Open elbill opened 5 years ago
Thank you for this great analysis @elbill.
This is actually a good feature related to https://github.com/globaleaks/GlobaLeaks/issues/2540 and https://github.com/globaleaks/GlobaLeaks/issues/2541.
I also consider important that on deletion of a tip some metadata is always preserved.
Indeed @evilaliv3 preserving some metadata and an additional entry/note from the receiver would cover most of the requirements with less programming time. Editing the entries would be quite handy, however it could create some operational risks and I assume would be more complicated to implement.
Reference to Data Retention based on Submission Status #2523
This feature request refers to GDPR compliance as well as many organisational code of conducts require the absence of sensitive personal information from submissions, or the anonymisation after e.g. 2 months. Confidential submissions could be edited to remove personal data or sensitive personal data (of reporter or reported person) that may not be relevant or could be a liability for the organisation. Anonymisation of submissions could also allow to keep submissions in the system for statistical purposes.
I see the point that editing submissions may be risky. There could be an indication that the submission has been edited/anonymised. Or the submission could be anonymised after the expiration date. There could be 2 options, delete or anonymise.
The other less invasive alternative is to delete all the submission information but still keep an "empty" entry (or a receiver note) and keeping labels to use for statistical purposes.