Rob Orland
Historic Coventry |
1 of 21
Thu 29th Mar 2018 9:48pm
Good evening folks!
A good friend recently drew my attention to the significant law that will come into place on the 25th May this year. Officially it's called the "General Data Protection Regulation" (GDPR), and it's designed to help everyone keep their personal information safe online. Although this forum is not a commercial website, the rules will still apply to me, and I'll need to provide you all with proof and reassurance that I can keep your data safe and, if requested, can delete anything you ask me to.
In the case of this forum there isn't as much to worry about as some other sites, because there's nothing financial involved, so any data that could be vulnerable would have a relatively small impact on the individual. However, I thought I'd get the ball rolling and start a discussion here, because I'm not any kind of expert regarding the law, and I'm happy to take advice from any of you that might be able to offer help and suggestions.
First of all, I'll list here the information that my forum database stores on each of you....
Username:
This can be anything you choose, so does not need to be personally sensitive and may be changed at any time.
Password:
This is "one-way encrypted" and cannot be decrypted by anybody. Even I, with full access to the database, am completely unable to decrypt any of your passwords, hence the reason for you needing to reset it if forgotten. Here is an example of a password - 29fa5d948f39aa8uc82891fa93se6a5be382f3b2
The original might only be a few characters long in reality, but the encryption algorithm makes the stored string much longer.
Location:
Again, this can be a vague as you like and is unlikely to be sensitive.
Email address:
Although this can be decoded as part of the administration of this forum, the storage of your email address on the database is encoded in several stages and, I hope, is not possible to be used by anyone with ill intent if they somehow get stolen. Below is an example of an encoded email address - a free breakfast for anyone who is able to work it out! (And no, it's not mine!)
PT1RYnZObUxrRldab2RXYWlCMGNuOUdiakpYWjJWR2JqVm1idlJHYnNWMmQ
Any member, once logged in and active, may delete their own email address if desired. This, however, is risky, because if you subsequently forget your password then you'll have no means of retrieving it !
IP Address:
These are only stored to help with some of the "niceties" of the forum. i.e. if you enter an incorrect username when logging in, your IP address is compared to the database entry and is used to show you a reminder of which username you probably last used. IP addresses can be dynamic and change regularly, which can render this feature useless, but it's there to help if possible none-the-less.
Not very much can be discerned from your IP address - mainly the location of your internet provider, and possibly your hometown, but any of you who are worried about it being stored in the database can let me know and I can see about removing it. It's not publicly visible, though.
I welcome your thoughts on how I can make anything safer, or how best to present the information about your data. |
News, Media and Current Affairs - Data Protection Act 2018 | |
mcsporran
Coventry & Cebu |
2 of 21
Fri 30th Mar 2018 2:50am
After the discovery of the Spectre and Meltdown vulnerabilities in December, no current computers with Intel, AMD or ARM processors are immune from hacking and this will remain the case until redesigned versions are available sometime later this year. Windows, Linux, Android, MacOS, iOS and Chrome are all affected. However it is unlikely anyone would expend any effort on attacking a computer with no potential of financial reward. |
News, Media and Current Affairs - Data Protection Act 2018 | |
Helen F
Warrington |
3 of 21
Mon 2nd Apr 2018 9:29pm
I've known for a while that internet security was going to be a nightmare. To avoid trouble I have several strategies. I have multiple emails and use them for different levels of security. They have different passwords and different logins. The passwords and names aren't the same for different sites. I try (not always successfully) not to give too much away about my movements. I don't have a Facebook page because it's too easy to give information to strangers who might use it to make me vulnerable to plots. Amusingly the email I use for this site has almost no spam, even though I use it for all sorts of amateur sites. So Rob and the others are doing something right. One my shopping emails is littered with all sorts of sinister junk. Shops aren't your best security friend.
