Time Nick Message 06:41 reiveune hello 06:47 alex_a bonjour 07:21 fridolin hi there 07:27 gaetan_B hello 08:09 ashimema mornin' 08:10 calire hi #koha 08:45 cait anyone ever seen patron creator templates that won't save? 08:45 cait and show a wrong list of printer profiles? 08:57 cait we figured out one of the printer profiles was borked... but not sure how it happened or wha 09:42 fridolin 72 ;) 09:42 ashimema ? 10:45 jenkins Project Koha_17.11_D8 build #67: FAILURE in 7 min 21 sec: https://jenkins.koha-community.org/job/Koha_17.11_D8/67/ 10:45 jenkins * gonzalez: Bug 20700: MARC21 add/update leader/007/008 codes (17.11.x version) 10:45 jenkins * Tomás Cohen Arazi: Bug 20745: koha-zebra doesn't return the correct error codes 10:45 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20700 trivial, P5 - low, ---, bgkriegel, Pushed to Stable , Update MARC21 leader/007/008 codes 10:45 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20745 major, P1 - high, ---, tomascohen, RESOLVED FIXED, indexing/searching not active at end of installation 10:46 jenkins Project Koha_17.11_D8 build #68: STILL FAILING in 1 min 1 sec: https://jenkins.koha-community.org/job/Koha_17.11_D8/68/ 10:54 marcelr hi #koha 11:09 * kidclamp waves 11:09 marcelr hi kidclamp 11:42 cait GDPR meeting in 20 minutes! 11:47 marcelr hi cait 11:48 cait hi marcelr 11:48 marcelr can attend 30 mins 11:49 cait we#ll try to make it quick 11:49 cait trying to get things sorted right now 11:49 marcelr bug 20819 11:49 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819 enhancement, P5 - low, ---, m.de.rooy, Needs Signoff , GDPR: Add a consent field for processing personal data in account menu and self-registration 11:49 marcelr feedback welcome 11:49 cait i was going to mention it 11:49 cait can you put alink on agenda? 11:49 marcelr ok 11:54 m23 hello to all GDPR fans :-) 11:54 cait marcelr: fixed the link 11:54 cait marcelr: there is a nice trick {{BZ|bugnumber}} - will automatically make it right 11:56 marcelr great; visit wiki not oftem enough 11:56 marcelr m n 11:59 cait get ready... starting the meeting :) 12:00 cait #startmeeting GDPR IRC meeting 9 July 2018 12:00 huginn Meeting started Mon Jul 9 12:00:03 2018 UTC. The chair is cait. Information about MeetBot at http://wiki.debian.org/MeetBot. 12:00 huginn Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 12:00 huginn The meeting name has been set to 'gdpr_irc_meeting_9_july_2018' 12:00 cait #topic Introductions 12:00 cait #info Katrin Fischer, BSZ, Germany 12:00 marcelr #info Marcel de Rooy, Rijksmuseum 12:00 cait please introduce yourself using #info! 12:00 talljoy #info Joy Nelson ByWater Solutions 12:00 greenjimll #info Jon Knight, Loughborough University 12:00 cait #link https://wiki.koha-community.org/wiki/GDPR_IRC_meeting_9_July_2018#Agenda Today's agenda 12:00 m23 #info Michal Denár, KohaCZ 12:00 cc_ #info Colin Campbell, PTFS-Europe 12:01 cait giving it another minute or so 12:01 anne-claire #info Anne-Claire Bernaudin, librarian, University Rennes 1, France 12:01 cait #topic Status update on planned developments and road map 12:02 cait #link https://wiki.koha-community.org/wiki/Improve_data_protection_and_patron_privacy Road map 12:02 cait maybe first some updates then move to the questions? 12:02 marcelr bug 20819 is in needs signoff 12:03 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819 enhancement, P5 - low, ---, m.de.rooy, Needs Signoff , GDPR: Add a consent field for processing personal data in account menu and self-registration 12:03 cait #info 12 - documentation about cookies used in Koha is done 12:03 cait #info there is also a cookie coding guidelines now, that says that developers have to update the documentation 12:03 cait i will update the table later 12:03 cait marcelr: do you have the number this is referring to? 12:04 marcelr i wrote it at the end of the table 12:04 cait i think it might fit with 13 12:04 marcelr but it touches a few points 12:04 ashimema #info Martin Renvoize - PTFS Europe 12:05 cait i can move it into the table later if you agree 12:05 marcelr yeah fine 12:05 marcelr it combines consent and account deletion request 12:05 cait ok, any other updates on the work underway? 