Add Notes Field to Invoice

[Kenshino]

I think it would be nice if we are able to add some notes to the invoice before sending.

Eg. If my sponsorship amount was $500 and the sponsor wants to add $20 to cover the PayPal fees, I should be able to document that decision and that price in the invoice itself.

Or else it'll be lost to emails and whoever is working Quickbooks would have to ask anyway.

See @miss_jwo and my chat on slack for background - ​https://wordpress.slack.com/archives/events/p1467958380001372

I'll be happy to make a patch if needed :)

[iandunn]

Slack summary:

We could add a new notes field to the invoice post type, and include that in the QBO PrivateNotes param. That only shows up when deputies are viewing the invoice, though, not sponsors, so it probably wouldn't work for this use case.

The CustomerMemo field is probably what we'd want to use for this purpose, but it only has a 1k character limit, and we're already using all of that for the Description field and payment instructions.

We could maybe include the notes in the email that we send, even if it wouldn't be in the PDF generated by Quickbooks. That's not ideal, but may be the only practical way.

If a new field were added, we'd want to consider any possible GDPR implications.

This needs further thought/discussion.

[iandunn]

It'd also be good to get more input from the community team about how they'd use this field, requirements from different org teams, different use cases, etc.

[garrett-eclipse]

Hi @iandunn thanks for flagging the potential GDPR implications.

From reviewing the original Slack thread and description this seems almost more of an admin informative field for notes and I don't see it being used to store Personally Identifiable Information (PII). That being said to avoid admins from using the field for PII it could be implemented with a small note below the field to indicate to Admins that they shouldn't place any client/user/admin PII into this field. I personally don't see much of a privacy implication here if it's strictly used for admin information and won't contain personal information.

I'm unsure if the current setup for Invoice post types provides that information in an export request but feel it should and this field could be included in that. As to erasure requests this seems like a field where admins will provide information about the invoice such as referring to secondary invoices to cover the Paypal fees (From the original Slack example), in that case it would be considered potentially integral information and would be omitted from needing to be removed on erasure as it meets the criteria for section f ("processing is necessary for the purposes of the legitimate interests") of the GDPR regulations. When dealing with invoices storage of that information is quite integral to the operation of the website and in many cases is required to achieve PCI compliance.

So, in short, I don't see any privacy concerns by introducing this Notes field. A bonus would be including it in the export requests. And another bonus might be to indicate to admins that they should avoid placing PII into the field.

[dd32]

This ticket has been moved to GitHub ​https://github.com/WordPress/wordcamp.org/issues/588