alaveteli icon indicating copy to clipboard operation
alaveteli copied to clipboard

Published 20 hours ago verified publisher icon mysociety

Allow for the speedy deletion of requests that are not FOI and have sensitive information

Open crowbot opened this issue 7 years ago • 1 comments

In the interests of not holding information that there's no reason to hold, we'd like Alaveteli admins to be able to simply and quickly delete requests that are not FOI requests and that include personal information. At the moment admins can delete a request without automatically notifying the requester. Opening this ticket for discussion of further development work that would be useful here. We could:

  • Automatically notify the requester
  • Bounce further emails from the authority
  • Log the fact that a request was deleted somewhere publicly visible

crowbot avatar May 12 '17 12:05 crowbot

I just tried to delete a request containing personal information. I destroyed the request via the request admin page; however the text remained on the user page under the "Post redirects" presumably as the request had been drafted prior to logging in.

In this specific case it would have been OK to "destroy" the user account; however that isn't an option available to administrators.

RichardTaylor avatar Jun 12 '17 09:06 RichardTaylor