Heritage Operations Processing System
Minor updates and code changes occur every day. Only significant or noteworthy updates are shown here. Updates shown with a gold background are (or were at the time) only available to organisations subscribing to the Support Licence Scheme.

Search:


Updates that have been programmed and will be incorporated into HOPS shortly.

Time Date
User
System Updates
(Update 568 in Progress)
Danny Scroggins
CONSULTATION 4 - Removal of some user-settable privacy settings.

14 March 2019

At present the ability to view personal contact information in HOPS is governed by two things: permissions and user-settings.

A user can view the main user list with permission 067 (view), but it will only contain a list of names and no contact information unless the user viewing also has 091 (view ADMIN) or 153 (view Telephone ADMIN) OR the user being viewed in the list has reduced their privacy settings down to 'low'.

Similarly, a user can view a department contact list with permission 028 (view), but it will only contain a list of names and no contact information unless the user viewing also has 090 (view ADMIN) or 154 (view Telephone ADMIN) OR the user being viewed in the list has reduced their privacy settings down to 'medium'.

Those in the organisation with a business need to see the contact information will have been given permission to do so, in which case the setting of the user makes no difference. The setting by the user only makes a difference if the view DOESN'T have permission themselves.

Currently these user-settable privacy levels apply to:

- Postal address
- Email addresses (individually per email address)
- Telephone numbers (individually per telephone number)

They can be set to:

- Top (visible only to those with an Admin permission)
- Medium (visible also to those in the same departments as me)
- Low (visible also to those at the same organisation as me)

There is never crossover between organisations.

NOTE. Although this is an example of 'consent' under GDPR, this is not the user giving consent for the data to be stored, this is the user giving consent for it to be shared to those with no business need.

It is proposed to remove these settings from Postal Address and Email Addresses. They would be retained on telephone numbers.

On the elements of contact information from which they are removed they would essentially always be 'top', ie, only visible to those with permission (ie a business need to see them). The ability for a user to voluntarily share their postal address or email addresses with other users would be removed.

The rationale is that the need for users to share their postal addresses or email addresses beyond those who have a business need has reduced enormously over the last ten years.
Postal contact by other than those with a business need is extremely rare, and sharing of email addresses is not massively necessary with the existence of HOPS-Comms.

This also reduces a GDPR burden on client organisations in managing the storage of users' email addresses on other users' machines. If two users wish to exchange emails with each other outside of the business need they can contact each other in the first instance via HOPS-Comms and request the others' email address. That is then a private matter between those two users and not the GDPR concern of the organisation.

Telephone numbers would retain the user-privacy setting option as it is recognised that telephone contact between users is sometimes necessary (for swapping of turns etc), and although this would count as a business need, it probably isn't justification for the organisation sharing the phone numbers of everyone in the department for that reason.

Finally, the functionality is complex for HOPS to maintain and reducing this complexity is in everyone's interest.

These proposed changes should not affect the client organisations, as everyone that the client organisation requires to have access to this information will already be obtaining it by permission.

Comments are welcome until 14 April 2019.
(Update 565 in Progress)
Danny Scroggins
* CONSULTATION 3 *

DATA RETENTION AND DELETION

13 March 2019

The time has come to discuss the policy on data retention and deletion in HOPS.

Up to now HOPS has generally been considered not old enough to be storing data for which there was no outstanding legal basis on which to store it, but as HOPS is now nearly ten years old that is no longer the case.

Please see the proposed retention periods in this document: http://www.heritage-ops.org.uk/public_docs/HOPS_Data_Retention.pdf
(Update 555 in Progress)
Danny Scroggins
* CONSULTATION 1 *

It is proposed to change the name of 'Positions' in HOPS to 'Roles'.

It is felt that this better-describes the 'job that a person does' and a 'thing that is rostered to' than 'position'.

At the moment someone is "made competent in a position". They could, in future, be "made competent in a role".

The competence profile, for example, would then show:
Competences:
Name | Role | Grade/Level
Danny | Signalman | Level 2.

NO change is proposed to how the system functions in respect of positions or competences, just the name of this component of the system. Competence Elements could still be interlocked with Competences in the usual way.

Initial informal collecting of views has shown a positive response. Further comments and views are welcome, please send these to Danny Scroggins.

This consultation is open for views from HOPS Admins until 15 March 2019 after which a decision will be made based on the feedback received.

---

NOTE.

In some discussions with HOPS Admins it has been discussed that the word 'roles' should instead replace the word 'competences'.

This has some merit:

- It removes from HOPS the word 'Competences' from HOPS, which frequently causes confusion with the phrase 'Competence Elements'. We would then have 'positions' (list of jobs), 'roles' (that people have been given in positions) and 'competence elements' [the word 'elements' could subsequently be dropped if required].

- Instead of people "made competent in a position" as at present, or "made competent in a role" as proposed above, a person would be "given a role in a position". All of these mean the same thing mechanically, it's just what we call the components.

- The list of jobs would still be called 'positions', but the attributing of people to these jobs would be the roles, where we currently use the word 'competence'.

The competence profile, for example, would then show:

Roles:
Name | Position | Grade/Level
Danny | Signalman | Level 2.

---

Even if 'positions' did become 'roles', which possibly more directly maps than 'competences' becoming 'roles', it would be ideal if a new word could be thought of instead of 'competence' (Appointments?).

This would be useful because it would remove the confusion between Competences and Competence Elements. It would also recognise that most competences aren't managed in the competences section any more, they're managed in the elements, and the competences section has really just become a place for recording appointments.

'Appointments' is the only word that springs to mind, but that has been universally not liked! Suggestions welcome....