Our XWiki is about personal health data. In that respect we have privacy-sensitive pages.
We are triggered by one of our users discussing the ‘watchlist’ notification.
In the default notification very detailed information is put in the message and in our case send out via email. (hourly, daily or weekly)
This email seems to be a plain-text (or HTML, plain text message) and as such readable by interceptors of such a email.
Has anybody looked at this and what is the general idea?
Suggestions at our site are to make the notification/watchlist message Less informative, like:
‘something is changed in page xxxxx’ (where xxxx is a link to the page with the pretty-title as label)
And explain users that they can use the ?viewer=history and within that screen the compare to find the actual detailed changes.
Still the technical transport might be safe, but the information ends in somebody’s inbox which we assume LESS safe. Many people do not really have a strict security on their email environments and we read enough about attacks on these email-providers.
The Information about how to modify the content is very useful, but before modification we are interested in policies that drive such a modification…
So please share how anybody has motivated such a modification?
Hi Guillaume, in the example about details it shows exactly what I mean. User account changed and the notification show the actual attributes of the object changed. Old value and new value.
This is GDPR sensitive data when viewed by unauthorized person .
What we would like:
Account information changed on date/time by user xxxx
No more details about what was changed…