Jump to content

Strengthening Community Trust with Privacy and PII Data Features

Daniel F
 Share

Recommended Posts

Daniel F Grand Master

Daniel F

Posted
Posted

Our June release of Invision Community introduces several new improvements for your community to increase privacy controls and consent of personally identifiable information.

In today's digital age, privacy and the protection of personally identifiable information (PII) have become increasingly important. By incorporating improved privacy and PII data features into Invision Community, we are creating a more secure and inclusive environment within your community. In this blog post, we will take a quick look at what PII is, and the new features Invision Community has to improve privacy within your community.

What is PII?

PII, or personally identifiable information, refers to any data that can be used to identify, contact, or locate an individual member. When users sign up and visit your community, they may provide various types of PII, either voluntarily or as required by the platform's registration process. For example, an email address is required to complete the registration, and in some cases and IP address may be logged to authenticate a session, or to provide some context to the person posting content. 

Invision Community introduced new data control tools in a previous release, so let's take a look at the improvements coming in our June release that improves cookie management, IP address management, PII data requests, and the right to be forgotten.

PII Data Request and Right to be Forgotten

Your members now have the ability to request their Personally Identifiable Information (PII) data directly from their account settings page. Upon submitting a request, administrators will receive a notification alerting them to the new inquiry, where they can choose to either approve or deny it.

If approved, the member will be notified and provided information on how to download their requested data.


Could contain: File, Webpage, Text 

Additionally, members now have the option to request account deletion. After submitting this request, they will receive a confirmation email to verify their intent. Once confirmed, the request is forwarded to administrators, who can then decide whether to approve or reject the account deletion.

Could contain: File, Webpage, Page, Text

IP Address Management

Invision Community has had tools to prune IP addresses within a timeframe for a while, but we have conducted a thorough evaluation of the data framework in Invision Community to ensure that all recorded IP addresses are systematically purged according to the designated timeframe.

Cookie Management

Empowering members to control which cookies are stored is an important aspect of fostering trust and security within an online community. By granting users the autonomy to manage cookie preferences, you demonstrate a commitment to respecting their privacy and protecting their personal data. This level of transparency not only helps build a strong sense of trust between the community and its members but also helps with compliance, ultimately contributing to a more engaging and responsible user experience.

The Invision Community cookie consent page has been revamped and now displays a list of essential cookies. Visitors have the option to opt out of non-essential cookies for a more customized browsing experience.

Could contain: File, Page, Text, Webpage

Additionally, we've introduced a new feature that allows for the inclusion of an optional third-party Cookie Description on the cookie consent page, further enhancing transparency and user control.

Could contain: Page, Text, File, Webpage, Electronics, Screen, Computer Hardware, Hardware, Monitor

We trust that these enhancements to privacy and data collection practices will simplify compliance with various regulations and, most importantly, ensure that your community members feel secure and well-protected while engaging with your platform.

The features and changes presented here are available in the following packages:

  • Beginner
  • Creator
  • Creator Pro
  • Team
  • Business
  • Enterprise

These features are also available in the Invision Community Classic (self-hosted) product.

If you do not see your product or package listed, please contact us to talk about upgrading your Invision Community.


View full blog entry

Dreadknux Experienced

Dreadknux

Posted
Posted

A great step forward for community managers looking to be more compliant, thanks for this. A quick question; if a user requests account deletion through these new features, can an administrator approve to delete all user PII but anonymise their content so that can be kept on the community? Or does a deletion approved in this way remove absolutely all content as well as PII?

  • Management
Charles Grand Master

Charles

Posted
  • Management
Posted
59 minutes ago, Dreadknux said:

A great step forward for community managers looking to be more compliant, thanks for this. A quick question; if a user requests account deletion through these new features, can an administrator approve to delete all user PII but anonymise their content so that can be kept on the community? Or does a deletion approved in this way remove absolutely all content as well as PII?

Yes, you can choose to anonymize content. In fact, that is what I recommend to clients 🙂 

  • Management
Matt Grand Master

Matt

Posted
  • Management
Posted

You can choose to delete, or anonymise the posts (the IP addresses are removed, and the content presented as if it was from a Guest). When a member requests to be forgotten, it will anonymise their content.

Cleaning embedded quoted content is something we're working on for a future version.

MMXII Rising Star

MMXII

Posted
Posted

Those are very nice and much needed features! 👍 Really looking forward to it.

  1. Will there be options to enable/disable either of these fontend buttons? Say, I'd like to have the button for account deletion requests, but not for PII data requests.
  2. Will there be options to optionally automate account deletion in some way? E.g. 14 days after an account request for deletion has been sent and with no admin reacting in this timeframe, the account will be gone automatically?
Hisashi Experienced

Hisashi

Posted
Posted (edited)
7 hours ago, MMXII said:

Will there be options to optionally automate account deletion in some way? E.g. 14 days after an account request for deletion has been sent and with no admin reacting in this timeframe, the account will be gone automatically?

This is extremely important, for the security of hacked accounts or if the user gives up deletion within a period of time. An example of this is google, facebook and twitter.

Ways to do this...

