Open eleibr opened 11 months ago
evilaliv3
commented
11 months ago Thank you;
May i ask you to which country/jurisdiction are you referring?
The current implementation is made in italy for the national authority for anticorruption that consider that once the identity is disclosed is disclosed for the whole team
eleibr
commented
11 months ago Hello, I am aware of this, but this would be an improvement just in case the Recipient has to grant access to other users (maybe also external). Other platforms grant this functionality.
evilaliv3
commented
11 months ago Thank you @eleibr
Maybe in this case a feature such a privile: "Enable the user to see or request access to the identity" would make more sense?
In this case you would assign this priviledge to the internal users and prevent other external users to see the identity?
eleibr
commented
11 months ago Thanks @evilaliv3 for your kind reply. I think that this feature would not be applied to all different configurations. While speaking with customers we realize that the most common idea is that the Custodian should grant access ONLY to the Recipient who's asking for it and so the visibility of personal data would not be linked to the report itself: every Recipient would ask for it directly to the Custodian. I can understand that this changes the way the functionality is developed.
Proposal
When a Custodian gives access to the Whistleblower Identity, this should get visible only to the Recipient who asks for it and not to all Recipients of the Channel or who get the access to the report in a second moment.
Motivation and context
#