Topic categories:

Data Protection Act 2018

You need to be signed in to respond to this topic

No actionNo action

Displaying 1 to 15 of 20 posts

Page 1 of 2

1 2
Next pageNo action
20 posts:
Order:    

Rob Orland
Historic Coventry
All posts by this member
1 of 20  Thu 29th Mar 2018 9:48pm  
Webmaster: Joined Jan 2010  Total posts:1256

Good evening folks! A good friend recently drew my attention to the significant law that will come into place on the 25th May this year. Officially it's called the "General Data Protection Regulation" (GDPR), and it's designed to help everyone keep their personal information safe online. Although this forum is not a commercial website, the rules will still apply to me, and I'll need to provide you all with proof and reassurance that I can keep your data safe and, if requested, can delete anything you ask me to. In the case of this forum there isn't as much to worry about as some other sites, because there's nothing financial involved, so any data that could be vulnerable would have a relatively small impact on the individual. However, I thought I'd get the ball rolling and start a discussion here, because I'm not any kind of expert regarding the law, and I'm happy to take advice from any of you that might be able to offer help and suggestions. First of all, I'll list here the information that my forum database stores on each of you.... Username: This can be anything you choose, so does not need to be personally sensitive and may be changed at any time. Password: This is "one-way encrypted" and cannot be decrypted by anybody. Even I, with full access to the database, am completely unable to decrypt any of your passwords, hence the reason for you needing to reset it if forgotten. Here is an example of a password - 29fa5d948f39aa8uc82891fa93se6a5be382f3b2 The original might only be a few characters long in reality, but the encryption algorithm makes the stored string much longer. Location: Again, this can be a vague as you like and is unlikely to be sensitive. Email address: Although this can be decoded as part of the administration of this forum, the storage of your email address on the database is encoded in several stages and, I hope, is not possible to be used by anyone with ill intent if they somehow get stolen. Below is an example of an encoded email address - a free breakfast for anyone who is able to work it out! (And no, it's not mine!) PT1RYnZObUxrRldab2RXYWlCMGNuOUdiakpYWjJWR2JqVm1idlJHYnNWMmQ Any member, once logged in and active, may delete their own email address if desired. This, however, is risky, because if you subsequently forget your password then you'll have no means of retrieving it ! IP Address: These are only stored to help with some of the "niceties" of the forum. i.e. if you enter an incorrect username when logging in, your IP address is compared to the database entry and is used to show you a reminder of which username you probably last used. IP addresses can be dynamic and change regularly, which can render this feature useless, but it's there to help if possible none-the-less. Not very much can be discerned from your IP address - mainly the location of your internet provider, and possibly your hometown, but any of you who are worried about it being stored in the database can let me know and I can see about removing it. It's not publicly visible, though. I welcome your thoughts on how I can make anything safer, or how best to present the information about your data.
Data Protection Act 2018
mcsporran
Coventry & Cebu
All posts by this member
2 of 20  Fri 30th Mar 2018 2:50am  
Member: Joined Oct 2013  Total posts:358

After the discovery of the Spectre and Meltdown vulnerabilities in December, no current computers with Intel, AMD or ARM processors are immune from hacking and this will remain the case until redesigned versions are available sometime later this year. Windows, Linux, Android, MacOS, iOS and Chrome are all affected. However it is unlikely anyone would expend any effort on attacking a computer with no potential of financial reward.
Data Protection Act 2018
Helen F
Warrington
All posts by this member
3 of 20  Mon 2nd Apr 2018 9:29pm  
Member: Joined Mar 2013  Total posts:923

I've known for a while that internet security was going to be a nightmare. To avoid trouble I have several strategies. I have multiple emails and use them for different levels of security. They have different passwords and different logins. The passwords and names aren't the same for different sites. I try (not always successfully) not to give too much away about my movements. I don't have a Facebook page because it's too easy to give information to strangers who might use it to make me vulnerable to plots. Amusingly the email I use for this site has almost no spam, even though I use it for all sorts of amateur sites. So Rob and the others are doing something right. Thumbs up One my shopping emails is littered with all sorts of sinister junk. Shops aren't your best security friend. Might those who use their full name, want to edit them to aid you in keeping people's details secure? ie if people can't be easily identifed with a real person then it's harder for their details to be hacked. A little difficult for those looking for family members to avoid listing their family connections but perhaps we could come up with a way to protect people from revealing too much?
Data Protection Act 2018
Rob Orland
Historic Coventry
All posts by this member
Thread starter
4 of 20  Tue 3rd Apr 2018 7:21pm  
Webmaster: Joined Jan 2010  Total posts:1256

Thanks Helen, some more good points there. At least the small amount of information held by this site makes it relatively easy to administrate, and is also controllable by each individual member. Additionally, if anyone is sensitive about being contacted by others, then every member is able, via their profile, to switch off their "private contact" availability. Just a thought on that actually, which has just crossed my mind (and fortunately stopped halfway - it usually keeps going and disappears!).... part of the new data protection act states that any "contact me" choices should default to "No", leaving the individual to positively select to be contacted. To that end, I've just this minute changed the registration page's default to "No" for new members registering.... but does anyone here think that as an extension of that, I ought to do a mass "switch off" of all contact buttons for all members - and then let you all take the conscious decision to switch back on again in your profiles if desired? That would, at least, be making me comply with the new law - as I read it, anyway!

Question

Data Protection Act 2018
Helen F
Warrington
All posts by this member
5 of 20  Wed 4th Apr 2018 10:50am  
Member: Joined Mar 2013  Total posts:923

Hmmm. There are arguments for and against. I can see an issue with people discovering old posts and responding to the original poster by message eg 'your aunty Doreen was a friend of mine' sort of thing. Potentially the poster might want to hear from the person or, if the post was 5 years ago and they haven't posted since, they might be unsettled by a mail message out of the blue. I'm getting messages from old sites to see if I'm still interested and other sites are deleting accounts through inactivity. Is it worth turning off the off site messaging but sending an email to the effect that if they want to be contacted they need to change the setting personally. Since I've not changed the settings, does the system allow messages to just be delivered to the site mailbox or do they always copy to the member's email too? If it was possible to just put a mail message in a member's site box, then people could leave a message and they might read it if they ever log in again? Another possibility is to inactivate accounts unused for x years? I know that I wonder about all the things my Dad signed up to that are now flapping around without an owner. A bit weird. It would be good to keep the information and pictures people left but the links to old emails/departed members is unsuitable.
Data Protection Act 2018
Rob Orland
Historic Coventry
All posts by this member
Thread starter
6 of 20  Wed 4th Apr 2018 1:30pm  
Webmaster: Joined Jan 2010  Total posts:1256

Once again you make some great points Helen, and I fully agree with your reasoning. You see, I just knew we had members that could help me with this!
On 4th Apr 2018 10:50am, Helen F said: Is it worth turning off the off site messaging but sending an email to the effect that if they want to be contacted they need to change the setting personally. Since I've not changed the settings, does the system allow messages to just be delivered to the site mailbox or do they always copy to the member's email too? If it was possible to just put a mail message in a member's site box, then people could leave a message and they might read it if they ever log in again?
This was basically the idea I had in mind, but couldn't decide how best to execute it. It probably is best if I switch all contacts to "off" for now, and then let each member switch theirs back on if desired. I can then either try to email everyone (over 2,000 members - I'll have to learn how best to do that!) - or create some kind of cookie that detects if a member has been to their profile, and then show a reminder if they haven't. Don't worry folks, I'm not going to do this just yet - I'll give some warning! You have also jogged me into thinking about another member choice for messaging. At the moment all messages get saved in a forum mail database AND sent via normal email, too. It's probably best to add another selection in the personal profile page, so a member can decide: (a) If they want ANY contacts at all, and if so - (b) If they want messages to only go into their forum mail, to be picked up whenever they log on, but NOT send an actual email.
On 4th Apr 2018 10:50am, Helen F said: Another possibility is to inactivate accounts unused for x years?
This is something I look at periodically. Every now and again I look down the member list to see who's registered 2 years or more ago but never posted on the forum - then delete the account if it's never been used. Chances are, if ever those people tried to log on in future, they'd have forgotten their original username & password anyway, so would probably have created a second account. I've seen that many times! Many thanks again Helen for such helpful ideas... we'll get there! Cheers
Data Protection Act 2018
Helen F
Warrington
All posts by this member
7 of 20  Thu 5th Apr 2018 11:19pm  
Member: Joined Mar 2013  Total posts:923

