[wp-trac] [WordPress Trac] #48794: Feature Request - Is PII? for User Meta

WordPress Trac noreply at wordpress.org
Wed Nov 27 17:25:58 UTC 2019 

#48794: Feature Request - Is PII? for User Meta
-----------------------------+------------------------------
 Reporter:  bhubbard         |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Users            |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:  privacy
-----------------------------+------------------------------

Comment (by garrett-eclipse):

 Thanks for the concept, I think in general it would be a very helpful idea
 to help plugins and site owners with understanding what information is
 PII.

 For back-compat and to allow the update to function on existing user_meta
 without needing to update the table or all entries with another column I
 wonder if the approach could be done using a new table `user_privacy`
 which would be a mapping of the `user_meta` key so one entry setting say
 `first_name` to `is_pii` would cover all `user_meta` entries with that
 key.

 This would allow core, plugins and custom code to indicate which
 `user_meta` fields and which `users` columns are considered PII without
 having to change the `user_meta` table or `add_user_meta` signatures. A
 new function to register the user meta or column could look like
 `register_user_privacy( string $meta_key/$column_key, boolean $type {0 =
 column, 1 = meta}, boolean $is_pii );` and a function for retrieving
 privacy state could look like `function is_pii( string
 $meta_key/$column_key, boolean $type {0 = column, 1 = meta} );` so when
 handling user meta it's key can be used to determine if it's considered
 PII or not.

 By isolating this outside of the `user_meta` table we can have it not only
 cover `user_meta` but also columns from the user table as well. It also
 allows something like this to be built as a feature plugin for
 experimentation before merge proposal to core.

 Thoughts?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48794#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list