Produce a guide to released user-data

[RichardTaylor]

User-data may be released to data-subjects in response to a request from the data-subject.

If material to be released is to be in the form of documents showing content from admin pages, examples of which are at: https://github.com/mysociety/alaveteli/pull/6795#issue-1141167893

then the release should be accompanied by a guide/glossary explaining the data released.

The UK regulator, the Information Commissioner, advises:

You may need to explain some of the information you provide when you respond to a SAR (Subject Access Request).

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/right-of-access/how-should-we-supply-information-to-the-requester/#explain

Ideally in many cases administrators dealing with the release of information will format material so it can be understood, if we do have to provide data-dumps from the system we should probably explain some of the material included within them.

[garethrees]

As noted in https://github.com/mysociety/alaveteli/issues/6267#issuecomment-1065066357:

I think actually we should build some of this in to the Alaveteli admin interface so that it's included in the print view. That will also have the not insignificant benefit of helping new admins (volunteers in the UK and international site owners) understand how it all works.

I can imagine adding a tooltip to some of the more obscure attributes on various records (User#login_token, or even User#no_limit) that would both help admins and SAR recipients.

Similarly, where we have a table of associated records (Post Redirects, Track Things, etc) we could add a one-line description of what they do into the admin interface itself.

[garethrees]

We can of course compile this as an independent guide as a first step to develop the phrasing without needing technical capacity, and then when we have things to build in it should be easy to schedule work with no unknowns.