  • The administrator has the ability to set the revoke time.
  • During the period of exclusion, the content remains anonymous only with the ability of the moderators to identify.
  • After the deadline, the administrator can set an automatic action for the account (or manually if desired).

It would be great to remove this obligation from the administrator having to evaluate everything, if he wants to make everything automatic and use his time for other matters.

Edited by Hisashi
  • Management
Matt Grand Master

Matt

Posted
  • Management
Posted

For now, we'll keep it so administrators must approve until we get a little more comfortable with the features. We wouldn't want large parts of an established community destroyed by content being de-attributed or removed without a final admin check.

AlexJ Veteran

AlexJ

Posted
Posted

Is it possible to add support for account de-activation i.e. user can de-activate account and no notification gets sent. If user gets interested again, they can re-activate account. 

 

  • Management
Matt Grand Master

Matt

Posted
  • Management
Posted

Not in this version. This is more about data privacy than a general de-activate/re-activate function. With the functionality we have, when you enact the right to be forgotten, and it has been approved, the data is altered permanently with no way to undo it.

Vakarian96 Collaborator

Vakarian96

Posted
Posted (edited)

what about when someone posts a YouTube or Twitter link in a post. Is the content then only loaded after confirmation (opt-in)?

Edited by Vakarian96
  • Management
Charles Grand Master

Charles

Posted
  • Management
Posted
On 5/12/2023 at 12:33 PM, Vakarian96 said:

what about when someone posts a YouTube or Twitter link in a post. Is the content then only loaded after confirmation (opt-in)?

In that case you would want to put those services in your third-party list if you are concerned.

We are looking into opt-in third party loading in a future improvement to privacy controls though. It's an ongoing project 😀

Vakarian96 Collaborator

Vakarian96

Posted
Posted
14 hours ago, Charles said:

In that case you would want to put those services in your third-party list if you are concerned.

We are looking into opt-in third party loading in a future improvement to privacy controls though. It's an ongoing project 😀

Thanks for the reply :).

It would be nice if the opt-in list has priority. This point is unfortunately also a very important feature.

MeMaBlue Rising Star

MeMaBlue

Posted
Posted

Hello! I am confused as to  if this sollution will be able to replace other cookie bar popups that we might need to place, via other ways, 

like quantcast, cloudflare zaraz or other such services. 

I need to replace my settings right now to  incorporate cookie consent for GA4, and   3 network scripts Adsense, Project Agora, Underdog Media, so I am right in the middle of that process. 

Will someone be able to help me with using that new feature of yours (with a quote if necessary) because I dont have the time or the knowledge to set it up correctly. The variables triggers ets that those services mention above, are things I am not familiar with and I dont want to experiment. 

Or is the above suggested new feature not suited to combine the things I mention here and I am completely wrong and clueless asking here?. 

I know, that the best sollution is to choose the things that you put out which are always compatible with ips,  so this is why I am asking to make sure I dont miss out on something

 

MeMaBlue Rising Star

MeMaBlue

Posted
Posted

Thank you , yes, I have mentioned that. but there is a problem.  I cant have 2 cookie pop up windows,  then .. right? One from Google and one from ips?  This is the thing , how and what do you choose?

  I will need to have someone to set this up for me.   A few years ago, where advertising was better I had someone set it up for me, paid, through the Google ad Manager and it served through the admanager. 

Now, I would like again someone to do this for me but it needs to be combined with the knowledge of ips, as all things, since ips is a specific platform, that already has requirements and attributes.

So even if I found someone from outside, It would not have the knowledge to combine with ips.  

[It takes specific knowledge, and since it is something legal and important that you do once  I don't have the time or ability to educate myself on such technical level.

Companies like quantcast don't do this for you. They want the user to set up all the variables. Its all territory that cannot be aquired in a couple of hours of reading!.. I have spent like 10 days at least already, it would be irresponsible of me to set it up on my own.  ]

So I wish it could be done as a  paid service somehow from a developer with ips knowledge or ips . 

Would the cloud owners perhaps get that service maybe as an extra fee? Me I am selfhosted. It is a need that needs to be fulfilled somehow, and important.

Monetization with combining adnetwork; scripts is giving more to the publisher/owner.  Having only one, is not enough or is lost revenue.
(example of combination, all display placements on a site are handled either via the automated adsense option or the advertisment section with the adunit tags with google adsense. (1st) ,    then. all sticky banners  are given to a second network (2nd) ,  and then all vigniette or exit ad units to a third network (3rd),   all of them together add to the revenue)

  • 4 weeks later...
hpcrazy Community Regular

hpcrazy

Posted
Posted
On 5/12/2023 at 10:49 AM, opentype said:

For my taste, “account deletion” is too well hidden under “security and privacy”. 

I would suggest to either change the tab name or to give this function its own tab, like this third-party solution does it. 

Could contain: Text, Footprint

I just updated my selfhosted community - I did not find the deletion feature in the Account Settings.

Where is it exactly located ?

Daniel F Grand Master

Daniel F

Posted
  • Author
Posted
49 minutes ago, hpcrazy said:

I just updated my selfhosted community - I did not find the deletion feature in the Account Settings.

Where is it exactly located ?

It's on the "Security and Privacy" page.

 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...