[CORE-2676] Allow staff to anonymize client data - Blesta

Details

Type: Sub-task
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 4.2.0
Fix Version/s: Long Term
Component/s: Staff Interface
Labels:
None

Description

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

Add a new Client Profile Action link called Anonymize Client
This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

When anonymizing a client, some information should be deleted, including:

The client's payment accounts
The client's email logs
The client's contact update logs
The client's authentication logs

The client should be marked inactive.

Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

Restrictions

To anonymize a client, there are the following restrictions:

No open or recurring invoices, or active services

Display

If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

Anonymize Client
Clients may only be anonymized if they have no open or recurring invoices, or active services. Anonymizing a client will update all contact information to predefined values, and cause client logs and payment accounts to be permanently deleted. This process is IRREVERSIBLE.
[ ] I Confirm this client will be permanently anonymized
[=======] Enter your staff password
[Button]

Activity

Descending order - Click to sort in ascending order

Paul Phillips made changes - 24/Oct/19 5:58 PM

Fix Version/s		Long Term [ 10801 ]
Fix Version/s	4.8.0-b1 [ 11127 ]

Paul Phillips made changes - 12/Sep/19 4:20 PM

Fix Version/s		4.8.0-b1 [ 11127 ]
Fix Version/s	4.7.0 [ 11125 ]

Paul Phillips made changes - 05/Sep/19 2:34 PM

Fix Version/s		4.7.0-b2 [ 11125 ]
Fix Version/s	4.7.0-b1 [ 11123 ]

Paul Phillips made changes - 19/Jun/19 6:04 PM

Fix Version/s		4.7.0-b1 [ 11123 ]
Fix Version/s	4.6.0 [ 11122 ]

Paul Phillips made changes - 11/Jun/19 3:54 PM

Fix Version/s		4.6.0 [ 11122 ]
Fix Version/s	4.6.0-b2 [ 11121 ]

Paul Phillips made changes - 28/May/19 4:31 PM

Fix Version/s		4.6.0-b2 [ 11121 ]
Fix Version/s	4.6.0-b1 [ 11117 ]

Paul Phillips made changes - 27/Feb/19 2:14 PM

Fix Version/s		4.6.0-b1 [ 11117 ]
Fix Version/s	4.5.0 [ 11116 ]

Paul Phillips made changes - 21/Feb/19 2:30 PM

Fix Version/s		4.5.0 [ 11116 ]
Fix Version/s	4.5.0-b2 [ 11115 ]

Paul Phillips made changes - 31/Jan/19 5:23 PM

Fix Version/s		4.5.0-b2 [ 11115 ]
Fix Version/s	4.5.0-b1 [ 11108 ]

Paul Phillips made changes - 06/Nov/18 4:08 PM

Fix Version/s		4.5.0-b1 [ 11108 ]
Fix Version/s	4.4.0 [ 11109 ]

Paul Phillips made changes - 22/Oct/18 3:50 PM

Fix Version/s		4.4.0-b2 [ 11109 ]
Fix Version/s	4.4.0-b1 [ 11105 ]

Paul Phillips made changes - 18/Jul/18 1:25 PM

Fix Version/s		4.4.0-b1 [ 11105 ]
Fix Version/s	4.3.0 [ 11101 ]

Paul Phillips made changes - 03/Jul/18 7:42 PM

Fix Version/s		4.3.0 [ 11101 ]
Fix Version/s	4.3.0-b3 [ 11022 ]

Paul Phillips made changes - 29/Jun/18 5:20 PM

Fix Version/s		4.3.0 [ 11022 ]
Fix Version/s	4.3.0-b2 [ 11100 ]

Paul Phillips made changes - 15/Jun/18 5:44 PM

Fix Version/s		4.3.0-b2 [ 11100 ]
Fix Version/s	4.3.0-b1 [ 11019 ]

