Too much PPI

[AnsteorraMarshalWebAdmin]

Kingdom does not need all of this information, and I find keeping records of this much information on folks problematic. None of the provided documentation gives justification or insight for the collection of this much PII. There is nothing in the guides provided that indicate how our information is being kept safe. Given this lack of transparency and the track record of information breaches, I fail to see why the Kingdom has chosen to collect and store this information.

[jhandel]

The only required fields are SCA Name, Name, and Email Address. Additional Information is ask for because it is needed for Warranted individuals (like Authorizing Marshals) and other Martial activities and reports (like youth activities and managing youth members vs adult members), along with future functionality regarding Officer tracking and management.. These are the same requirements we have had for over a 15 years across multiple previous Martial Activity management systems.

[jdsemma]

"we've always done that" is not always the best answer. We should strive to continually improve and re-vet our policies.

Aside from that: marking which fields are required and which aren't on the registration screen would be a good idea. The usual convention is a red "* Required field" in smalltext just above or below the box.

[jhandel]

To follow up here is a more cogent description of what PII is required and why

And yes we are working on UI tweaks to make required fields more obvious.

Privacy usage of AMP:

Required Fields SCA Name First Name Last Name Group Email Address Birth Month Birth Year

Non Required Fields Address Phone Number

Why do you need my Birth Month and Year? There are youth authorizations with multiple levels of age requirements, and adult authorizations that youth can not submit for. Also access to the site for youth requires validation with a parent account if the user registration is under 18.

Why the Additional Fields: Those individuals taking on roles that required Warranting are required to have their information in the system Authorizing Marshals Officers (future functionality) Admins of the AMP solution Kingdom level Martial Activity Officers Crown, Coronet, etc…

Who can see what? During the submission of an award the following information can be seen: SCA Name Additional Information from the “Additional Information” Tab if populated Link to OP Court Preferences Name to contact regarding court

Who can see “everything” Admins - To support the solution Crown & Coronet - To Review and Approve Warrants every 6 months Kingdom level officers - To Review and Approve Warrant and Warrant Reports.

[jdsemma]

That's good! I'd encourage you to get a privacy policy written up and linked somewhere (oh, another thought: on the front page there should be links to the user guide stuff that Kolfinna wrote (excellent job btw)) like the bottom of the page. I believe the Society Webminister has guidance along those lines nowadays; the kingdom at large should have one already that may cover reasonably well, but it's also probably a good idea to be explicit in it like you have here.

On Wed, Oct 2, 2024, 5:49 AM Josh @.***> wrote:

To follow up here is a more cogent description of what PII is required and why

And yes we are working on UI tweaks to make required fields more obvious.

Privacy usage of AMP:

Required Fields SCA Name First Name Last Name Group Email Address Birth Month Birth Year

Non Required Fields Address Phone Number

Why do you need my Birth Month and Year? There are youth authorizations with multiple levels of age requirements, and adult authorizations that youth can not submit for. Also access to the site for youth requires validation with a parent account if the user registration is under 18.

Why the Additional Fields: Those individuals taking on roles that required Warranting are required to have their information in the system Authorizing Marshals Officers (future functionality) Admins of the AMP solution Kingdom level Martial Activity Officers Crown, Coronet, etc…

Who can see what? During the submission of an award the following information can be seen: SCA Name Additional Information from the “Additional Information” Tab if populated Link to OP Court Preferences Name to contact regarding court

Who can see “everything” Admins - To support the solution Crown & Coronet - To Review and Approve Warrants every 6 months Kingdom level officers - To Review and Approve Warrant and Warrant Reports.

— Reply to this email directly, view it on GitHub https://github.com/Ansteorra/KMP/issues/186#issuecomment-2388348047, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG2H3EE2R6TBX6PDDNS6NLZZPFU3AVCNFSM6AAAAABPFWFAG2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOBYGM2DQMBUG4 . You are receiving this because you commented.Message ID: @.***>

[jhandel]

The AMP page on the kingdom website has links to all the docs and tutorial videos (https://ansteorra.org/AMP) but good idea adding that link to the login page!