Account suspension deactivation withdrawal » History » Version 2
Tom Clegg, 08/31/2011 09:07 PM
| 1 | 2 | Tom Clegg | h1. Account suspension, deactivation, withdrawal -- desired behavior |
|---|---|---|---|
| 2 | 1 | Tom Clegg | |
| 3 | h2. Clarify definitions/implications of various states participants can be in. |
||
| 4 | |||
| 5 | *Active* users are enrolled and |
||
| 6 | * were enrolled less than 4 months ago; _or_ |
||
| 7 | * have submitted enough safety questionnaires recently, i.e., |
||
| 8 | ** submitted one SQ in the last 4 months; _or_ |
||
| 9 | ** submitted three SQs in the last 12 months. |
||
| 10 | * note: this can still result in: Jan1-enroll, Apr1-SQ, Aug1-deactivate. |
||
| 11 | |||
| 12 | *Not active* = *deactivated*. |
||
| 13 | |||
| 14 | *Deactivated* users cannot "access" their accounts. The word "deactivation" is defined in the consent doc. Specifically, they: |
||
| 15 | * _can_ log in |
||
| 16 | * _can_ change their email addresses |
||
| 17 | * _can (?)_ change their designated proxy, shipping address, (?) |
||
| 18 | * _cannot_ upload genetic data |
||
| 19 | * _cannot_ alter their public profiles |
||
| 20 | |||
| 21 | *Suspended* users are not included in public data releases. The most obvious example: they do not appear in the list of public profiles. |
||
| 22 | |||
| 23 | h2. Help participants understand what to expect. |
||
| 24 | |||
| 25 | * A suspended user's home page should specify very clearly what "not in public data release" means. |
||
| 26 | * A deactivated user's home page should explain why (and how) email address etc. can still be updated; hide all stuff that can't be changed; and, if the account is not suspended, provide a link to the public profile page. |
||
| 27 | * It should be clear why/when your account was deactivated, reactivated, etc. |
||
| 28 | * Active users should receive a visual cue about "active"ness |
||
| 29 | |||
| 30 | h2. Encourage researchers/browsers to look at "active" participants |
||
| 31 | |||
| 32 | * Display "active PGP participant" indicator, in glowing green pulsating aura or whatever, on public profile pages |
||
| 33 | * Allow browsing of both "active" and "inactive" public profiles, but make "active" the default choice |
||
| 34 | |||
| 35 | h2. Rules for email contact |
||
| 36 | |||
| 37 | Currently, Jason pulls email lists out of Tapestry using whichever criteria are appropriate for the message at hand. |
||
| 38 | |||
| 39 | Tapestry also needs to know whether it's appropriate to send email to a given participant/user. Examples: |
||
| 40 | * users deactivated for SQ-lapse should still get SQ reminders |
||
| 41 | * ...but should not(?) receive other participant communications |
||
| 42 | * users deactivated by admins should not receive SQ reminders |
||
| 43 | * deactivated users should(?) be able to send themselves password-reset emails |
||
| 44 | * withdrawn users should(?) be able to send themselves password-reset emails |
||
| 45 | |||
| 46 | h2. Use cases to review |
||
| 47 | |||
| 48 | * Auto-deactivate due to SQ lapse |
||
| 49 | * Auto-reactivate by submitting SQ |
||
| 50 | * Admin suspend+deactivate in response to "please remove my data" email, or PGP decision that participant might not have provided proper consent and review is needed |
||
| 51 | * Admin reinstate suspended/deactivated account |
||
| 52 | * Participant withdraws without requesting data removal |
||
| 53 | * Participant withdraws and requests data removal |