Paul Phillips made changes - 17/Apr/18 2:34 PM

Parent Issue

~~CORE-2463~~ [ ~~CORE-2463~~ ]

CORE-2680 [ CORE-2680 ]

Paul Phillips made changes - 17/Apr/18 1:36 PM

Description

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Add a new Client Profile Action link called *Anonymize Client*
* This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

When anonymizing a client, some information should be *deleted*, including:

* The client's payment accounts
* The client's email logs
* The client's contact update logs
* The client's authentication logs

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

h3. Display

If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

||Anonymize Client||
|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently anonymized|
| [=======] Enter your staff password|
|[Button]|

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Add a new Client Profile Action link called *Anonymize Client*
* This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

When anonymizing a client, some information should be *deleted*, including:

* The client's payment accounts
* The client's email logs
* The client's contact update logs
* The client's authentication logs

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

h3. Display

If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

||Anonymize Client||
|Clients may only be anonymized if they have no open or recurring invoices, or active services. Anonymizing a client will update all contact information to predefined values, and cause client logs and payment accounts to be permanently deleted. This process is IRREVERSIBLE.|
|[ ] I Confirm this client will be permanently anonymized|
| [=======] Enter your staff password|
|[Button]|

Paul Phillips made changes - 17/Apr/18 1:07 PM

Description

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action -*Delete Client* to *Delete or Anonymize Client*- *Keep items as separate links*
* Instead of a modal, create a new page where the client can be deleted or anonymized. *Unless we can put form fields in the modal.*
* On the new page, check whether the client has any open/recurring invoices, or active services. If it does have such data, do not allow the client to be deleted or anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Add a new Client Profile Action link called *Anonymize Client*
* This option should have it's own ACL permission (Enabled by default on install) similar to Delete Client.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. This allows the retention of certain information, like transactions, which, if a client were deleted, would impact financial reporting.

When anonymizing a client, some information should be *deleted*, including:

* The client's payment accounts
* The client's email logs
* The client's contact update logs
* The client's authentication logs

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

h3. Display

If possible, this could be done in a modal, if not it may need to be done in the client profile window like other forms.

||Anonymize Client||
|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently anonymized|
| [=======] Enter your staff password|
|[Button]|

Paul Phillips made changes - 16/Apr/18 6:37 PM

Description

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action *Delete Client* to *Delete or Anonymize Client*
* Instead of a modal, create a new page where the client can be deleted or anonymized
* On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action -*Delete Client* to *Delete or Anonymize Client*- *Keep items as separate links*
* Instead of a modal, create a new page where the client can be deleted or anonymized. *Unless we can put form fields in the modal.*
* On the new page, check whether the client has any open/recurring invoices, or active services. If it does have such data, do not allow the client to be deleted or anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Paul Phillips made changes - 13/Apr/18 3:46 PM

Description

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action *Delete Client* to *Delete or Anonymize Client*
* Instead of a modal, create a new page where the client can be deleted or anonymized
* On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action *Delete Client* to *Delete or Anonymize Client*
* Instead of a modal, create a new page where the client can be deleted or anonymized
* On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). Cancelled services should be deleted also, as they may contain personally identifiable information.

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Paul Phillips made changes - 12/Apr/18 7:28 PM

Description

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action *Delete Client* to *Delete or Anonymize Client*
* Instead of a modal, create a new page where the client can be deleted or anonymized
* On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Related to CORE-2671, part of GDPR.

Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page.

* Rename the Action *Delete Client* to *Delete or Anonymize Client*
* Instead of a modal, create a new page where the client can be deleted or anonymized
* On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized.

h3. Deleting a client

When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know.

h3. Anonymizing a client

When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details.

Once the contact information is updated, the contact change log should be deleted for this client and contacts so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed).

