[Koha-bugs] [Bug 33284] New: checkout_renewals table retains checkout history in violation of patron privacy

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon Mar 20 20:37:53 CET 2023 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33284

            Bug ID: 33284
           Summary: checkout_renewals table retains checkout history in
                    violation of patron privacy
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5 - low
         Component: Circulation
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: andrewfh at dubcolib.org
        QA Contact: testopia at bugs.koha-community.org
                CC: gmcharlt at gmail.com, kyle.m.hall at gmail.com
        Depends on: 30275

The checkout_renewals table introduced in bug 30275 can retain a link between a
patron and an issue_id when the patron's privacy is set to Never. That data
should be anonymized.

To recreate:
- have a patron with their privacy set to Never retain reading history
- check an item out to the patron, renew it via the OPAC
- confirm your patron's borrowernumber can be found in
checkout_renewals.renewer_id and the issue_id for your checkout can be found in
checkout_renewals.checkout_id
- check your item in
- confirm your patron's borrowernumber has been removed from
old_issues.borrowernumber
- confirm your patron's borrowernumber and the issue_id for your checkout can
still be found in checkout_renewals.checkout_id (along with a note that the
renewal happened via the OPAC, thereby making it perfectly clear that this was
a patron renewing the item they had checked out themselves).

Should we not replace checkout_renewals.renewer_id with the anonymous patron's
borrowernumber when the item is returned, if the patron is set to not retain
reading history?


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30275
[Bug 30275] Checkout renewals should be stored in their own table
-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.

More information about the Koha-bugs mailing list