When logged in as a guest user, if I go into a task and try to assign a task I see all users in the system. This is a security issue that needs to be fixed.
Under GDPR and other data protection regulations users (customers) have to give express permission to disclose their information to other third parties. This breaches this data protection expectations.
This needs to be resolved in a way that guest users are hidden from other guest users by default. This bug currently covers the task assignment option in a task, which loads a drop down with all system users (and their emails).
I am not sure that the solution proposed to hide emails will adequately address disclosure requirements.