The client should be marked inactive.

h3. Anonymize Data Set

The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name.

h3. Restrictions

To delete a client, there are the following restrictions:

# No invoice, service, or transaction data

To anonymize a client, there are the following restrictions:

# No *open* or *recurring* invoices, or *active* services

The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why.

h3. Display

Show 2 columns (col-md-6) in the "Delete or Anonymize" panel.

||Delete Client||Anonymize Client||
|Clients may only be deleted if they have no invoice, service, or transaction data.|Clients may only be anonymized if they have no open or recurring invoices, or active services.|
|[ ] I Confirm this client will be permanently deleted|[ ] I Confirm this client will be permanently anonymized|
|[Button]|[Button]|

Paul Phillips made changes - 12/Apr/18 4:33 PM

Field	Original Value	New Value
Description	Related to CORE-2671, part of GDPR. Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page. * Rename the Action Delete Client to Delete or Anonymize Client * Instead of a modal, create a new page where the client can be deleted or anonymized * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized. h3. Deleting a client When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know. h3. Anonymizing a client When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. Once the contact information is updated, the contact change log should be deleted so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). h3. Restrictions To delete a client, there are the following restrictions: # No invoice, service, or transaction data To anonymize a client, there are the following restrictions: # No open or recurring invoices, or active services The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why. h3. Display Show 2 columns (col-md-6) in the "Delete or Anonymize" panel. \|\|Delete Client\|\|Anonymize Client\|\| \|Clients may only be deleted if they have no invoice, service, or transaction data.\|Clients may only be anonymized if they have no open or recurring invoices, or active services.\| \|[ ] I Confirm this client will be permanently deleted\|[ ] I Confirm this client will be permanently anonymized\| \|[Button]\|[Button]\|	Related to CORE-2671, part of GDPR. Right now, staff (with the proper ACL permission) can delete clients that have no invoice, service, or transaction data, under Actions, on a client profile page. * Rename the Action Delete Client to Delete or Anonymize Client * Instead of a modal, create a new page where the client can be deleted or anonymized * On the new page, check whether the client has any invoice, service, or transaction data. (This check is already done when trying to delete a client) If it does have such data, do not allow the client to be deleted, only anonymized. h3. Deleting a client When deleting a client, do what we do now, except make sure that all login and contact change logs are removed. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). They may be already, I do not know. h3. Anonymizing a client When anonymizing a client, we are essentially removing identifying particulars from the client. The client will continue to exist, but all contact and identifiable information will be replaced with a predefined set of details. Once the contact information is updated, the contact change log should be deleted so that there is not a stored history of these details. All login logs should also be purged. All payment accounts should be deleted. All tickets should be deleted (If the Support Manager is installed). The client should be marked inactive. h3. Anonymize Data Set The data set used to replace client/contact data should be defined someplace. Whether this is in a language file, or a database or config file setting is yet to be determined. I would say though, that since usernames must be unique, even if the client may not log in, that we should set a random address @ a predefined domain name. h3. Restrictions To delete a client, there are the following restrictions: # No invoice, service, or transaction data To anonymize a client, there are the following restrictions: # No open or recurring invoices, or active services The page displayed when selecting to "Delete or Anonymize Client" will change depending on the condition of the account based on the above restrictions. Both the Delete and Anonymize options will appear, but ones that cannot be performed will be grayed out and a message will be displayed to indicate why. h3. Display Show 2 columns (col-md-6) in the "Delete or Anonymize" panel. \|\|Delete Client\|\|Anonymize Client\|\| \|Clients may only be deleted if they have no invoice, service, or transaction data.\|Clients may only be anonymized if they have no open or recurring invoices, or active services.\| \|[ ] I Confirm this client will be permanently deleted\|[ ] I Confirm this client will be permanently anonymized\| \|[Button]\|[Button]\|

Paul Phillips created issue - 12/Apr/18 4:29 PM

People

Assignee:

Unassigned

Reporter:

Paul Phillips

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

12/Apr/18 4:29 PM

Updated:

24/Oct/19 5:58 PM

Agile

View on Board