I've set my messaging to inbox only. Somebody send me a message please. Smile
Data Protection Act 2018
Helen F
Warrington
All posts by this member
8 of 20  Thu 5th Apr 2018 11:24pm  
Member: Joined Mar 2013  Total posts:923

If you want to email all members, does the admin allow you to send a message to all inboxes? If so, they will then relay to all email addresses who have not set 'no messaging' or 'only send to inbox' which you've just added.
Data Protection Act 2018
Rob Orland
Historic Coventry
All posts by this member
Thread starter
9 of 20  Fri 6th Apr 2018 7:27am  
Webmaster: Joined Jan 2010  Total posts:1256

On 5th Apr 2018 11:24pm, Helen F said: If you want to email all members, does the admin allow you to send a message to all inboxes? If so, they will then relay to all email addresses who have not set 'no messaging' or 'only send to inbox' which you've just added.
That's a good question Helen. However, I've never created a "message to all" feature for this forum, so fortunately (for me) I've not needed to cross that particular technical minefield! Whenever I've wished to "speak" to all members, I've always simply used the open forum and posted an "information" message. Thumbs up
Data Protection Act 2018
Helen F
Warrington
All posts by this member
10 of 20  Fri 6th Apr 2018 9:09am  
Member: Joined Mar 2013  Total posts:923

The messages to inbox only worked Thumbs up
Data Protection Act 2018
Robthu
Coventry
All posts by this member
11 of 20  Sat 7th Apr 2018 7:18am  
Member: Joined Oct 2012  Total posts:81

I know this subject is not to everyone's interest including mine, but it is important that we all take note and assist Rob with this. Interference from our 'betters' has thrown an increasing load of extra work on to Rob, so, let us all make this load as light as possible for him. He will guide us in what is required, so, if he asks us to jump, we just ask, how high Thumbs up
Data Protection Act 2018
Rob Orland
Historic Coventry
All posts by this member
Thread starter
12 of 20  Mon 9th Apr 2018 12:00am  
Webmaster: Joined Jan 2010  Total posts:1256

Although this topic is not exactly the sort of thing that gets us excited, me included, it is something that needs to be given some thought, so I'll alter the date of this post to keep it in view for a week or so, just to give everyone the opportunity to view it. If anyone has any suggestions as to how I ought to deal with the forthcoming changes to the law, or not, as the case may be, please feel welcome to voice an opinion.
Data Protection Act 2018
Rob Orland
Historic Coventry
All posts by this member
Thread starter
13 of 20  Mon 9th Apr 2018 12:00am  
Webmaster: Joined Jan 2010  Total posts:1256

On 4th Apr 2018 10:50am, Helen F said: .... does the system allow messages to just be delivered to the site mailbox or do they always copy to the member's email too?
I hope I've just made a change that allows that choice now! In everyone's profile is now a three-way selection, to choose: No (Not able to send or receive personal messages) Yes (Message to forum inbox ONLY - No email) Yes (Message to forum inbox AND receive email) Until these personal selections are made and then some messages are received by any members I won't know if this works or not ! Over to you folks! Thumbs up
Data Protection Act 2018
Yanster
Wales
All posts by this member
14 of 20  Mon 9th Apr 2018 2:52pm  
Member: Joined Jan 2016  Total posts:21

Hi Rob I've also been looking into GDPR, in connection with indie publishing and mailing lists, and wondered if you might find the following link useful: https://www.disclaimertemplate.com/privacy-notice-consent-methods-updated-gdpr/ Regards
Data Protection Act 2018
Rob Orland
Historic Coventry
All posts by this member
Thread starter
15 of 20  Mon 9th Apr 2018 4:34pm  
Webmaster: Joined Jan 2010  Total posts:1256

Thank you Yanster - yes, that's a very useful link indeed. It lists the points very clearly, unlike some other sites I've seen where it's just one long essay! I'll try to work my way through them to see what more I need to do before the 25th of next month. Thumbs up
Data Protection Act 2018

You need to be signed in to respond to this topic

No actionNo action

Displaying 1 to 15 of 20 posts

Page 1 of 2

1 2
Next pageNo action

Previous (older) topic

Coventry Model Railways
|

Next (newer) topic

Railways around Coventry
View similar topics in the Information category
 
Home | Forum index | Forum stats | Forum help | Log out | About me | My music
Top of the page
HTML5
1,514,283
Counter by Rob Orland

This page last updated 5th April 2018  (Load time: 92ms)