Guys,

Thanks for all the discussion around this topic.  I have been in further 
communication with the people working on GDPR with us.  Background: I run 
Mailman lists for a couple of charities as a voluntary contribution to the 
charities, the charities have money that their disposal and we want to reduce 
exposure both for me personally and the charities involved.

These are just rough notes:

- Archive purge requests. We have discussed the same items as on the list to 
date.  I am looking at doing a simple grep for the relevant person's details 
and changing that.  The main reason for doing this is that if we just remove 
the author's messages they will be in a thread of other messages and our users 
typically don't remove quoted material.  Current advice from the GDPR people is 
we may have to delete the whole thread.  Still under discussion, this is also 
complex because threads and subjects change, if we delete the whole thread 
there may be messages from the same author in other threads that don't have 
correct atribution etc.

- Audit logs for data access.  it is not clear who is accessing subscription 
data for the list as there is just a single owner and moderator account.  
Unsure if current logging data in either MM2 or MM3 is "good enough" for this.  
MM3 may solve the issue about single accounts.

- Relevant people seem to be happy that running a discussion list not used for 
marketing purposes should exempt us from some of the marketing type rules 
regarding data processing.

- People seem happy with the system default logs as long as we can audit access 
to the logs (which we are able to as there is little access to the boxes 
themselves).

- Likely that I will have to move the lists to a host the charities control 
themselves and a separate host for each charity.  This will increase costs so 
we may need to look at an alternative solution like a hosted list service as I 
am not setting myself up as a list hosting business.

Again all this up for interpretation.  The largest ones for me at the moment is 
regarding auditing access to the Mailman admin access and the archive purging 
requests.

Andrew.
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to