By Achilleas Papageorgiou on 2019-05-27 10:02 in Compliance Team

This meeting of the Joomla! Compliance Team has been held on May 22, 2019 at 16.30 CET on Glip.

Participants

In attendance: Achilleas Papageorgiou, Luca Marzo, Sandra Decoux, Roland Dalmulder.

Discussion outline

  • The previous week Luca, Achilleas and Kleanthis participated to an Incident Response Task Force to contribute with any compliance related support needed as a result of a security incident, that could potentially lead to personal data breach of Joomla Extension Directory (JED) users. Based on the existing Incident Response Plan that the team had in progress, the fact that in case of data breach also personal data of EU citizens would be affected and in respect of Articles 33 and 34 of GDPR, a number of preventable actions were decided. While the website was offline for further investigation and the compliance team was informed regarding a software vulnerability that has been used to obtain unauthorized access to two servers related to the JED, a transparent and easy to read announcement was decided to be published in order 1) to make the community aware of the situation and 2) and make all the involved parties get ready for any additional actions needed. Hopefully the security team after their investigation reported that there was no user data has been accessed improperly.   
  • Lessons learned regarding privacy based on JED security incident discussed.
  • Sander to review the Privacy Guidance for extensions before get published to the J!Docs.
  • Achilleas shared the proposed age consent flow based on the previous input by Luca regarding the age restrictions that already exists by the organization. Roland, Luca, Sandra and Achilleas discussed the final user flow.
  • Achilleas shared some proposed changes to the already text for cookies that is included to the Privacy Policy. Sandra, Luca and Roland review it and agreed to be updated. Luca proposed to separate Privacy and Cookie Policy texts. Team agreed and Achilleas to share the proposed texts to be reviewed before being published.
  • Alkaios shared with the team an update regarding the cookie script and a proposed way to handle performance cookies. Cookie policy across the properties should be aligned.
  • The existing version of the Incident Response Policy and Plan document was shared with the BoD to be reviewed and be prepared to be final.  

Join the Compliance Team

The Joomla Compliance Team is looking for new volunteers.

The Joomla Compliance Team is an active and dynamic team that is currently get involved in several different tasks that include legal compliance, privacy related reports, development, privacy-related articles writting, document reviews and decision making, privacy consultancy, Cross-CMS collaborative activities and more. The Joomla Compliance Team is looking for new volunteers. 

Lawyers, people with legal/compliance background, GDPR/data protection experts and developers are more than welcome to join the team. Please get in touch with Achilleas Papageorgiou achilleas.papageorgiou@community.joomla.org

Next meeting will take place on June 05, 2019 at 16.30 CET on Glip.

Meeting ends after 90 minutes.