Details

    • Type: Sub-task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.2.0
    • Fix Version/s: Long Term
    • Component/s: Staff Interface
    • Labels:
      None

      Description

      Related to CORE-2671, part of GDPR.

      Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

      • Add a new Client Profile Action link called Anonymize Client
      • This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

      Anonymizing a client

      When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

      When anonymizing a client, some information should be deleted, including:

      • The client's payment accounts
      • The client's email logs
      • The client's contact update logs
      • The client's authentication logs

      The client should be marked inactive.

      Anonymize Data Set

      The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

      Restrictions

      To anonymize a client, there are the following restrictions:

      1. No open or recurring invoices, or active services

      Display

      If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

      Anonymize Client
      Clients may only be anonymized if they have no open or recurring invoices, or active services. Anonymizing a client will update all contact information to predefined values, and cause client logs and payment accounts to be permanently deleted. This process is IRREVERSIBLE.
      [ ] I Confirm this client will be permanently anonymized
      [=======] Enter your staff password
      [Button]

        Activity

        admin Paul Phillips created issue -
        admin Paul Phillips made changes -
        Field Original Value New Value
        Description Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        admin Paul Phillips made changes -
        Description Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        admin Paul Phillips made changes -
        Description Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        admin Paul Phillips made changes -
        Description Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action *Delete Client* to *Delete or Anonymize Client*
        * Instead of a modal, create a new page where the client can be deleted or anonymized
        * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action -*Delete Client* to *Delete or Anonymize Client*- *Keep items as separate links*
        * Instead of a modal, create a new page where the client can be deleted or anonymized. *Unless we can put form fields in the modal.*
        * On the new page, check whether the client has any open/recurring invoices, or active services. If it does have such data, do not allow the client to be deleted or anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        admin Paul Phillips made changes -
        Description Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Rename the Action -*Delete Client* to *Delete or Anonymize Client*- *Keep items as separate links*
        * Instead of a modal, create a new page where the client can be deleted or anonymized. *Unless we can put form fields in the modal.*
        * On the new page, check whether the client has any open/recurring invoices, or active services. If it does have such data, do not allow the client to be deleted or anonymized.

        h3. Deleting a client

        When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

        Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To delete a client, there are the following restrictions:

        # No invoice, service, or transaction data

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

        h3. Display

        Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.


        ||Delete Client||Anonymize Client||
        |Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
        |[Button]|[Button]|
        Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Add a new Client Profile Action link called *Anonymize Client*
        * This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

        When anonymizing a client, some information should be *deleted*, including:

        * The client's payment accounts
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        h3. Display

        If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

        ||Anonymize Client||
        |Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently anonymized|
        | [=======] Enter your staff password|
        |[Button]|
        admin Paul Phillips made changes -
        Description Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Add a new Client Profile Action link called *Anonymize Client*
        * This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

        When anonymizing a client, some information should be *deleted*, including:

        * The client's payment accounts
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        h3. Display

        If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

        ||Anonymize Client||
        |Clients may only be anonymized if they have no open or recurring invoices, or active services.|
        |[ ] I Confirm this client will be permanently anonymized|
        | [=======] Enter your staff password|
        |[Button]|
        Related to CORE-2671, part of GDPR.

        Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

        * Add a new Client Profile Action link called *Anonymize Client*
        * This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

        h3. Anonymizing a client

        When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

        When anonymizing a client, some information should be *deleted*, including:

        * The client's payment accounts
        * The client's email logs
        * The client's contact update logs
        * The client's authentication logs

        The client should be marked inactive.

        h3. Anonymize Data Set

        The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

        h3. Restrictions

        To anonymize a client, there are the following restrictions:

        # No *open* or *recurring* invoices, or *active* services

        h3. Display

        If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

        ||Anonymize Client||
        |Clients may only be anonymized if they have no open or recurring invoices, or active services. Anonymizing a client will update all contact information to predefined values, and cause client logs and payment accounts to be permanently deleted. This process is IRREVERSIBLE.|
        |[ ] I Confirm this client will be permanently anonymized|
        | [=======] Enter your staff password|
        |[Button]|
        admin Paul Phillips made changes -
        Parent Issue CORE-2463 [ CORE-2463 ] CORE-2680 [ CORE-2680 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.3.0-b2 [ 11100 ]
        Fix Version/s 4.3.0-b1 [ 11019 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.3.0 [ 11022 ]
        Fix Version/s 4.3.0-b2 [ 11100 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.3.0 [ 11101 ]
        Fix Version/s 4.3.0-b3 [ 11022 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.4.0-b1 [ 11105 ]
        Fix Version/s 4.3.0 [ 11101 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.4.0-b2 [ 11109 ]
        Fix Version/s 4.4.0-b1 [ 11105 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.5.0-b1 [ 11108 ]
        Fix Version/s 4.4.0 [ 11109 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.5.0-b2 [ 11115 ]
        Fix Version/s 4.5.0-b1 [ 11108 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.5.0 [ 11116 ]
        Fix Version/s 4.5.0-b2 [ 11115 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.6.0-b1 [ 11117 ]
        Fix Version/s 4.5.0 [ 11116 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.6.0-b2 [ 11121 ]
        Fix Version/s 4.6.0-b1 [ 11117 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.6.0 [ 11122 ]
        Fix Version/s 4.6.0-b2 [ 11121 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.7.0-b1 [ 11123 ]
        Fix Version/s 4.6.0 [ 11122 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.7.0-b2 [ 11125 ]
        Fix Version/s 4.7.0-b1 [ 11123 ]
        admin Paul Phillips made changes -
        Fix Version/s 4.8.0-b1 [ 11127 ]
        Fix Version/s 4.7.0 [ 11125 ]
        admin Paul Phillips made changes -
        Fix Version/s Long Term [ 10801 ]
        Fix Version/s 4.8.0-b1 [ 11127 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            admin Paul Phillips
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: