Loading...
Area: Episerver Community API
Applies to versions: Not applicable

Episerver Community API

Recommendations [hide]

Collecting data

If your application uses Episerver Community API, it is important to ensure that consent has been given before accepting user-generated content or allowing participation in digital communities. Clearly state the purpose and guidelines of your community features, and only collect PII data that is appropriate to the purpose of that community. Avoid collection of data that may be deemed sensitive.

Storing data

Episerver Community API stores only the content submitted to it by your application. All communication between your application and Episerver Community API, including the transfer of content, occurs via HTTPS.

Avoid storing PII with Community API content whenever possible. Episerver Community API uses “references” to identify users, such as the author or a comment or the contributor of a rating. This is helpful because it allows you to consolidate and segregate PII data from your content. The content refers to a user but does not require you to embed their data in it.

When storing content with Episerver Community API that may contain PII, it is important to do so in a manner that can be retrieved or removed later. Requests for access or requests to be forgotten by your users mean that you will need to identify their contributions.  The Episerver Community API’s modeling and querying features let you structure content in the manner that is most appropriate to support your application in this regard.

In some cases, content generated by one user may intentionally or inadvertently contain PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which allows administrators to prevent this kind of content from being stored.

Fetching data

The Episerver Community API’s content modeling capabilities allow applications to structure content in the most appropriate manner for them. Consider structuring content so it can be most easily identified and retrieved by your application. The API’s querying capabilities allow you to define powerful queries to retrieve content, even if it is represented using custom models. It is recommended that your application takes advantage of these tools to implement the export capabilities necessary to honor a Subject Access Request.

Deleting data

The Episerver Community API content modeling capabilities let applications structure content in the manner that is most appropriate for them. Consider structuring content so that it can be most easily identified and deleted. Consider the Episerver Community API features you are using to store content, as some forms of content may be better suited to facilitate removal.

Also, bear in mind that content generated by one user may intentionally or inadvertently contain PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which allows administrators to prevent this kind of content from being stored.

Do you find this information helpful? Please log in to provide feedback.

Last updated: Jun 19, 2018

Recommendations [hide]