Aged transactions can be de-anonymized using post code and birth year
Bug #1861239 reported by
Jeff Davis
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Undecided
|
Unassigned |
Bug Description
EG 3.3
Aged circs and aged holds include the user's postal/zip code and birth year. This is enough to uniquely identify the user in many cases. For example, over 10% of user accounts here at Sitka have a unique combination of postal code and birth year.
In my opinion, aged transactions should not retain this information at all. If there is a need for aggregate information on transactions by postal region or birth year, that information should be aggregated by other means before transactions are aged.
Changed in evergreen: | |
assignee: | nobody → Rogan Hamby (rogan-hamby) |
tags: | added: needsdiscussion |
Changed in evergreen: | |
milestone: | none → 3.next |
tags: | added: pullrequest |
tags: | removed: needsdiscussion |
To post a comment you must log in.
If this info is going to be pulled, it needs to be on an opt-in basis. We use this info for demographic analysis relating to circulations.