Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Page content:

  • Next steps
  • Scope
  • Scenarios

Next steps:Page content:

Table of Contents

Next steps

  • Decide on the content of the Privacy Notice and cookie policy. Include Privacy Policy, Cookie Policy and Terms and Conditions.
  • Review outstanding questions with Andrew Todd and Chris Brady.
  • List all cookies in use on TIS in the content of the Privacy & by TIS application on Cookie Policy. 
  • To be discussed with Steven Pettengell (Unlicensed): Solution design with devs and UX/UI: Some level of design work may be required with regards to where and how it needs to be displayed with options to accept/decline for
    • users who are logging in for the first time, .e.g. HEE admins, Trust users, Programme role users, TPD's
    • trainees completing registration. We need to consider mobile design for trainees as well as desktop design for both trainees and non-trainees.
  • Raise tickets and walk through with devPOs & Dev team.

Scope

...

  • Trainee Accept/Decline Privacy Notice when logging in for the first time. 
  • Non-logged in trainee Accept/Decline Cookie Policy first visit to TIS site
  • Logged in trainee view Privacy Notice via a hyperlink
  • Non-logged in non-trainee Accept/Decline Privacy Notice first time
  • Non-logged in non-trainee Accept/Decline Cookie Policy first visit to TIS site
  • Logged in non-trainee view Privacy Notice via a hyperlink

Privacy & Cookie Policy Content:

...

  • PN1 - Trainee or any user visiting TIS site agrees to the use of cookies before continuing to use the site
  • PN1 - HEE Admins/Trusts users/Programme role users/any users who had their account created on TIS by another admin to agree to the use of cookies before continuing to use the site.
  • PN2 - Users should be able to access and read the Privacy Policy, Cookie Policy and Terms and Conditions via hyperlinks all the time, either when logged in or not logged in
  • PN3 - Trainee Accepts/Declines Privacy Policy, Cookie Policy and Terms and Conditions when registering to use TIS.

Privacy & Cookie Policy Content on HEE Domain

The TIS team discussed this with Chris Brady (Data Protection Lead) and Andrew Todd (Information Governance Lead) on a revised version of the Privacy Notice & Cookie Policy content for the HEE domain and will supply the signed off version when ready. However, for TIS we need an adapted version of this to be explicit, especially with regards to the specific cookies in use.

...

. The below are the final versions currently published on HEE domain. 

Privacy Policy content for HEE 

https://www.hee.nhs.uk/about/privacy-notice

Cookie Policy content for HEE

https://www.hee.nhs.uk/about

...

/cookies

Terms and Conditions for HEE:

https://www.hee.nhs.uk/about/terms-conditions

Privacy & Cookie Policy Content for TIS

For TIS we need an adapted version of the above to make explicit mention of how TIS controls or process data. We would also need to explicitly list specific cookies in use by the application and their purpose. 

TIS uses Google Analytics, the following cookies are used out of the box:

...

 https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

In addition to the

...

google analytics cookies, we also need to

...

include the Keycloak session and TIS application cookies used.

...

 

Summary of Cookies used on TIS (Tbd - Devs to validate - Simon Meredith (Unlicensed)

...

Scenarios:

...

Process Name

...

PN1 - Trainees Accept/Decline Privacy Notice  when logging in for the first time.

...

Comments

...

  1. User navigates to TIS landing page (.../Admin/)
  2. User enters credentials and click on Login
  3. User presented with Privacy Notice
  4. User reads and Accept/Decline
    1. If user Accepts, they are successfully authenticated into TIS
    2. If user Declines, they are not authenticated into TIS and present relevant message with relevant support contact details

...

  • Rule: User should not be authenticated to TIS if they do not accept the Privacy Notice
  • Error: Acceptance of the Privacy Notice is mandatory in order to access TIS functionality. 

...

Jira Legacy
serverSystem JIRA
serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
keyTISDEV-2969

...

Who accepted/declined the Privacy Notice and when

Present audit log to all admins with view permissions

...

Process Name

...

)

Full details on the cookies set by Google Analytics are published on the Google website. Google also publishes a browser add-on to allow you to choose that information about your website visit is not sent to Google Analytics.

