Skip to content

Settings and activity

4 results found

  1. 76 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Sheldon King commented  · 

    Please add the ability to restrict access to Contacts (or anywhere else that Xero stores Personally Identifiable Information) by User or by Role so that business users can meet their privacy obligations.

    Xero does not readily support Australian users in complying with the Privacy Principles, and does not support business to be compliant with the European GDPR rules around data disclosure. It fails to allow business to apply the Principle of Least Privilege to User setup which leads to the ready inappropriate disclosure of Personally Identifiable Information.

    This is because it is not possible to restrict access to Contact information on a Per User or Per Role basis.

    The example that has given rise to this request is in a mental health practitioner's business where their accountant can see all of their billed Contacts information when working on their Xero instance - thereby creating a confidentiality issue and breaching their privacy.

    This concern equally applies to law firms, medical practitioners, IT outsourcers, or indeed anyone else whose Contact list is sensitive (ie pretty much everyone). It means they cannot use Xero for Invoicing or Bills and still provide accountant access if they wish to maintain the privacy of their clients and creditors.

    If you're still reading, here's some boring Privacy stuff that was included in the Xero Central report case I started only to be told "you have to policy and process your way out of this issue."

    >>As part of our GDPR project, we worked with our product and security teams to identify and make any necessary changes/improvements to our product for GDPR compliance. We didn't identify the user role functionality as needing to be updated for GDPR and believe them to be compliant with GDPR and Australian privacy regulations, including the Privacy Act (1988) and Privacy Amendment (Notifiable Data Breaches) Act (2017).

    The Australian Privacy Act is a tricky one because it basically is a list of gentle suggestions.

    Nonetheless, Xero in its current form is sketchy around (amongst others) Principle 6 - use or disclosure of personal information. This states:

    "6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) […]"

    It also fails to adequately support business attempting to comply with Principle 11 — security of personal information:

    "11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:

    from misuse, interference and loss; and
    from unauthorised access, modification or disclosure"

    The GDPR is more explicit:

    Article 25, Section 2, Paragraph 1:

    "The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed."

    With Xero, we can't if we want to both use Invoicing or Bills, complete contact information for same and provide access to an accounting professional.

    Sheldon King supported this idea  · 
  2. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Sheldon King shared this idea  · 
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Sheldon King shared this idea  · 
  4. 59 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    Hi Lilly, with Xero expenses you can upload a copy of a receipt and have it auto capture the contents to create an expense through the app - See more on this here

    Is there a reason you'd prefer to email receipts to your org over the existing method? Will help when sharing back with the team. 

    Sheldon King supported this idea  · 
    An error occurred while saving the comment
    Sheldon King commented  · 

    I've wanted this functionality since Expenses was introduced:

    • It brings Expenses and Bills into parity in terms of Files functionality and records data (all Creditors can be seen and worked with in either screen).
    • It should create an Expense that is pending Approval so details can be checked.
    • Employees can simply forward an invoice that they've been e mailed into Xero for processing (Expenses app is better suited to small pieces of paper than, for example, an airline invoice in e mail).
    • It would allow the AI recognition feature included in Expenses (which works well most of the time) to pre-fill the expense and subsequent Bill - dramatically reducing processing time for Creditors.