Might those who use their full name, want to edit them to aid you in keeping people's details secure? ie if people can't be easily identifed with a real person then it's harder for their details to be hacked. A little difficult for those looking for family members to avoid listing their family connections but perhaps we could come up with a way to protect people from revealing too much?
|
News, Media and Current Affairs - Data Protection Act 2018 | |
Rob Orland
Historic Coventry Thread starter
|
4 of 21
Tue 3rd Apr 2018 7:21pm
Thanks Helen, some more good points there. At least the small amount of information held by this site makes it relatively easy to administrate, and is also controllable by each individual member. Additionally, if anyone is sensitive about being contacted by others, then every member is able, via their profile, to switch off their "private contact" availability.
Just a thought on that actually, which has just crossed my mind (and fortunately stopped halfway - it usually keeps going and disappears!).... part of the new data protection act states that any "contact me" choices should default to "No", leaving the individual to positively select to be contacted.
To that end, I've just this minute changed the registration page's default to "No" for new members registering.... but does anyone here think that as an extension of that, I ought to do a mass "switch off" of all contact buttons for all members - and then let you all take the conscious decision to switch back on again in your profiles if desired? That would, at least, be making me comply with the new law - as I read it, anyway! Question |
News, Media and Current Affairs - Data Protection Act 2018 | |
Helen F
Warrington |
5 of 21
Wed 4th Apr 2018 10:50am
Hmmm. There are arguments for and against. I can see an issue with people discovering old posts and responding to the original poster by message eg 'your aunty Doreen was a friend of mine' sort of thing. Potentially the poster might want to hear from the person or, if the post was 5 years ago and they haven't posted since, they might be unsettled by a mail message out of the blue. I'm getting messages from old sites to see if I'm still interested and other sites are deleting accounts through inactivity. Is it worth turning off the off site messaging but sending an email to the effect that if they want to be contacted they need to change the setting personally. Since I've not changed the settings, does the system allow messages to just be delivered to the site mailbox or do they always copy to the member's email too? If it was possible to just put a mail message in a member's site box, then people could leave a message and they might read it if they ever log in again?
Another possibility is to inactivate accounts unused for x years? I know that I wonder about all the things my Dad signed up to that are now flapping around without an owner. A bit weird. It would be good to keep the information and pictures people left but the links to old emails/departed members is unsuitable.
|
News, Media and Current Affairs - Data Protection Act 2018 | |
Rob Orland
Historic Coventry Thread starter
|
6 of 21
Wed 4th Apr 2018 1:30pm
Once again you make some great points Helen, and I fully agree with your reasoning. You see, I just knew we had members that could help me with this!
On 4th Apr 2018 10:50am, Helen F said:
Is it worth turning off the off site messaging but sending an email to the effect that if they want to be contacted they need to change the setting personally. Since I've not changed the settings, does the system allow messages to just be delivered to the site mailbox or do they always copy to the member's email too? If it was possible to just put a mail message in a member's site box, then people could leave a message and they might read it if they ever log in again?
This was basically the idea I had in mind, but couldn't decide how best to execute it. It probably is best if I switch all contacts to "off" for now, and then let each member switch theirs back on if desired. I can then either try to email everyone (over 2,000 members - I'll have to learn how best to do that!) - or create some kind of cookie that detects if a member has been to their profile, and then show a reminder if they haven't. Don't worry folks, I'm not going to do this just yet - I'll give some warning!
You have also jogged me into thinking about another member choice for messaging. At the moment all messages get saved in a forum mail database AND sent via normal email, too. It's probably best to add another selection in the personal profile page, so a member can decide:
(a) If they want ANY contacts at all, and if so -
(b) If they want messages to only go into their forum mail, to be picked up whenever they log on, but NOT send an actual email.
On 4th Apr 2018 10:50am, Helen F said:
Another possibility is to inactivate accounts unused for x years?
This is something I look at periodically. Every now and again I look down the member list to see who's registered 2 years or more ago but never posted on the forum - then delete the account if it's never been used. Chances are, if ever those people tried to log on in future, they'd have forgotten their original username & password anyway, so would probably have created a second account. I've seen that many times!