Cookie nameDurationDescriptionPurpose
Google analytics
_ _utma2 years from set/updateUsed to distinguish users and sessions. The cookie is created when the javascript library executes and no existing _ _utma cookies exist. The cookie is updated every time data is sent to Google Analytics.Tracks how many times (if any) you have visited the Trainee Information System (TIS) website.
_ _utmt10 minutesUsed to throttle request rate.
_ _utmb30 minutes after your visit, or after 30 minutes of inactivityUsed to determine new sessions/visits. The cookie is created when the javascript library executes and no existing _ _utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.Tracks how long you have spent on the website.
_ _utmcEnd of browser sessionNot used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the _ _utmb cookie to determine whether the user was in a new session/visit.
_ _utmd6 months after it was last set
Gives us information on how the site was reached (e.g. directly or a link, organic search or paid search)
_ _utmz6 months after it was last setStores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.Identifies where you've come from e.g. from a search engine or from another website
_ _utmv2 years from set/updateUsed to store visitor-level custom variable data. This cookie is created when a developer uses the_setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics.
Content experiments - cookie usage 

_ _utmx

18 monthsused to determine a user's inclusion in an experiment
_ _utmxx18 monthsUsed to determine the expiry of experiments a user has been included in
Optimize 360 - cookie usage
_gaexpDepends on the length of the experiment but typically 90 days.Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.
Keycloak and TIS application cookies
AUTH_SESSION_IDsessionUsed for sticky connections to an individual node in the Keycloak clusterhttps://github.com/keycloak/keycloak-documentation/blob/master/server_installation/topics/clustering/sticky-sessions.adoc
KEYCLOAK_IDENTITYsession
JWT representing the user identity.
KEYCLOAK_SESSION12hrKeycloak's session token
KC_RESTARTsession
JWT containing the redirect information to determine where a user should be returned to after logging in.
mod_auth_openidc
mod_auth_openidc_state_sessionRepresentation of the state of the current login The "state" cookie is created when the user is redirected away to the OpenID Connect Provider for authentication. It is a cookie with a unique name (prefixed with a constant mod_auth_openidc_state_) that is tied to the state parameter that is sent in the authentication request. It is deleted when the user returns to the Apache server with an authentication response (indicating either success or failure)
mod_auth_openidc_sessionsessionmod_auth_openidc's session tokenThe "session" cookie is created after the user returns from the OpenID Connect provider with a successful authentication response (note that the state cookie is deleted at the same time)
TIS application  <<Requires dev input>>
dashBoardStatesessionUser's current dashboard state for revalidationStores the user's preferences such as which columns to see, which sorting filters and page are active
defaultLocale1 monthUser's current locale
sessionsessionUnique session identifierThe Keycloak session token
usersessionCached user representation


Scenarios


Process Name

PN1 - Trainee or any user agrees to the use of cookies before continuing to use the site

Comments
DescriptionUsers should be able
to Accept/Decline Privacy Policy and Cookie Policy when logging in for the first timeActorsTrainers, Educational Supervisors, Clinical Supervisors, TPD's 
to consent to the use of cookies either on a mobile device or desktop before continuing to use the site.Mobile design consideration. 
Actors
  • Trainees or any users/visitors to the site.
  • HEE Admins/Trusts users/Programme role users/any users who had their account created on TIS by another admin

Pre-ConditionsUser is not logged in
Post-ConditionsSystem
presents Privacy Notice & Cookie Policy with options to and accept/decline
alert the user of the use of cookies by the site with a link to view the full content of the cookies usage policy.

c.f. HEE Domain:

This site uses cookies. By continuing to use this site or closing this message you agree to our use of cookies.

Image Added

Process Steps
  1. User navigates to TIS landing page (.../Admin/)
  2. User
enters credentials and click on Login
  • User presented with Privacy Notice
  • User reads and Accept/Decline
    1. If user Accepts, they are successfully authenticated into TIS
    2. If user Declines, they are not authenticated into TIS and present relevant message with relevant support contact details
  • Alternative ProcessN/A
    1. presented with a message (e.g. a banner) of the use of cookies by the site with a link to view the full content of the cookies usage policy or the Privacy Policy 
    2. User clicks on the links to read TIS Cookie Policy and Privacy Policy
    3. User consents to continue using the site
    4. The message disappears

    Alternative Process

    Navigating directly to the Privacy Policy or Cookie Policy pages to read full content.


