User Group Best Practices: Privacy Policies
Is that really necessary? At the moment, from a legal standpoint, no. But with the focus on personal information confidentiality brought about by the Gramm-Leach-Bliley Act (GLB) running rampant and identity theft a very real concern, the standards of handling such information have changed. Have you noticed the disclosure statements you receive annually from your bank, broker, insurance agent, credit card companies and every other financial institution? Those are required by law.
What is not required by law are the notices you see on all sorts of web sites, email list sign-up pages and message boards allowing you to opt in or out of receiving certain types of information, and promising to share or not share your information with various classifications of partner or associate entities. The fact that they are there (assuming they are followed) is an indication that someone thinks they are important enough to include.
Who thinks they are important? For one, Apple. Did you know that, to join the iTunes Store Affiliate Program, your web site is required to have a posted privacy statement?
Your group’s members, for another, if for no other reason that the spam problem. If you doubt this, consider what happens when someone successfully posts a spam message to a closed newsgroup. There is an almost inevitable flood of protestations and complaints from list members. And that is in response to just one spam email.
Think how your MUG would be viewed if you decided to share you members email addresses with, say, a vendor who promised an extra-special product discount? Or a group member who has a service to sell. Some of them might not mind, but others will be looking for someone to blame.
To Share or Not to Share?
Developing a privacy statement is simple. Decide whether your group is willing to share your membership roster (emails, home mailing addresses, phone numbers, etc.) with anyone, under any circumstances. If the answer is yes, spell out exactly what information you would share, with whom and under what circumstances.
Now that the policy is determined, give your members the opportunity to opt out. An additional field in your membership database will be sufficient to track who does not want their information shared. Consider setting up a separate email address at your group’s domains to handle the requests; that can also help you maintain a record of who makes the requests and when.
Finally, publish the policy on your web site and in your newsletter, and include it in any new member welcome package, email or letter.
The Gatekeeper Option
An option that you might want to consider is to have the group’s leadership act as a gatekeeper. Rather than hand over your members’ information to a third party, accept and evaluate anything that third party wishes to deliver to your members. If it is something that is indeed worthwhile, distribute it through your own channels (email lists, web site, newsletter, etc.). Your members still receive the benefit, their information is protected and the organization is protected from blame or worse.