HOPS


Minor updates and code changes occur every day. Only significant or noteworthy updates are shown here. Updates shown with a gold background are (or were at the time) only available to Advanced HOPS members.

Search:


Updates that have been programmed and will be incorporated into HOPS shortly.

Time DateSystem Updates
(Update 568 in Progress)
CONSULTATION 4 - Removal of some user-settable privacy settings.

14 March 2019

At present the ability to view personal contact information in HOPS is governed by two things: permissions and user-settings.

A user can view the main user list with permission 067 (view), but it will only contain a list of names and no contact information unless the user viewing also has 091 (view ADMIN) or 153 (view Telephone ADMIN) OR the user being viewed in the list has reduced their privacy settings down to 'low'.

Similarly, a user can view a department contact list with permission 028 (view), but it will only contain a list of names and no contact information unless the user viewing also has 090 (view ADMIN) or 154 (view Telephone ADMIN) OR the user being viewed in the list has reduced their privacy settings down to 'medium'.

Those in the organisation with a business need to see the contact information will have been given permission to do so, in which case the setting of the user makes no difference. The setting by the user only makes a difference if the view DOESN'T have permission themselves.

Currently these user-settable privacy levels apply to:

- Postal address
- Email addresses (individually per email address)
- Telephone numbers (individually per telephone number)

They can be set to:

- Top (visible only to those with an Admin permission)
- Medium (visible also to those in the same departments as me)
- Low (visible also to those at the same organisation as me)

There is never crossover between organisations.

NOTE. Although this is an example of 'consent' under GDPR, this is not the user giving consent for the data to be stored, this is the user giving consent for it to be shared to those with no business need.

It is proposed to remove these settings from Postal Address and Email Addresses. They would be retained on telephone numbers.

On the elements of contact information from which they are removed they would essentially always be 'top', ie, only visible to those with permission (ie a business need to see them). The ability for a user to voluntarily share their postal address or email addresses with other users would be removed.

The rationale is that the need for users to share their postal addresses or email addresses beyond those who have a business need has reduced enormously over the last ten years.
Postal contact by other than those with a business need is extremely rare, and sharing of email addresses is not massively necessary with the existence of HOPS-Comms.

This also reduces a GDPR burden on client organisations in managing the storage of users' email addresses on other users' machines. If two users wish to exchange emails with each other outside of the business need they can contact each other in the first instance via HOPS-Comms and request the others' email address. That is then a private matter between those two users and not the GDPR concern of the organisation.

Telephone numbers would retain the user-privacy setting option as it is recognised that telephone contact between users is sometimes necessary (for swapping of turns etc), and although this would count as a business need, it probably isn't justification for the organisation sharing the phone numbers of everyone in the department for that reason.

Finally, the functionality is complex for HOPS to maintain and reducing this complexity is in everyone's interest.

These proposed changes should not affect the client organisations, as everyone that the client organisation requires to have access to this information will already be obtaining it by permission.

Comments are welcome until 14 April 2019.