12:05 cait oh that's interesting 12:05 cait because that was on my list 12:05 m23 What about add some new guidelines about private data into development gudelines? 12:06 cait m23 I think that would make a good next topic 12:06 m23 cait ok 12:06 cait #info bug 20819 deleing with patron self registration (consent) and patron deletion is ready for sign off 12:07 marcelr note that adding a deletion request and processing it are two things 12:07 marcelr this is the first part 12:07 cait but you can request one? 12:07 marcelr yeah 12:07 cait that's a good first step 12:07 marcelr you either give a consent or ask to delete your acoount 12:08 marcelr you cannot work without answering 12:08 cait any more updates to the table? 12:08 anne-claire In the table in the wiki page, I don't see anything about old_issues and statistics tables. They need to be anonmyized too, as old_reserves. 12:08 cait anne-claire: there are some entries 12:08 anne-claire Missed it, sorry 12:09 cait number 3 12:09 marcelr is anonimizing the borrower not enough? 12:09 cait and 7 i think 12:09 cait marcelr: at the moment we are not doing that 12:09 cait but it depends on how long you want to store data 12:09 cait there is actually no need to store issues data as logn as the patron exist 12:10 marcelr maybe statistical purposes 12:10 cait yeah, but then you can work with anonymized data too 12:10 cait the idea was to move patron category and age to the statistics table 12:10 cait to remove the need for the link with the patron 12:10 anne-claire For statistics, pseudnomymization would be a need 12:10 anne-claire To identify a single user 12:10 cait and borrowernumber could be removed after some time frame 12:10 cait ok, i will add a new topic then for coding guidelines? 12:11 greenjimll We'd need to be able to tie an old-issue down to the department that the user who made it was in for example, as part of our purchasing system. 12:11 cait where do you store department? 12:11 greenjimll In the attributes for the borrower. 12:11 cait hm 12:11 talljoy ack 12:11 cait maybe we'd need a way to map some data to statistics by configuration 12:12 cait let the library decide what we copy from the patron record 12:12 anne-claire cait: yes 12:12 talljoy have a 'free' field in statistics like sort1, sort2 ? 12:12 cait something like that 12:12 cait what do you think 12:12 cait ? 12:12 talljoy it allows for flexibility for sure 12:13 cait i can add the idea to 7 latr 12:13 drojf #info Mirko Tietgen, late 12:13 cait #topic Coding Guidelines for privacy 12:14 cait m23? 12:15 m23 We mabe should inspire by https://github.com/joomla-projects/privacy-framework 12:15 cait #link https://github.com/joomla-projects/privacy-framework 12:16 m23 Its integrated into core of Joomla, every new plugin, feature or code must corresponded into privacy framework. 12:16 cait #idea (from earlier) Add some columns to statistics that can be mapped to patron data by the library 12:16 m23 If some law change it can be easier to implement it into system 12:17 greenjimll I like the privacy of the Joomla version history: https://docs.joomla.org/Joomla_3.9_version_history 12:17 cait can you give an example? 12:17 cait hm empty for me? 12:17 talljoy me too 12:17 greenjimll Exactly. 12:17 greenjimll :-) 12:17 marcelr private :) 12:18 cait I think i don't understand 12:18 m23 if privacy data are in log, tables developrs know it and know how hadle this data 12:18 m23 all provate data are mapped 12:19 m23 its clear? 12:19 cait sorry, not yet 12:19 cait just hiding the information seems a bit like Security by obscurity to me 12:20 talljoy yes 12:20 cait security through obscurity (had to look it up) 12:20 talljoy i like that phrase cait! 12:20 greenjimll Not terribly obscure if its documented though. 12:20 cait but what exactly are we not seeing? 12:20 drojf nor secure 12:20 m23 we cant just hide private data, its agianst rules of GDPR 12:21 m23 we must be able to remove or anonymise them 12:21 marcelr m23: do you have specific suggestions for new coding guidelines ? 