Some of you might wonder how we collect and handle the personally identifiable information we have about our members. In this blog post we will try to give you a bit of insight into that topic.
If one stores information it can and will be lost/leaked at some point!
First of all: We only store information we really need. While it is debatable in some cases what is needed and what is not we try to collect as little information as we need.
All over the world with lots of organisations / companies / governments losing your personal information, criminals use your information to do their "business" either by stealing from you or someone else in which case you will be blamed.
If someone tells you that their system is completely safe from viruses (malicious software), attackers, etc. they are simply lying. Nothing in this world is 100% safe. This is a simple universal fact.
While we try to keep your information as safe as possible we will not lie to you just to give you a good feeling.
There are things everyone can do to improve security apart from only trying to store information in a secure/encrypted way.
More so for an organisation: If you do not think upfront about what personal information is really necessary for your operation you are probably doing something wrong.
Define how long you need the information and how you delete / destroy it!
After defining what data you store about other people you should always define how long you need to store the information.
We delete the information in our database if the following three things apply:
- The person in question has terminated his/her membership more than 6 months ago.
- The cash audit for this member has been done.
- There are no outstanding membership fees.
The cash audit is done once a year before our yearly meeting of members. The meeting of members is held once a year in April and it is the main body of the association (Verein) where every member is invited (via email) and welcome to participate in the meeting (even non-volunteering members). During the meeting of members the cash auditors (minimum 2 people) attest that the treasurer did nothing wrong.
To do that they manually check every single transaction on our bank account. For things we buy (e.g. hardware) there has to be an invoice and for every monthly membership fee there has to be a record in our database.
Because Selfnet e.V. is a "Verein" some data retention is required by law meaning that the paperwork you signed has to be stored for several years. After that time has passed we destroy it.
So once we (regularly) delete the data in our database we create a list of all deleted membership numbers (VNR), print it and get the paperwork for the listed members.
This paperwork along with the list is kept for some years (due to the aforementioned regulations) in a box which we store in a locked room.
Once enough years have passed we have a "shredder party" and feed all the paperwork to Mr. OmNomNom and his brother which is also a document shredder.
Of course backups of the database also have to be pruned regularly. :-)
Photo of last shredder party:
Video of last shredder party:
Setting up rules for everyone who works with the data.
The first thing you should do is think about what you tell everyone who might be in contact with the information you are collecting before he or she comes into contact with the information.
While the law in some countries favours data protection at least in Germany the punishment for doing something stupid with other peoples personal information is - for the most part - pretty tame.
Therefore it does make sense to - in addition to the things required by law - setup rules for everyone in your organisation.
In case of Selfnet every volunteer and basically everyone who wants to enter the office where you could potentially see information about other members has to completely read, understand and sign the data protection guidelines (Datenschutzrichtlinie) before they can advance to the non-public rooms.
While it does not improve the law it should make it more clear that all personal information is sensitive and has to be protected.
Giving everyone only access to what they really need.
A good example for this is the SEPA mandate. A SEPA mandate usually consists of the IBAN and BIC of your bank account along with the mandate ID for which you signed the form (we have to produce the paperwork if the banks ask for it).
Because only our treasurer needs to see the full IBAN (International Bank Account Number) (to create the transaction file for the direct debit of the membership fees) the volunteers doing support for other members only see the last 4 digits of the IBAN. This way if you have forgotten which of your bank account numbers you gave us they can tell you the last 4 digits which should be enough for you to verify which bank account it is. But the full IBAN (which could be used on online shopping websites) is not shown.
Also not all volunteers do support work, for example they concentrate on technical things and therefore those volunteers do not have access to any membership information at all.