    Rules
    • Rule: User
    should not be authenticated
    • is not able to authenticate to TIS if they do not accept the Privacy
    Notice
    • Policy, Terms and Conditions and Cookie Policy when trying to login
    • Error: Acceptance of the Privacy
    Notice is
    • Policy and Cookie Policy are mandatory in order to authenticate to
    access
    • TIS
    functionality

    JIRA Reference
    Jira Legacy
    serverSystem JIRA
    serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
    key
    TISDEV
    TISNEW-
    2969
    3145

    Audit Log

    Who accepted/declined the Privacy Notice and when

    Present audit log to all admins with view permissions

    1. Do we need to audit the accept/decline of the Privacy Policy for users that have an account on TIS?

    2. Do we need to audit the accept/decline of the Privacy Policy for users that do not have an account on TIS? If so, what do we need to record in this scenario?




    Process Name
    PN3

    PN2 - Users should be able to access and read the Privacy and Cookie Policy via a hyperlink all the

    times

    time, either when logged in or not logged in

    Comments
    DescriptionUsers should be able to access and read the Privacy & Cookie Policy all the timesNote: This could be via a hyperlink on the header/footer of TIS site visible all the times. This link should not provide the options to accept/decline but just the content.
    Actors
    All users
    Trainers, Educational Supervisors, Clinical Supervisors, TPD's, any users visiting or logged in to the site.
    Pre-ConditionsUser is logged in or not logged in
    Post-ConditionsPrivacy and Cookie Policy
    can be
    can be accessed and read 

    e.g HEE Domain has links for each in the footer always visible and accessible:

    Image Added

    Process Steps
    1. User
    sees the Privacy and Policy link on TIS
  • User clicks on the link and reads the content
  • User
    1. follows links to Privacy Policy or Cookie Policy to read full content (e.g. via footer links)
    2. Unauthenticated user has the ability to navigate back to landing page.
    3. An authenticated user can close the Privacy Notice (if in the form of a modal pop-up for e.g). and return back
    towhere
    1. to where they were on TIS.

    Alternative ProcessN/A
    Rules
    • Rule:  The Privacy Notice & Cookie Policy should not require
    authenticated
    • authentication for a user to be able to access and read
    it
    • Privacy and Cookie Policy.

    JIRA Reference
    Jira Legacy
    serverSystem JIRA
    serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
    key
    TISDEV
    TISNEW-
    2969Audit LogN/A
    3145

    Audit LogN/A





    Process Name

    PN3 - Trainee or any user consent to the Privacy Policy, Cookie Policy and Terms and Conditions when registering to use the trainees' application (draft)

    Comments
    DescriptionAny user registering to use TIS should be able to consent/decline the Privacy Policy and Cookie Policy either on a mobile device or desktop for successful registration.Mobile design consideration especially for the Trainees application.
    ActorsTrainees or any users registering to use TIS.
    Pre-ConditionsUser is not logged and has not got an account on TIS with the username being supplied
    Post-Conditions

    System alert the user of the use of cookies by the site with a link to view the full content of the cookies usage policy on the landing page.

    In order to complete registration, user presented with:

    • Terms and conditions
    • Privacy Policy
    • Cookie Policy


    c.f. HEE Domain:

    This site uses cookies. By continuing to use this site or closing this message you agree to our use of cookies.

    Image Added

    Process Steps
    1. User follows a link to register on TIS (tbd)
    2. User presented with a message (e.g. a banner) of the use of cookies by the site with a link to view the full content of the cookies usage policy or the Privacy Policy 
    3. User either consents to continue using the site from the banner or proceeds with registration
    4. User fills in mandatory information and accepts/declines the 
      • Terms and conditions,
      • Privacy Policy,
      • Cookie Policy
    5. On accept, user successfully completes registration
    6. On Decline, user is unable to complete registration successfully

    This could be a unique link sent to a trainee as an invitation to complete their registration or alternative process to be discussed ahead of trainee app solution design. (To discuss with Matt Leech (Unlicensed) and devs)

    Do we need a separate Terms & Conditions page?

    Alternative Process

    N/A


    Rules
    • Rule: User is not able to authenticate to TIS if they have not previously accepted the Privacy Policy, Terms and Conditions and Cookie Policy when trying to login.
    • Rule: As a result of incomplete registration, user is not able to login but prompted to complete registration
    • Error: Acceptance of the Terms and conditions, Privacy Policy and Cookie Policy are mandatory in order to authenticate to TIS. 

