Note: You are currently viewing documentation for Moodle 3.6. Up-to-date documentation for the latest stable version of Moodle is likely available here: Data privacy.

Data privacy: Difference between revisions

From MoodleDocs
m (→‎See also: link edits)
m (removing new feature template)
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Infobox plugin
{{GDPR}}
|type = Admin tools
The Data privacy functionality provides the workflow for users to submit a data request (also known as a subject access request or SAR) and for the site administrator or privacy officer to process these requests.
|entry = https://moodle.org/plugins/tool_dataprivacy
|tracker = https://tracker.moodle.org/issues/?jql=component%20%3D%20Privacy
|discussion =
|maintainer = Moodle HQ
}}


The Data privacy plugin provides the workflow for users to submit subject access requests and for the site administrator or Data Protection Officer (DPO) to process these requests.
==Privacy officer role==


The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 or later and will be integrated in the Moodle 3.5 release in May 2018.
It is recommended that you create a [[Privacy officer role]] and assign it to the person responsible. If there is nobody on the site with the role of privacy officer i.e. nobody with the capability to manage data requests, then a site admin can respond to data requests and manage the data registry.
 
 
==Data Protection Officer role==
 
After installing the data privacy plugin, the first thing to do is to create a [[Data Protection Officer role]] and assign it.


==Data requests==
==Data requests==
[[File:requesting data.png|thumb|Requesting data]]
[[File:requesting data.png|thumb|Requesting data]]
Any user can send a message to the Data Protection Officer via the 'Contact Data Protection Officer' link on their profile page.  
Any user can send a message to the privacy officer via the 'Contact the privacy officer' link on their profile page.  


In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:
In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:
Line 27: Line 17:
# Save changes.
# Save changes.
[[File:Request approved.png|thumb|Request approved]]
[[File:Request approved.png|thumb|Request approved]]
The DPO will then receive a data request notification.
The privacy officer will then receive a data request notification.


If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page.
If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page. In Moodle 3.5.2 onwards, the user has by default one week to download their data before the download link expires. (An administrator can set a different expiry time for the data request in 'Privacy settings' in the Site administration.)


If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.
If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.
Line 35: Line 25:
==Responding to data requests==
==Responding to data requests==
[[File:viewing a data request.png|thumb|Viewing a data request]]
[[File:viewing a data request.png|thumb|Viewing a data request]]
The DPO can respond to data requests as follows:
The privacy officer can respond to data requests as follows:


# Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
# Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
# In the Actions dropdown, select View, Approve, or Deny as appropriate.
# In the Actions dropdown, select View, Approve, or Deny as appropriate.
If the user has sent a message, the privacy officer can view the message and copy the user's email address, then reply via email. In Moodle 3.5.2 onwards, after replying they can mark it as complete.
==Data deletion==
When a user's data is deleted, any forum posts are blanked and replaced with a sentence stating that the post has been removed. However, if the user started any discussions, their name is currently still shown on the forum page (MDL-62865).
==Allowing only the privacy officer to download data==
In Moodle 3.5.2 onwards, organisations with multiple systems and a centralised request process can prevent users from downloading their own data and instead enable a privacy officer to download it for them.
# Go to 'Define roles' in the Site administration.
# For the authenticated user role unset the capability [[Capabilities/tool/dataprivacy:downloadownrequest|Download your own exported data]] and save changes.
# For the privacy officer role allow the capability [[Capabilities/tool/dataprivacy:downloadallrequests|Download exported data for everyone]]  and save changes.
The privacy officer can then make a data request on behalf of a user (via 'Data requests' in the Site administration), approve it and later download it via the Actions dropdown menu. In this situation, the privacy officer will receive notification messages and NOT the user.


==Data registry==
==Data registry==
[[File:data registry.png|thumb|Data registry]]
[[File:data registry.png|thumb|Data registry]]
The DPO can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry.  
The privacy officer can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry.
 
A default purpose and retention period may be set for course categories, courses, activity modules and blocks. The retention period is measured from the course end date for the course that an activity is in. For a user it is from the last login time for any user who is no longer enrolled (or has already been deleted).


A default purpose and retention period may be set for course categories, courses, activity modules and blocks.
===Example categories===
 
* Administrative: Civil status, identity, identification data, images …
* Personal life (lifestyle, family situation, etc.)
* Economic and financial information (income, financial situation, tax situation, etc.)
* Connection data (IP address, logs, etc.)
* Educational Data (Assessed Coursework, exam scripts etc)
* Records of Education Attainment (Results of exams, assessments, qualifications awarded etc)
* Location data (travel, GPS data, GSM, etc.)
 
