Giter Club home page Giter Club logo

Comments (4)

lomky avatar lomky commented on June 3, 2024

my first impression is that while the data of the attachment_url itself isn't an issue, the linked object itself could serve to re-identify a record as belonging to a particular person, right? i.e. the receipt for a plane ticket has the passenger name. It's not as dangerous as PII on the object itself, but I'm still wary of exporting it. I would lean towards either not exportable, or exportable as 'has attachment/does not have attachment' boolean.

I agree with your exportable calls on the other objects.

from dcaf_case_management.

colinxfleming avatar colinxfleming commented on June 3, 2024

yeah that's definitely true. I'll check with the fund and see what they think on this and make sure it doesn't cut too much value. My instinct is probably not, as hopefully by this time it's in quickbooks and not needed anymore.

from dcaf_case_management.

colinxfleming avatar colinxfleming commented on June 3, 2024

Here's the response from client:

for it to be usable on my end I would want to be able to download the receipt itself. We're required by the state to do an audit of our finances each year and one of the things that the auditor does is randomly select expenses from the year for me to back up. I need to be able to link each expense that he pulls to a work purpose (i.e. this McDonalds meal was for a client on March 5th, 2023 after their appointment) and provide him with a receipt. If I can't download the receipt from DARIA to provide to the auditor we would need to save it in two places, at which point being able to save it in DARIA sort of becomes moot.

So I think that is an argument for linking straight up and accepting the risk.

Maybe what I would suggest is:

  • Including the URL in export
  • Making it extremely clear somehow (config?) that there's an added risk for this, and that clientele should make sure to permission their shit defensively (e.g. in a google drive that only a few people have access to)

@lomky do you think that's a good medium here?

from dcaf_case_management.

colinxfleming avatar colinxfleming commented on June 3, 2024

Okay, my plan of attack:

  • Add a config for 'turn on including attachment URL'
  • add attachment_url as an encrypted field, and fulfilled as a boolean field on practical supports table
  • add those both to the practical supports views
    notes has also been requested, but I think that might be a larger UI change, so I'm gonna keep my powder dry on that for right now

from dcaf_case_management.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.