Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Page content:

  • Next steps
  • Scope
  • Scenarios


Next steps:

  • Decide on the content of the Privacy Notice and cookie policy. Include all cookies in use on TIS in the content of the Privacy & Cookie Policy. 
  • To be discussed with Steven Pettengell (Unlicensed): Some level of design work may be required with regards to where and how it needs to be displayed with options to accept/decline for users who are logging in first time. We need to consider mobile design for trainees as well as desktop design for non-trainees.
  • Raise tickets and walk through with dev.


Scope:

  • Trainee Accept/Decline Privacy Notice when logging in for the first time. 
  • Non-logged in trainee Accept/Decline Cookie Policy first visit to TIS site
  • Logged in trainee view Privacy Notice via a hyperlink
  • Non-logged in non-trainee Accept/Decline Privacy Notice first time
  • Non-logged in non-trainee Accept/Decline Cookie Policy first visit to TIS site
  • Logged in non-trainee view Privacy Notice via a hyperlink


Privacy & Cookie Policy Content:

DRAFT - Please note that Chris Brady (Data Protection Lead) is currently working on a revised version of the Privacy Notice & Cookie Policy content for the HEE domain and will supply the signed off version when ready. However, for TIS we need an adapted version of this to be explicit, especially with regards to the specific cookies in use.

  • Privacy Policy content: 

https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies

  • Cookie Policy content to be extended to have the following:

TIS uses Google Analytics, the following cookies are used out of the box:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

In addition to the above cookies we also need to mention the Keycloak session and application cookies used. Please speak to Graham O'Regan (Unlicensed)Alex Dobre (Unlicensed) as to what they are. 


Scenarios:

Process Name

PN1 - Trainees Accept/Decline Privacy Notice  when logging in for the first time.

Comments
DescriptionUsers should be able to Accept/Decline Privacy Policy and Cookie Policy when logging in for the first time either on a mobile or desktop.Mobile design consideration to be discussed with Steve. 
ActorsTrainee
Pre-ConditionsUser is not logged in
Post-ConditionsSystem presents Privacy Notice & Cookie Policy with options to and accept/decline
Process Steps
  1. User navigates to TIS landing page (.../Admin/)
  2. User enters credentials and click on Login
  3. User presented with Privacy Notice
  4. User reads and Accept/Decline
    1. If user Accepts, they are successfully authenticated into TIS
    2. If user Declines, they are not authenticated into TIS and present relevant message with relevant support contact details

Alternative ProcessN/A
Rules
  • Rule: User should not be authenticated to TIS if they do not accept the Privacy Notice
  • Error: Acceptance of the Privacy Notice is mandatory in order to access TIS functionality. 

JIRA Reference TISDEV-2969 - Getting issue details... STATUS
Audit Log

Who accepted/declined the Privacy Notice and when

Present audit log to all admins with view permissions


Process Name

PN2 - Non-trainees Accept/Decline Privacy Notice  and Cookie Policy when logging in for the first time.

Comments
DescriptionUsers should be able to Accept/Decline Privacy Policy and Cookie Policy when logging in for the first time
ActorsTrainers, Educational Supervisors, Clinical Supervisors, TPD's 
Pre-ConditionsUser is not logged in
Post-ConditionsSystem presents Privacy Notice & Cookie Policy with options to and accept/decline
Process Steps
  1. User navigates to TIS landing page (.../Admin/)
  2. User enters credentials and click on Login
  3. User presented with Privacy Notice
  4. User reads and Accept/Decline
    1. If user Accepts, they are successfully authenticated into TIS
    2. If user Declines, they are not authenticated into TIS and present relevant message with relevant support contact details

Alternative ProcessN/A
Rules
  • Rule: User should not be authenticated to TIS if they do not accept the Privacy Notice
  • Error: Acceptance of the Privacy Notice is mandatory in order to access TIS functionality. 

JIRA Reference TISDEV-2969 - Getting issue details... STATUS
Audit Log

Who accepted/declined the Privacy Notice and when

Present audit log to all admins with view permissions


Process Name

PN3 - Users should be able to access and read the Privacy and Cookie Policy via a hyperlink all the times

Comments
DescriptionUsers should be able to access and read the Privacy & Cookie Policy all the timesNote: This could be via a hyperlink on the header/footer of TIS site visible all the times. This link should not provide the options to accept/decline but just the content.
ActorsAll users
Pre-ConditionsUser is logged in or not logged in
Post-ConditionsPrivacy and Cookie Policy can be can be accessed and read 
Process Steps
  1. User sees the Privacy and Policy link on TIS
  2. User clicks on the link and reads the content
  3. User can close the Privacy Notice (if in the form of a modal pop-up for e.g). and return back towhere they were on TIS.

Alternative ProcessN/A
Rules
  • Rule:  The Privacy Notice & Cookie Policy should not require authenticated for a user to be able to access and read it.

JIRA Reference TISDEV-2969 - Getting issue details... STATUS
Audit LogN/A



  • No labels

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213