City-of-Bloomington / uReport

Issue tracking and constituent relationship management system with an Open311 (GeoReport v2) endpoint designed for local governments
https://bloomington.in.gov/crm
GNU Affero General Public License v3.0
41 stars 29 forks source link

Should we publish people's names? #363

Closed inghamn closed 3 years ago

inghamn commented 5 years ago

In the previous version we did not publish the reportedByPerson's name at all. In the new version, we publish the name, but no contact information.

We've received a request to not publish someone's name.

inghamn commented 5 years ago

If we do publish people's names, what do we do when requests come in to remove them?

I vaguely remember meeting with Legal about this topic, back when we decided to publish people's names.

inghamn commented 3 years ago

It turns out we really do want to display people's names....sometimes

inghamn commented 3 years ago

We need to make a distinction between staff and citizens when displaying personal information. We do need to show staff personal information (names, email addresses, phone numbers), just not for citizens.

inghamn commented 3 years ago

We have a desire to add a database flag on person records that makes that person hidden to the public. Their name and personal information should still be displayed to authenticated users.

rbdietz commented 3 years ago

I'm not sure we want to hide on a person basis, instead of a report basis. We need to discuss and have a clear agreement and what is to be implemented before it happens.

inghamn commented 3 years ago

If I don't try to implement per-person optional hiding (which would require a new database field), it sounds like I need to hide people's names based on if they're staff or not. I can make currently make this determination in code. In this case, we would NEVER display non-staff names anywhere, except to logged in staff.

The complex part is the natural language templating used to render the messages in History. Variables are created for the each history action called "EnteredByPerson" and "ActionPerson". These people can be anyone (staff or general public).

Without creating a new database field, I can generate an empty variable for people who are not staff. I will then need to spend a little time trying to clean up the natural language that would result from not having a value to inject into the sentence. My current system uses the same template for each action type.

I'm also going to need to decide what to do for each of the notification messages in the history. These notifications include the raw text that was sent in the email to those people. This raw text includes people's rendered names. Ideally, I'd like to not display the notifications in the History display, except to logged in staff. That would eliminate having to spend time figuring out how to regex certain people's names from the notification messages.