/40794#comment:22
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45889#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list