Many thanks again Helen for such helpful ideas... we'll get there! |
News, Media and Current Affairs - Data Protection Act 2018 | |
Helen F
Warrington |
7 of 21
Thu 5th Apr 2018 11:19pm
I've set my messaging to inbox only. Somebody send me a message please. |
News, Media and Current Affairs - Data Protection Act 2018 | |
Helen F
Warrington |
8 of 21
Thu 5th Apr 2018 11:24pm
If you want to email all members, does the admin allow you to send a message to all inboxes? If so, they will then relay to all email addresses who have not set 'no messaging' or 'only send to inbox' which you've just added. |
News, Media and Current Affairs - Data Protection Act 2018 | |
Rob Orland
Historic Coventry Thread starter
|
9 of 21
Fri 6th Apr 2018 7:27am
On 5th Apr 2018 11:24pm, Helen F said:
If you want to email all members, does the admin allow you to send a message to all inboxes? If so, they will then relay to all email addresses who have not set 'no messaging' or 'only send to inbox' which you've just added.
That's a good question Helen. However, I've never created a "message to all" feature for this forum, so fortunately (for me) I've not needed to cross that particular technical minefield! Whenever I've wished to "speak" to all members, I've always simply used the open forum and posted an "information" message. |
News, Media and Current Affairs - Data Protection Act 2018 | |
Helen F
Warrington |
10 of 21
Fri 6th Apr 2018 9:09am
The messages to inbox only worked |
News, Media and Current Affairs - Data Protection Act 2018 | |
Robthu
Coventry |
11 of 21
Sat 7th Apr 2018 7:18am
I know this subject is not to everyone's interest including mine, but it is important that we all take note and assist Rob with this. Interference from our 'betters' has thrown an increasing load of extra work on to Rob, so, let us all make this load as light as possible for him.
He will guide us in what is required, so, if he asks us to jump, we just ask, how high |
News, Media and Current Affairs - Data Protection Act 2018 | |
Rob Orland
Historic Coventry Thread starter
|
12 of 21
Mon 9th Apr 2018 12:00am
Although this topic is not exactly the sort of thing that gets us excited, me included, it is something that needs to be given some thought, so I'll alter the date of this post to keep it in view for a week or so, just to give everyone the opportunity to view it. If anyone has any suggestions as to how I ought to deal with the forthcoming changes to the law, or not, as the case may be, please feel welcome to voice an opinion. |
News, Media and Current Affairs - Data Protection Act 2018 | |
Rob Orland
Historic Coventry Thread starter
|
13 of 21
Mon 9th Apr 2018 12:00am
On 4th Apr 2018 10:50am, Helen F said:
.... does the system allow messages to just be delivered to the site mailbox or do they always copy to the member's email too?
I hope I've just made a change that allows that choice now! In everyone's profile is now a three-way selection, to choose:
No (Not able to send or receive personal messages)
Yes (Message to forum inbox ONLY - No email)
Yes (Message to forum inbox AND receive email)
Until these personal selections are made and then some messages are received by any members I won't know if this works or not ! Over to you folks! |
News, Media and Current Affairs - Data Protection Act 2018 | |
Yanster
Wales |
14 of 21
Mon 9th Apr 2018 2:52pm
Hi Rob
I've also been looking into GDPR, in connection with indie publishing and mailing lists, and wondered if you might find the following link useful:
https://www.disclaimertemplate.com/privacy-notice-consent-methods-updated-gdpr/
Regards |
News, Media and Current Affairs - Data Protection Act 2018 | |
Rob Orland
Historic Coventry Thread starter
|
15 of 21
Mon 9th Apr 2018 4:34pm
Thank you Yanster - yes, that's a very useful link indeed. It lists the points very clearly, unlike some other sites I've seen where it's just one long essay! I'll try to work my way through them to see what more I need to do before the 25th of next month. |
News, Media and Current Affairs - Data Protection Act 2018 |
Website & counter by Rob Orland © 2024
Load time: 585ms