Contrib.social

Contact storage GDPR compliance (munging/deleting data from messages)

Open on Drupal.org β†’
Created on 16 May 2018, about 6 years ago
Updated 22 June 2024, 3 days ago

Problem/Motivation

There are some potential improvements we could make to improve handling personally identifiable information, especially in light of GDPR.

For use on a live site:

  • Have an option to purge submissions after a configurable amount of time.
  • Inform (and potentially request acknowledgement from) users that it's being stored, why, how long, etc.

And for development it would be nice if drush sql:sanitize would remove any traces of PII from contact messages.

Steps to reproduce

(Detailed instructions on how to reproduce the issue, including exact versions used, specific paths to visit, what actions to take, etc.)

Proposed resolution

  • Add drush sql:sanitize integration.
  • What else?!

Remaining tasks

  • Split this into multiple tickets?
  • Decide if drush sql:sanitize should munge data or just truncate tables.

Original report by plato1123

We have a contact from that is using contact storage to (I believe) redirecting emails to various sub-departments after the message is submitted (using the Custom redirect path after submitting messages) functionality. I believe this is how our contact form is set up although I was not the one who set up the contact form and the staffers that did so are no longer with our company. I wonder how GDPR plays into this, do we need a way to automatically purge these saved messages, perhaps via CRON or via customer request? We're waiting for our legal department to get back to us on what is required for our site, but as we have a significant presence in some EU countries we expect we'll have to adhere to the strictest interpretation of the GDPR requirements. Sorry if this inquiry is vague, but has there been any thought or planning into making this module comply with GDPR? Any insight that you can offer on what we might need to do on our end? I understand that at the very least we will need to be able to scrub a specific user's contact form inquiry from the contact storage list should the user request it. Is there any way to do that, search by email and remove that entry? It doesn't look like at present we can even order by email address, let alone search for a specific one someone has asked us to remove. Thoughts? ideas?

Thanks so much for your great module!!!
Patrick

✨ Feature request
Status

Needs work

Version

1.0

Component

Miscellaneous

Created by

πŸ‡ΊπŸ‡ΈUnited States plato1123

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 9.5.x + Environment: PHP 7.3 & MySQL 5.7
    last update 2 months ago
    8 pass
  • Comment 2 months ago β†’
    Defcon0

    Don't know whether it would be better to create a new issue for this, but I created a simple cron in the module for deleting messages older than 30 days as a cron.

  • Status changed to Needs work 3 days ago
  • Comment 3 days ago β†’
    πŸ‡¨πŸ‡­Switzerland Berdir Switzerland

    Both features make sense, but they are for different if equally different use cases. They should either be combined into a single MR or one should be split into a separate MR. The cron hook would definitely need a setting to enable this and set the desired timeframe for deletion.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024