[#22714] - [com_privacy] Personal data injected to com_messages and not exported/deleted
- Closed
- 10 Feb 2019
- Medium
- Build: staging
- # 22714
Steps to reproduce the issue
Generate and confirm an information request by user
Note that a super admin will get a private message in Joomla admin, containing the email address (personal information) about a user
Expected result
pffff no idea...
I'm guessing when a GDPR request says delete all personal data, this should include the data in these private messages - after all these are automated messages and could be crafted without personal data, maybe instead of
User phil@phil-taylor.com has confirmed their information request.
it could say
A User has confirmed the information request ##6.
and then this would not be an issue?
There is no real need for personal data to be "leaked" into the private messages of a Super Admin (and further our in unencrypted email to the super admin's mailbox)
Actual result
Personal data about a person is stored in private messages in Joomla database even after a remove request has been made.
joomla-cms-bot
- | Labels |
Added:
?
|
||
Its not needed at all. There is no need for the personal data to be in that message. The request could be referenced by its id, like it is in the action logs.
| Labels |
Added:
J3 Issue
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-02-10 21:32:17 |
| Closed_By | ⇒ | PhilETaylor |
This is a legitimate use of pii as it is required to perform the requested action