[Koha] Logging librarians for data protection, was: Setting a default library

[MJ Ray]

Rick Welykochy <rick at praxis.com.au> wrote:
> MJ Ray wrote:
> > Small aside: I understand that letting all staff login as "kohaadmin"
> > may violate privacy laws in some countries, because you may not be
> > able to trace which librarian accessed which patron's personal data if
> > there's a problem. This isn't a koha-specific matter, though.
> [off topic]
>
> Wow, that is a huge can of worms. I know that this is a problem w.r.t
> privacy, but was unaware that the privacy laws have caught up with this.
> Which countries do you know cover this?

I'm pretty sure English law covers this and I expect the rest of the
European Union will be similar.  For example, "Good practice notes:
Security of personal information" from the Information Commissioner's
Office asks in its self-check:

  "Do staff have their own password and only use the system using
  their own and no-one else's?" and "If you have information that only
  certain people should see, do you control access to it?"
  
Source: http://www.ico.gov.uk/Home/what_we_cover/data_protection/guidance/good_practice_notes.aspx

> How many *nix systems do you know of (for example) where multiple
> and basically unidentified people have root access?  And how many
> Windows systems have you encountered where everyone knows the
> admin password or worse yet everyone has admin access?

Far too many Windows ones and very few Unix-like ones.  I think people
are far more aware of information security these days and I think we
should try to improve Koha in this direction over time.

Hope that explains,
-- 
MJ Ray (slef)
Webmaster for hire, statistician and online shop builder for a small
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237