Difference between revisions of "Non-board data-access 2020"

I would like to there to be a way to have 'external' people help with
board-related adminstration-work without having to be board.

This includes:
- Financial admin of membership dues
- Sending out reminders
- Updating tickets/member-history
- Work with member-data while assisting in writing/supporting software
- Work with member-data while assisting in writing/updating processes


There might be more things the board could choose to have members assist
with, in the future.

The above things are the kinds of things that can be made possible
through having the person(s) in question sign a confidentiality
contract, as is common in these cases.

I , for example, am part of a VVE where I assist in managing some
web-related parts, which does involve privacy-related data. For this, I
signed the confidenciality contract. This VVE has 400+ members and
involves finances surpassing 1 million euro, some years. Other
associations that I know of employ similar mechanisms to increase the
pool of people who can apply their knowledge, enthousiasm or expertise
to ththe association's benefit.

The benefits to Techinc would be:
- Allow people to assist doing matters when board is not capable of
doing so (any more)
- Allow people to help writing software , with actual real data
- Allow people to help work on processes with board.

This should make it possible to have people who are good with software,
but not with board-things, to actually be able to put their skills to use.

I personally have an interest in:

a) helping out with the current financial 'tightness' by going through
the current state of finances
b) implement some of the ideas that have been proposed in the past, but
are (senselessly) hard to work on without (current) data

For the purposes of the upcoming ALV, I would want to put the following
text up for a vote to be included in the HouseRules; through a simple
'yes' or 'no' vote.

------------------------

The board can decide to allow a non-board member of their choice to have
access to member- and/or association-related data.
This non-board member cannot be a non-association member.
The type of data involved and the access-method employed is for board to
decide.
Any such person will be required to sign a non-disclosure agreement
provided by board.
The exact phrasing of this agreement is up to board to take care of, but
must cover the intention of such an agreement; ensuring the safety and
integrity of the data involved and will employ sensible but workable
security practices.
Willful failure to adhere to the terms of the Non-disclosure agreement
can be used as grounds for terminating membership.
Board will stay responsible for the data they allow to be worked on, as
well as the people they authorize to do so.

-------------------------

For those who imagine that this leaves a number of things 'open', this
is not by accident. The kind of 'access' is left at the board's
discretion, and what the agreement should look like, among other
factors. These things are the kinds of things that will change over the
lifespan of the association and thus would end up having any HouseRule
associated with it become obsolete soon.

I hope enough people see the sense in this kind of thing being made
possible. It is explicitly not my intention to have the above HR become
something that'd end up weakening our protection of member
privacy/security. Ex board-members are expected to dispose of any
member-related data they might have in their mail, homedir, project-dir,
etc, in the same manner.. if there's been a need to take any off a
space-hosted infra at all. This is the same kind of discipline that the
NonDisclosure agreement should expect of any and all people trusted in
this manner.

For (ex-)board members there's actually no piece of text , no houserule,
nothing that explicitly explains all of this; we just implicitly assume
that this is the case. People (us included) have been able to apply
common sense in this regard without there having been the need for a
rule, or even a text, to force them to do so. I am not saying we should
'just do stuff and assume things will be ok', but I give it here as a
way to give some perspective on the matter.