12:22 m23 marcelr Im not sure .... how specify it 12:22 cait hm maybe something like: don't add more data without a deletion/anonymization stretegy? 12:22 cait like if we added a message_queue again, we'd immediately also provide a script to delete the date/clean up 12:23 cait or... deal with what happens when the patron is deleted 12:23 cait we don't always do that cleanly in the codebase 12:23 marcelr cascaded deletes clean up a lot .. 12:23 cait for example the messages to patrons (the notes) are never cleaned, they remain linked to deletedborrowers 12:23 cait yep, but they are holes currently 12:23 marcelr ok 12:23 m23 every new functionality, plugin thaht hande privacy data must do it clear 12:23 cait so it might be worth giving it some thought implementing new features 12:24 greenjimll And should the method for making patron data anonymous be implemented in the Koha core modules, so that new additions can make use of these rather than reinventing the wheel? 12:24 m23 so first step is mapping privacy date in system/databese 12:24 cait #idea provide a way to clean up/anonymize data at the time of adding new features as well 12:25 m23 private data can be at easy identify tables, but hiden at logs, messages, etc. 12:25 cait #idea clean up/anonymize data when patron is deleted for new features/tables 12:25 cait we have a list of tables that have links to patron data 12:26 cait not sure if that would be helpful? 12:26 m23 cait, yes, it can help 12:26 cait there are also several cronjobs that can create logs containing patron information 12:26 cait maintaining the list is a bit... hard 12:26 m23 exactly 12:26 cait but i can try to put it on my to do list 12:26 cait an automatic way of documenting this might be nicer 12:26 m23 some kidn "privacy framework" can help in future 12:27 cait we have https://schema.koha-community.org for example 12:27 cait m23 i think it#s not clear from the page you linked how that works 12:27 cait the readme below is only about Joomla in general 12:27 clrh #info CLaire Hernandez, BibLibre (bad connection) 12:28 m23 Im not able now to find better info, I'll try 12:28 cait welcome clrh 12:28 drojf m23: do you work with joomla? could you give some more info on how the framework works? as cait said, the repository has no information about it 12:28 drojf in the readme at least 12:29 cait maybe we can discuss next time with some more info on the agenda? 12:29 cait i'd like to move on to the general discussion 12:29 greenjimll This may be more useful for Joomla GDPR support: https://data2.eu/en/gdpr-tips/146-joomla-gdpr-compliance 12:29 cait #link https://data2.eu/en/gdpr-tips/146-joomla-gdpr-compliance 12:29 m23 cait, OK, if I add some new better info about Joomla or similar solution, I'add link into wiki 12:30 cait thx m23 12:30 drojf link in german about joomla https://www.joomla.de/news/joomla/496-joomla-3-9-und-joomla-3-10-dsgvo 12:30 cait m23++ 12:30 cait #link https://www.joomla.de/news/joomla/496-joomla-3-9-und-joomla-3-10-dsgvo (German) 12:30 cait moving on 12:30 cait #topic General discussion 12:31 greenjimll Should I carry on waiting for REST APIs for bug 20028, or put some place holder code in to extract and generate some JSON data directly? 12:31 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20028 enhancement, P5 - low, ---, koha-bugs, NEW , Export all patron related personal data in one package 12:31 cait i think waiting for all rest apis needed might take too long 12:31 cait having something a little earlier might be good 12:31 greenjimll OK 12:31 cait what do others think? 12:32 m23 This feature in API can be very useful if library use for exaplet VuFind 12:32 greenjimll I can always do a first cut without the REST APIs and replace it with them when they arrive. 12:33 m23 Solution to provide personal data to download via user accout is very nice to users 12:33 cait i'd use rest api wherever possible 12:33 talljoy What data are you extracting? 