Request a demo

Blog posts tagged privacy

Return to latest posts

We’ve upped the security on FixMyStreet

We’ve recently introduced some stronger privacy and security measures on FixMyStreet, to make things safer for everyone. They also have some nice knock-on effects that help you with moderation.

Privacy

If you’re a FixMyStreet Admin, you can now:

  • Make a user anonymous across the site, so even if they’ve made multiple reports, their name won’t show on any of them on the live web pages. Removing users’ names is a frequent request, especially from those who may have strong personal reasons not to be identified online. Users already had the ability to anonymise their reports singly or in bulk themselves, but sometimes it’s easier to do it for them, particularly if they are distressed when making the request.
  • Remove a user’s account details entirely An important point in the forthcoming GDPR regulations is that we all have the right to request the removal of our personal data from databases. In this case, the user’s reports and updates remain, but not only is the name removed from public webpages as per the point above; their email address, phone number and any other personal data are scrubbed from our own servers, too, leaving no record.
  • Hide all a user’s reports/updates from the live site. In the event that you discover a large quantity of, say, abusive reports from the same person, you can now remove them all from the online environment at a single stroke.

Security

Security for users was already very good, but with the following improvements it can now be considered excellent!

  • All passwords are now checked against a list of the 577,000 most common choices, and any that appear in this list are not allowed.
  • Passwords must now also be of a minimum length.
  • If you change your password, you have to input the previous one in order to authorise the change. Those who haven’t previously used a password (since it is possible to make a report without creating an account), will receive a confirmation email to ensure the request has come from the email address given.
  • FixMyStreet passwords are hashed with an algorithm called bcrypt, which has a built in ‘work factor’ that can be increased as computers get faster. We’ve bumped this up.
  • Admins can now log a user out of all their sessions. This could be useful for example in the case of a user who has logged in via a public computer and is concerned that others may be able to access their account; or for staff admin who share devices.

Still got any questions about privacy or security? Drop us a line and we’ll be glad to answer them.


Image: Timothy Muza (Unsplash)


FixMyStreet Pro and GDPR

GDPR is on everyone’s minds at the moment: the new data protection regulations come into force in May and will give new rights to citizens as regards the storage and use of their personal data.

We’re fortunate at mySociety in that we’ve always adhered to strong principles when it comes to privacy. That said, we’ve not always been great at setting those protocols down in writing, and the arrival of GDPR has been very good for us in that respect.

Over the past few months, we’ve been very busy creating internal documentation and updating the privacy policies which sit on each of our sites, so that we all know we’re on the same page. Staff now have a set of written guidelines that we all adhere to; users can very clearly see how we use and store their personal data, and how to opt out if they wish to.

FixMyStreet Pro, a service we host, but which allows our client councils access to users’ personal information, has required particular thought. The result is our data sharing and security agreement, a document which we hope that you, as a potential or existing client, will examine with care.

Got any questions? Don’t hesitate to drop us a line.


Image: Samuel Zeller (Unsplash)


Schedule your one-to-one demo

Request a demo