[Koha-bugs] [Bug 24151] Add a pseudonymization process for patrons and transactions

Tue Dec 3 19:11:14 CET 2019

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24151

--- Comment #3 from Jonathan Druart <jonathan.druart at bugs.koha-community.org> ---
Created attachment 95961
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=95961&action=edit
Bug 24151: Copy info to the pseudonymized table when a patron is modified

This is the commit where you will find useful information about this
development.

The goal of this neww feature is to add a way to pseudonymize patron's
data, in a way they could not be personally identifiable.
https://en.wikipedia.org/wiki/Pseudonymization

There are different existing way to anonymize patron's information in
Koha, but we loose the ability to make useful report.
This development proposes to have 3 different tables:
  * 1 for patrons' data (anonymized_borrowers)
  * 1 for transactions (anonymized_transactions)
  * 1 for patrons' attributes (anonymized_borrower_attributes)
Entries to anonymized_borrowers are added when a new patron is added or
modified, to anonymized_transactions when a new transaction (checkout,
checkin, renew, on-site checkout) is done, and
anonymized_borrower_attributes when attributes are added or modified.

That way we are maintaining up-to-date informations in 3 different
tables.

To make those informations not identifiable to a patron, we are having a
hashed_borrowernumber column in each of the 3 tables. This hash will be
generated (Blowfish-based crypt) using a key stored in the Koha
configuration.

To make things configurable, we are adding 3 sysprefs and 1 new DB
column:
  * syspref Pseudonymization to turn on/off the whole feature
  * syspref PseudonymizationPatronFields to list the informations of the
  patrons to sync
  * syspref PseudonymizationTransactionFields to list the informations
  of the transactions to copy
  * DB column borrower_attribute_types.keep_for_anonymized that is a
  boolean to enable/disable the copy of a given patron's attribute type.

Test plan:
1/ Turn on Pseudonymization
2/ Define in PseudonymizationPatronFields and
PseudonymizationTransactionFields the different fields you want to copy
3/ Go to the about page
=> You will see a warning about a missing config entry
4/ You need to generate a key and put it in the koha-conf.xml file. The
following command will generate one:
  % htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/'
Then edit $KOHA_CONF and add it before of the end of the config section
(</config)
  it should be something like:
    <key>$2a$10$PfdrEBdRcL2MZlEtKueyLegxI6zg735jD07GRnc1bt.N/ZYMvBAB2</key>
5/ Restart memcached then plack (alias restart_all)
=> Everything is setup!
6/ Create a new patron
=> Confirm that a new entry has been added to anonymized_borrowers with the
data
you expect to be copied
7/ Modify an existing patron (ie. that does not have a corresponding
entry in anonymized_borrowers)
=> Confirm that a new entry has been added to anonymized_borrowers with the
data
you expect to be copied
8/ Add some transactions (checkout, checkin, renew, on-site checkout)
for patron that existed before you turned the pref Pseudonymization on
and for newly created/modified patrons
=> Confirm that new entries have been added to anonymized_transactions
with the data you expect
9/ Edit some patron attribute types and tick "Keep for pseudonymization"
10/ Edit or create patrons and add data for those patron attributes
=> Confirm that new entries have been added to
anonymized_borrower_attributese
11/ Delete the patrons
=> Confirm that the entries still exist in the anonymized_* tables
12/ Purge the patrons (ie. use cleanup_database.pl to remove them from
the deleted_borrowers table)
=> Confirm that the entries still exist in the anonymized_* tables

See bug 24152 to remove data from the anonymized_* tables

Sponsored-by: Association KohaLa - https://koha-fr.org/

-- 
You are receiving this mail because:
You are watching all bug changes.