12:33 cait but i think having it complete for what we need will take more than this year 12:34 cait talljoy: the rule is everything we store about a patron 12:34 talljoy demographic, fines, circ, old circ, reserves, etc... 12:34 cait has to be provided ina machine readable format 12:34 talljoy the whole kit and kaboodle eh. 12:34 cait for download 12:34 greenjimll It will have to (eventually) extract all information related to the borrower that we hold. 12:34 cait everything 12:34 cait reviews, tags, ... 12:34 m23 especially, issue history, reservation history, payments history ... 12:34 cait star ratings 12:34 talljoy that would be a messy csv, or multiple csvs yes? 12:34 cait we were thinking messy json 12:34 greenjimll I was thinking more JSON than CSV to be honest. 12:34 talljoy :D 12:35 ashimema Can one not already do that using reports 12:35 drojf star ratings … 12:35 greenjimll Should we change it from CSV to JSON in the wiki? 12:35 talljoy a better messy in json. agreed 12:35 m23 "in one package" can thing more packaes but from one point 12:36 cait i think coudl also be a zip file? 12:36 drojf a zip with a lot of files is a package 12:36 drojf heh 12:36 talljoy :D 12:36 cait i think reports would be hard because lots of unions 12:36 cait not easy to provide a big one 12:36 m23 zip are best for bigger files 12:36 talljoy would be an unwiedly report. 12:36 cait ashimema: do you have something developed maybe? 12:37 cait i think maybe we hsould not overthink it 12:37 cait but try to get something in place so we comply 12:37 cait and then refine 12:37 greenjimll OK, I'll make a start on extracting some data so there's something to test and build upon. 12:38 cait greenjimll++ 12:38 cait I think marcelr's development might be dealing with my 'request account deletion' 12:38 cait can you confirm marcel? 12:38 cait #info see bug 20819 for requesting account deletion 12:38 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819 enhancement, P5 - low, ---, m.de.rooy, Needs Signoff , GDPR: Add a consent field for processing personal data in account menu and self-registration 12:39 cait i think he said he only had half an hour 12:39 cait the other thing came up here in discussion about anonymizing automatically using the cronjobs 12:39 m23 What about some extension of current anonymisation tool? Like list of anonymised patrons, because some library must be able to finf paper contract to remove them after anonymise "digital" data in Koha. 12:39 cait a new patron registerts at the library, they fill out a form and sign it, it's stored, the patron expires, the automatic deletion happens after x months... the paper remains 12:40 cait m23: using the tool that works, but what about using the cronjob? 12:40 m23 Tool os betetr for this scenary insn!t it? 12:41 cait not sure, i think it's easy to forget 12:41 cait every manual process is 12:41 m23 Cronjob is good, but how list names that was/waill be anonymised? 12:41 cait #info What happens to registration forms when a patron is deleted automatically (expired since...) 12:42 cait yeah exactly 12:42 cait i was hoping someone could provide a good idea :) 12:43 talljoy sounds like the cron would need to have a 'report' option that could be emailed once it runs and anonymizes patrons 12:43 talljoy report containing the list of names so the library could remove paper contract? 12:43 m23 automatic way willl be better ... maybe Koha can send list by mailer, what do You think? 12:43 cait talljoy: emailing is not quite what we want... (privacy) but maybe a file that can be accessed 12:44 m23 yeah 12:44 talljoy again back to manual. 12:44 cait because you'd email patron names and cardnumbers i think... as a minnum 12:44 talljoy someone has to go get the file 12:44 greenjimll The UK ICO says that you need to keep consent forms: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/ 12:44 talljoy or automate another process to grab the file and move it somewhere else 12:44 cait yep - just email is not encrypted usually or signed 12:44 cait or at least that's harder to do 12:44 cait getting a file from the server might be easier in a safe way 12:45 cait hm something to think about :) 12:45 cait someone got something else? 12:45 m23 so tool can be other solutio :-) 12:46 m23 wit caledar reminder :-) 12:46 cait #idea add a tool to remind of tasks regularly (like anonymizing data) 12:46 m23 cait great! 