WordPress.org

Making WordPress.org

Opened 3 years ago

Last modified 5 weeks ago

#1817 new enhancement

Add Notes Field to Invoice

Reported by: Kenshino Owned by:
Milestone: Priority: normal
Component: WordCamp Site & Plugins Keywords: dev-feedback needs-patch has-privacy-review
Cc:

Description

I think it would be nice if we are able to add some notes to the invoice before sending.

Eg. If my sponsorship amount was $500 and the sponsor wants to add $20 to cover the PayPal fees, I should be able to document that decision and that price in the invoice itself.

Or else it'll be lost to emails and whoever is working Quickbooks would have to ask anyway.

See @miss_jwo and my chat on slack for background - https://wordpress.slack.com/archives/events/p1467958380001372

I'll be happy to make a patch if needed :)

Change History (5)

This ticket was mentioned in Slack in #meta-wordcamp by iandunn. View the logs.


5 weeks ago

#2 @iandunn
5 weeks ago

Slack summary:

We could add a new notes field to the invoice post type, and include that in the QBO PrivateNotes param. That only shows up when deputies are viewing the invoice, though, not sponsors, so it probably wouldn't work for this use case.

The CustomerMemo field is probably what we'd want to use for this purpose, but it only has a 1k character limit, and we're already using all of that for the Description field and payment instructions.

We could maybe include the notes in the email that we send, even if it wouldn't be in the PDF generated by Quickbooks. That's not ideal, but may be the only practical way.

If a new field were added, we'd want to consider any possible GDPR implications.

This needs further thought/discussion.

#3 @iandunn
5 weeks ago

It'd also be good to get more input from the community team about how they'd use this field, requirements from different org teams, different use cases, etc.

#4 @garrett-eclipse
5 weeks ago

  • Keywords needs-privacy-review added

#5 @garrett-eclipse
5 weeks ago

  • Keywords has-privacy-review added; needs-privacy-review removed

Hi @iandunn thanks for flagging the potential GDPR implications.

From reviewing the original Slack thread and description this seems almost more of an admin informative field for notes and I don't see it being used to store Personally Identifiable Information (PII). That being said to avoid admins from using the field for PII it could be implemented with a small note below the field to indicate to Admins that they shouldn't place any client/user/admin PII into this field. I personally don't see much of a privacy implication here if it's strictly used for admin information and won't contain personal information.

I'm unsure if the current setup for Invoice post types provides that information in an export request but feel it should and this field could be included in that. As to erasure requests this seems like a field where admins will provide information about the invoice such as referring to secondary invoices to cover the Paypal fees (From the original Slack example), in that case it would be considered potentially integral information and would be omitted from needing to be removed on erasure as it meets the criteria for section f ("processing is necessary for the purposes of the legitimate interests") of the GDPR regulations. When dealing with invoices storage of that information is quite integral to the operation of the website and in many cases is required to achieve PCI compliance.

So, in short, I don't see any privacy concerns by introducing this Notes field. A bonus would be including it in the export requests. And another bonus might be to indicate to admins that they should avoid placing PII into the field.

Note: See TracTickets for help on using tickets.