Rick Welykochy <rick@praxis.com.au> wrote:
MJ Ray wrote:
Small aside: I understand that letting all staff login as "kohaadmin" may violate privacy laws in some countries, because you may not be able to trace which librarian accessed which patron's personal data if there's a problem. This isn't a koha-specific matter, though. [off topic]
Wow, that is a huge can of worms. I know that this is a problem w.r.t privacy, but was unaware that the privacy laws have caught up with this. Which countries do you know cover this?
I'm pretty sure English law covers this and I expect the rest of the European Union will be similar. For example, "Good practice notes: Security of personal information" from the Information Commissioner's Office asks in its self-check: "Do staff have their own password and only use the system using their own and no-one else's?" and "If you have information that only certain people should see, do you control access to it?" Source: http://www.ico.gov.uk/Home/what_we_cover/data_protection/guidance/good_pract...
How many *nix systems do you know of (for example) where multiple and basically unidentified people have root access? And how many Windows systems have you encountered where everyone knows the admin password or worse yet everyone has admin access?
Far too many Windows ones and very few Unix-like ones. I think people are far more aware of information security these days and I think we should try to improve Koha in this direction over time. Hope that explains, -- MJ Ray (slef) Webmaster for hire, statistician and online shop builder for a small worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/ (Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237