12:47 anne-claire great idea, a reminder ! 12:47 talljoy that's what google calendar is for. 12:47 cait talljoy: you are killing our fun :) 12:47 talljoy heh 12:47 cait maybe repariing the scheduler could already hlep 12:47 m23 and extend anon toll with list of patrons to view/download 12:47 talljoy NOW there is a good idead Cait! 12:47 cait #info idea repair the scheduler! 12:47 talljoy m23 yes! 12:48 cait hm i am getting confused with infos and ideas 12:48 cait maybe time to end the meeting? 12:48 m23 :-) 12:48 cait we'll have a poll about the next data again i think if noone is opposed? 12:48 talljoy add m23 idea about the tool providing a preview 12:48 cait oh yes 12:49 cait #idea Provide a review of patrons to delete or a list of patrons deleted when running the patron deletion/anonymizing tool 12:49 cait hope that made sense 12:49 cait hm review preview... 12:49 cait gah. 12:49 cait #idea review = preview 12:50 cait ending in a minute or so if nothing else comes up 12:50 m23 thanks for debate :-) 12:50 cait thx all for attending! 12:50 greenjimll In bug 20819 do we store the consent form they consented to? 12:50 huginn Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819 enhancement, P5 - low, ---, m.de.rooy, Needs Signoff , GDPR: Add a consent field for processing personal data in account menu and self-registration 12:51 cait i think marcelr is no longer around 12:51 cait maybe leave him a later? 12:51 greenjimll OK 12:51 cait or comment on the bug 12:51 cait might be more efficient 12:51 talljoy thanks cait! good meeting. til next time. 12:51 cait #endmeeting 12:51 huginn Meeting ended Mon Jul 9 12:51:23 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) 12:51 huginn Minutes: http://meetings.koha-community.org/2018/gdpr_irc_meeting_9_july_2018.2018-07-09-12.00.html 12:51 huginn Minutes (text): http://meetings.koha-community.org/2018/gdpr_irc_meeting_9_july_2018.2018-07-09-12.00.txt 12:51 huginn Log: http://meetings.koha-community.org/2018/gdpr_irc_meeting_9_july_2018.2018-07-09-12.00.log.html 12:51 drojf cait++ 12:51 m23 bye 12:53 * LeeJ waves 12:53 LeeJ hi #koha 12:53 talljoy hi leej 12:54 LeeJ hi talljoy! 12:56 clrh thnals cait and sorry, train is not a good way to follow the meeting, I will re-read everythnging soon 12:56 greenjimll Thanks cait! 14:58 epinky I'm having trouble enable ldap authentication in Koha 18.05, I don't see any errors in /var/log/koha/library/opac-error.log I have followed this tuto https://bywatersolutions.com/2012/07/09/koha-ldap/ can anyone help? 15:04 cait yay - elasticsearch bugs pqa :D 15:04 cait epinky: sorry, not experienced with ldap 15:04 cait maybe try the mailing list if you don't catch an expert here 15:04 reiveune bye 15:04 cait it's end of work day in europe, maybe tomorrow or later tonight would be better 15:05 epinky cait: will wait , I really need this 15:10 cait did you have it working in annother version of koha? 15:12 epinky cait: nope 15:14 cait this might be helpful, it#s newer 15:14 cait https://koha-community.org/manual/18.05/en/html/apis_protocols.html#ldap 15:15 epinky cait: thank you, have followed it, however no log about login attempts is written 15:16 epinky cait: do you know how to troubleshoot if no logs appear? 15:21 cait there is a section about touble shooting 15:21 cait apart from that i don't know 15:21 cait maybe th wiki? has some mor info 15:21 cait wiki? 15:21 cait hm, bot is not here 15:21 cait https://wiki.koha-community.org/wiki/Main_Page 17:57 * cait sighs finding more emails in the 'almost spam' directory 17:58 * LeeJ can relate to cait 17:59 cait got confused on the mailing list... just ignore me 19:21 LeeJ @later tell khall no dice on the restart :( 19:21 huginn LeeJ: The operation succeeded. 20:26 epinky anyone can help me with ldap 20:26 epinky ? 20:27 epinky I cnanot make it work with koha