Regarding the Protection Profile Badges on the Person Profile:

Based on Episode 125 of the RockCast, the Protection Profile badge is intended to be a startling feature that must be seen on the Person Profile, since the weakest point of security is the staff. If staff (or anyone else) can edit emails and phone numbers, they can gain access to the person's profile through a password reset.

Displaying the Protection Profile badge (as well as alerts in other areas of Rock) is a good way of helping keep staff informed and attentive to data security.

However, in my opinion, there are a couple of issues with the Person Bio showing the badge indiscriminately:

1. The badge is not sufficiently distinguished from other information on the Bio.

The Protection Profile isn't directly about the person. It is about what the person has access to. The badge gives information in a different semantic category than the rest of the profile.

As such, we have had staff thinking that the badge indicated facts about the person, e.g. that the person is not allowed around children. 

It would be good to indicate that "Protection Profile" is about Data Access or Data Security. The terms "Protection Profile" are too general for the context. (even an explanatory tooltip could help a lot for this).

If the concern is specifically with editing the profile, it might be a good idea to change the look of the edit button and have the badge (or some other indication) in closer proximity to the edit button, rather than intermingling the badge in the middle.

2. "Protection Profile: High" may reveal giving status

We allow some folks to see various attendance, registration, and group membership data that we do not want to have access to any financial information whatsoever. We want to keep that information very confidential.

The criteria for the High level is:

With certain access privileges, a user could determine if someone with the "Protection Profile: High" is giving by process of elimination:

1. This person has no registrations (thus, no saved payment accounts from a registration)
   
2. This person is not serving in any serving team groups (i.e. almost certainly not in any security role)

Therefore, this person must be giving. 

Granting access to view Attendance, registrations, and group membership is a more common access level, even for some volunteers. It only takes one volunteer figuring this out (and you know they're crafty...) and pressuring their folks to start giving to make a stink.

Solution: Improve Display options

Since the idea behind the Protection Profile is to improve awareness of data security, particularly among those who may edit the profile, it is clear that there are some circumstances in which the Protection Profile should be shown. 

However, given the problems described above as well as the fact that we may change who has access to edit profiles (we do not allow general staff to edit profiles - only Rock Admins, Data Integrity, and Finance), it seems like it would be helpful if we had the ability to tweak who can see the badge.

Thank you for considering this!