    JIRA Reference
    Jira Legacy
    serverSystem JIRA
    serverId4c843cd5-e5a9-329d-ae88-66091fcfe3c7
    keyTISNEW-3145

    Audit Log

    1. Do we need to audit the accept/decline of the Privacy Policy, Cookie Policy and Terms and conditions for users that have an account/incomplete account on TIS?

    2. Do we need to audit the accept/decline of the Privacy Policy for users that do not have an account on TIS? If so, what do we need to record in this scenario?

    To discuss the approach/solution design for trainees registration (Matt Leech (Unlicensed) and devs). 


    UX/UI Designs (Tbd - Matt Leech (Unlicensed))

    The designs below will need to be adjusted based on the scenarios and answers in the 'Questions and Assumptions' section.

    TIS Trainee UI - Mobile - Legal Policy: Privacy and Cookies
    https://hee-tis.atlassian.net/wiki/spaces/TISDEV/pages/232718339/TIS+Trainee+UI+-+Mobile+-+Legal+Policy+Privacy+and+Cookies
    TIS Admin UI - Desktop - Legal Policy: Privacy & Cookies
    https://hee-tis.atlassian.net/wiki/spaces/TISDEV/pages/239730689/TIS+Admin+UI+-+Desktop+-+Legal+Policy+Privacy+Cookies


    Questions and Assumptions

    No.Question or AssumptionComments
    1.Do we need to include a separate Terms and Conditions for the TIS site? If so what should be the content of this? Can we use the one here https://www.hee.nhs.uk/about/terms-conditions?

    To discuss with Andrew Todd/Chris Brady

    AD: No.

    2.

    For HEE Admins/Trust Users/Programme role users who already have an account on TIS and actively using TIS, should they be consenting to the use of 

    • Privacy Policy
    • Cookie Policy
    • Terms and conditions

    Or just agree to the use of cookies on their first login?

    To discuss with Andrew Todd/Chris Brady

    AD: No needed.Covered by the corporate one, and ESR mandatory training. We are all part of HEE/NHS trusted users. 

    3.Could you provide the content of the Privacy Policy for TIS? We believe it would be an adapted version of https://www.hee.nhs.uk/about/privacy-notice

    To discuss with Andrew Todd/Chris Brady

    AD: High level for TIS. Refer to ICO website. Link to corporate website on HEE domain.

    4. 

    We are currently reviewing the list of cookies to include on the Cookie Policy page for TIS. We believe it would be an adapted version of https://www.hee.nhs.uk/about/cookies

    Could you review and confirm the other contents/changes as applicable for TIS?

    To discuss with Andrew Todd/Chris Brady

    AD: Only include the ones we are clear about what they are doing and that not accepting them would affect usage of functionality on TIS.

    5.The link on the cookie consent banner on HEE website takes you to the .../privacy-notice page rather than the .../about/cookies page. Is this correct?

    To discuss with Andrew Todd/Chris Brady

    AD: This is an issue with the link.

    6.

    PN3 - Trainee or any user consent to the Privacy Policy, Cookie Policy and Terms and Conditions when registering to use the trainees' application (draft)

    • Do we need to audit the accept/decline of the Privacy Policy, Cookie Policy and Terms and conditions for users that have an account/incomplete account on TIS?
    • Do we need to audit the accept/decline of the Privacy Policy for users that do not have an account on TIS? If so, what do we need to record in this scenario?

    To discuss with Andrew Todd/Chris Brady

    AD: To trigger the ACCEPT and be able to fully register, they would need to accept. But they also need to decline.

    If they decline, they need to contact support. 

    If a new cookie is introduced or content changes, they need to be able to read and accept them again, even if they are existing users. 

    7. 

    HEE Records management policy - 5.6 Retention and disposal – there are consistent and documented retention and disposal procedures to include provision for permanent preservation of archival records - Is this up-to-date?

    We also have a piece of work on our roadmap/backlog to look at archiving and data retention on TIS. 

    Should this work be a priority over Trainees being able to consent to Privacy and Cookie Policy or are we covered by the above records management policy? 

    To discuss with Andrew Todd/Chris Brady

    AD: Archiving can be treated separately and should not have a dependency on the trainees app.