[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Data protection and the user table

Hi, I've realised we might have a (minor) data protection issue with 
EPrints. Don't panic! This is a result of how we use it, not the 
software iteself.

Every day we update the "users" table from our central users database. 
However we don't *delete* people when they leave the central database, 
even if they've got zero papers in the system. We do set a boolean field 
called "active" to FALSE, but that's probably not good enough.

I've not put much thought into this yet, but it seems like good practice 
would be to also set a "inactive since" datestamp field and then have a 
script similar to life-embargos which clears out their record and any 
old "inbox" items.. however there may be an operational need to keep 
track of who deposited a record indefinitely.

This isn't an issue just for EPrints, but for any system with user 
accounts created from an external source.

Christopher Gutteridge -- http://users.ecs.soton.ac.uk/cjg

University of Southampton Open Data Service: http://data.southampton.ac.uk/
You should read our Web & Data Innovation blog: http://blogs.ecs.soton.ac.uk/webteam/