In my opinion raw POST data should not be saved in tl_lead -- or at least there should be an option to prevent all form data of automatically being saved. Since in every form field (form generator) you have the option to configure if you want the data of the respective form field to be saved, I think only the data should be saved where this option has been selected.
Why I think its an issue
It does not follow the "privacy by design" principle see Art. 25 GDPR
Even though there will be an option to automatically purge data in leads, in terms of GDPR, saving data until its purged as well as the purging itself is already defined as processing data.
In terms of usability i think it's misleading that in the backend/form generator it gives the option to chose wether you want data of a form field to be saved or not but then everything is saved after all.
At least in my case it means I have access to confidential information that is none of my business.
What made me create this pull request
We use Leads in a system/installation in which we run multiple websites (different freelancers that work together in one network). Each freelancer has its own website and any customer inquiries coming through the websites' online forms are solely forwarded to the freelancers via email. These emails contain personal and confidential data that is none of my business as the webmaster and owner of the network. However, in the forms/form generator, I have selected a few form fields – that contain no personal data – to be saved in Leads for statistical purposes (to track how many inquiries have been made on which website, but e.g. I can't see who sent the inquiry or what the content of the inquiry is about). At least this is what I thought. A few days ago I had to do a database export and exported the table "tl_leads". I was shocked to find every piece of information ever entered into any field of any online form in the column "post_data" even though I had not marked most of the respective form fields to be saved in Leads.
In my opinion raw POST data should not be saved in tl_lead -- or at least there should be an option to prevent all form data of automatically being saved. Since in every form field (form generator) you have the option to configure if you want the data of the respective form field to be saved, I think only the data should be saved where this option has been selected.
Why I think its an issue
What made me create this pull request We use Leads in a system/installation in which we run multiple websites (different freelancers that work together in one network). Each freelancer has its own website and any customer inquiries coming through the websites' online forms are solely forwarded to the freelancers via email. These emails contain personal and confidential data that is none of my business as the webmaster and owner of the network. However, in the forms/form generator, I have selected a few form fields – that contain no personal data – to be saved in Leads for statistical purposes (to track how many inquiries have been made on which website, but e.g. I can't see who sent the inquiry or what the content of the inquiry is about). At least this is what I thought. A few days ago I had to do a database export and exported the table "tl_leads". I was shocked to find every piece of information ever entered into any field of any online form in the column "post_data" even though I had not marked most of the respective form fields to be saved in Leads.