===Data registry set-up===


To add purposes and categories:
To add purposes and categories:
Line 67: Line 85:
* [[Capabilities/tool/dataprivacy:managedatarequests|Manage data requests]]
* [[Capabilities/tool/dataprivacy:managedatarequests|Manage data requests]]
* [[Capabilities/tool/dataprivacy:makedatarequestsforchildren|Make data requests for children]]
* [[Capabilities/tool/dataprivacy:makedatarequestsforchildren|Make data requests for children]]
 
* [[Capabilities/tool/dataprivacy:downloadallrequests|Download exported data for everyone]] (new in 3.5.2)
==See also==
* [[Capabilities/tool/dataprivacy:downloadownrequest|Download your own exported data]] (new in 3.5.2)
 
* [[GDPR for administrators (Moodle 3.4.2+)]]
* [https://gdprdemo.moodle.net/ Moodle GDPR sandbox demo site] for exploring all the [[Policies plugin]] and Data privacy plugin functionality


[[Category: Privacy]]
[[Category: Privacy]]


[[es:Plugin de privacidad de datos]]
[[es:Plugin de privacidad de datos]]
[[de:Schutz persönlicher Daten]]
[[de:Datenschutz-Plugin]]

Latest revision as of 14:56, 6 November 2018

The Data privacy functionality provides the workflow for users to submit a data request (also known as a subject access request or SAR) and for the site administrator or privacy officer to process these requests.

Privacy officer role

It is recommended that you create a Privacy officer role and assign it to the person responsible. If there is nobody on the site with the role of privacy officer i.e. nobody with the capability to manage data requests, then a site admin can respond to data requests and manage the data registry.

Data requests

Requesting data

Any user can send a message to the privacy officer via the 'Contact the privacy officer' link on their profile page.

In addition, they can request a copy of all of their personal data or request that their personal data should be deleted as follows:

  1. Go to your profile page (via the user menu).
  2. Click the link 'Data requests' then click the 'New request' button.
  3. Select 'Export all of my personal data' or 'Delete all of my personal data' as appropriate.
  4. Save changes.
Request approved

The privacy officer will then receive a data request notification.

If the user has requested a copy of all of their personal data, once the request is approved, they will receive a notification to inform them that their personal data may be downloaded from their Data requests page. In Moodle 3.5.2 onwards, the user has by default one week to download their data before the download link expires. (An administrator can set a different expiry time for the data request in 'Privacy settings' in the Site administration.)

If the user has requested that their personal data should be deleted, once the request is approved, they will receive an email to inform them and they will no longer be able to log in to the site.

Responding to data requests

Viewing a data request

The privacy officer can respond to data requests as follows:

  1. Go to 'Data requests' in the Site administration (or follow the link in the data request notification).
  2. In the Actions dropdown, select View, Approve, or Deny as appropriate.

If the user has sent a message, the privacy officer can view the message and copy the user's email address, then reply via email. In Moodle 3.5.2 onwards, after replying they can mark it as complete.

Data deletion

When a user's data is deleted, any forum posts are blanked and replaced with a sentence stating that the post has been removed. However, if the user started any discussions, their name is currently still shown on the forum page (MDL-62865).

Allowing only the privacy officer to download data

In Moodle 3.5.2 onwards, organisations with multiple systems and a centralised request process can prevent users from downloading their own data and instead enable a privacy officer to download it for them.

  1. Go to 'Define roles' in the Site administration.
  2. For the authenticated user role unset the capability Download your own exported data and save changes.
  3. For the privacy officer role allow the capability Download exported data for everyone and save changes.

The privacy officer can then make a data request on behalf of a user (via 'Data requests' in the Site administration), approve it and later download it via the Actions dropdown menu. In this situation, the privacy officer will receive notification messages and NOT the user.

Data registry

Data registry

The privacy officer can set purposes (why the organisation is processing data) with retention periods and categories for data stored in Moodle in the data registry.

A default purpose and retention period may be set for course categories, courses, activity modules and blocks. The retention period is measured from the course end date for the course that an activity is in. For a user it is from the last login time for any user who is no longer enrolled (or has already been deleted).

Example categories

  • Administrative: Civil status, identity, identification data, images …
  • Personal life (lifestyle, family situation, etc.)
  • Economic and financial information (income, financial situation, tax situation, etc.)
  • Connection data (IP address, logs, etc.)
  • Educational Data (Assessed Coursework, exam scripts etc)
  • Records of Education Attainment (Results of exams, assessments, qualifications awarded etc)
  • Location data (travel, GPS data, GSM, etc.)

Data registry set-up

To add purposes and categories:

  1. Go to 'Data registry' in the Site administration.
  2. In the Edit menu select Categories.
  3. On the 'Edit categories' page, click the + button to add a new category.
  4. Enter a category name and description then click the Save button.
  5. Go to 'Data registry' again and in the Edit menu select Purposes.
  6. On the 'Edit purposes' page, click the + button to add a new purpose.
  7. Enter a purpose name, description and retention period then click the Save button.

To set default categories and purposes:

  1. In 'Data registry' in the Site administration click the 'Set defaults' button.
  2. Select a default category and purpose for the site, and for users, course categories, courses, activity modules and blocks as required.
  3. Save changes.

Capabilities