J3.x:Information Request Workflow in Privacy Component
From Joomla! Documentation
Le richieste di informazioni sono l'elemento centrale della componente privacy e del trattamento delle richieste degli utenti per l'esportazione o la rimozione dei loro dati da un sito.
Creazione di una richiesta
A request can be created either by a super user for the website or an authenticated user through the request form.
Super User Creation
Through the Privacy: Information Requests screen, any super user may create a new information request. This is the only way to create information requests for users who do NOT have accounts on the website. To create a request, the super user must specify:
- The email address of the user for whom to process data
- The request type (export or remove)
Authenticated User Request
Registered users may submit information requests for their accounts on the website. It is suggested to create a Privacy → Create Request menu item to link to the information request form. When submitting an information request, the user must provide:
- Their email address
- The request type (export or remove)
Confirming a Request
Once a request has been created, regardless of how it is created, the user must confirm that this is a valid request for their information. They will receive an email from the website alerting them to the request's creation and be provided a link to a confirmation form where they will need to enter the token provided in the email and their email address to confirm the request's validity. Once the user confirms the request, it will be marked as Confirmed in the component's requests list and the site's super user(s) will be able to process it.
The token in this email is valid for 24 hours. If a request is not confirmed in that timeframe, the request will be marked as Invalid in the component's requests list and a new request must be submitted.
It is suggested to create a hidden Privacy → Confirm Request menu item in order to provide a SEF URL for this page, however this is not required.
Processing a Request
Export Request
Once an export request has been confirmed, there are two actions available to super users.
- Export Data: This will collect all data for the information request's subject and create a XML file that will be downloaded to your computer. This is useful to enable site owners to review the data export prior to sending it to the user.
- Email Data Export: This will collect all data for the information request's subject, create a XML file (the same as generated by the Export Data action), and send an email to the user with the exported data file attached.
Removal Request
Once a remove request has been confirmed, there is one action available to super users.
- Delete Data: This process will anonymize and/or remove data related to the information subject. For requests where the information owner also has a registered user account, this process will anonymize the account's name, username, and email address, as well as block the account from being logged into and log the user out of the site if they are logged in at the time the request is processed.
Completing a Request
After the request has been processed, the request should be marked as completed. This will indicate that the request has been fulfilled and there is no further action to be taken.