What you can learn from the Facebook HUBBUB (IFEA Summer 2018)
May I Help You? The desire to serve is at the heart of the volunteer experience. It is with pleasure that I’ve signed on to write about the driving factors related to recruiting, managing and retaining the right people. The people who want to serve. The right people? Yes, the right people. The people who choose to spend their free time working long hours for your event. The people who volunteer to do hard and often thankless jobs. The people who feel so committed to your festival or event that they come back year after year. It is my business to watch and report on volunteer recruiting and scheduling trends that impact our event clients.
Facebook Hubbub I’ve been listening to the Mark Zuckerburg testimony to Congress. There were two key lessons gleaned from this time-consuming effort. First, the Facebook organization appears to have data access issues to sort out with users and partner apps. Second, several members of Congress asked questions that made me believe they apparently don’t understand the difference between data privacy and data protection. And this got me to thinking ... I bet most people don’t understand the difference and, more important, why they should care.
Data Privacy vs. Data Protection Data privacy concerns arise wherever and whenever personally identifiable information (PII) is collected, stored, or used. This concern may include who has authorized access to your organization’s volunteer management systems, background check databases, credential platforms, payment systems and many other platforms where you collect data such as names, contact information and birth dates. Authorized access includes not only those with user names and passwords to sign into your systems but also integrated partners of these systems. In contrast, data protection requires securing data through unauthorized access. This concern relates to who may gain unauthorized technical access to the systems you use to manage and support volunteer operations. Typically, consumers ask detailed questions about data protection assuming these precautions also cover data privacy.
What Questions Do You Need to Ask? 1. Who owns my volunteer database? This is a fundamental issue in privacy. Ownership should be implicitly laid out in your contract. If you don’t own your data or if the technical system has the right to share or sell your volunteer data than you have limited or even eliminated your capability to protect the privacy of your volunteers.
2. Is my data stored separately or co-mingled with other clients?
Are volunteer accounts shared with other clients? These questions are inter-related. If a person volunteers with several organizations on the same platform there may be the expectation that their account information will travel with them during each registration as this is convenient; however, this can also be a concern if private information can carry over without their express permission.
3. Does the software company retain my volunteer database when I am no longer a client? So you received a copy of your volunteer database when you left that software company, but do you know what happened to the original database? Was it wiped out permanently? Is the data still available if you need to go back to the original system? How do you want the database treated?
4. What are my responsibilities to keep my volunteer database safe? The risk from authorized access users is substantial. Are you updating your admin access on regular basis? Do you know when your access list was last updated? Do past employees and summer interns still have access?
5. How are passwords protected? Check to see if software company employees see your passwords. And ask if passwords are encrypted across the system.
6. Do other software companies have access to our volunteer/registrant data through integrations? You must ask for a list of integrated partners and understand which of these companies are authorized to receive your specific or whole system volunteer data. Integration with background check companies, social media (especially Facebook) and Google Analytics are common and may be desirable. However, you need to make certain that the integrations are of measurable value and that you are knowledgeable about the partnership data agreements. This appears to be the area that has caused Facebook so many challenges.
7. Do you register people from other countries? The final area of concern is understanding that other countries have different privacy laws. The European Union will implement the General Data Protection Regulation (GDPR) on May 25th, 2018, which has extensive protections for the privacy of their citizens data. Software companies must meet the EU requirements or face extensive fines. We find that event management companies want to be more efficient and expand the awareness of their volunteer programs while getting the best buy for their dollar. It is important in this equation to consider the value of privacy and to understand if your software company is selling or sharing your volunteer data to their benefit without benefit to your event or your volunteers.