When your application uses Episerver Social, it is important to ensure that consent has been given before accepting user-generated content or allowing participation in digital communities. The purpose and guidelines of your community features should be clearly stated, and PII data should only be collected as it is appropriate to the purpose of that community. Collection of data that may be deemed sensitive should be avoided.
Episerver Social stores only the content submitted to it by your application. All communication between your application and Episerver Social, including the transfer of content, occurs via HTTPS.
You should avoid storing PII with your Social content whenever possible. Episerver Social uses the concept of “references” to identify users, such as the author or a comment or the contributor of a rating. This is helpful because it allows you to consolidate and segregate PII data from your content. The content referrers to a user but does not require you to embed their data in it.
When storing content with Episerver Social that may contain PII, it is important to do so in a manner such that it can be retrieved or removed later. Requests for access or requests to be forgotten by your users mean that you will need to identify their contributions. The Episerver Social API’s modeling and querying features give you the flexibility to structure your content in the manner that is most appropriate to support your application in this regard.
Bear in mind that, in some cases, content generated by one user may intentionally or inadvertently contain PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which allows administrators to prevent this kind of content from being stored.
The Episerver Social API’s content modeling capabilities give applications the ability to structure content in the manner that is most appropriate for them. Consider structuring your content so that it can be most easily identified and retrieved by your application. The API’s querying capabilities allow you to define powerful queries to retrieve content, even when it is represented using custom models. It is recommended that your application takes advantage of these tools to implement the export capabilities necessary to honor a Subject Access Request.
The Episerver Social API content modeling capabilities provide applications with the ability to structure content in the manner that is most appropriate for them. Consider structuring your content such that can be most easily identified and deleted. Make note of the Episerver Social features you are using to store content, as some forms of content may be better suited than others to facilitate removal.
Also, bear in mind that content generated by one user may intentionally or inadvertently contain PII data of another. Such content can be challenging to identify and remove. Consider implementing a stringent moderation policy for accepting content, which allows administrators to prevent this kind of content from being stored.
Last updated: Jun 19, 2018