Proposed vote on a personal information privacy policy

This request for “inspection of corporate records” is written in our bylaws, it was just never used by a member before; as such, this is the first request of this kind that leadership has ever had in the history of the Hive (as far as I am aware). When this request came to us, we responded in that exact way: No, we will not give that information out, to protect member’s privacy. We were happy to give out the specific information that is explicitly called out in the bylaws. However, the ambiguity surrounding the wording was used to suggest that a membership list would be included in these records. Please find the section in question below:

Permanent Records

The corporate shall keep current and correct records of the accounts, minutes of the meetings and proceedings, and membership of the corporation. Such records shall be kept at the registered office or the principal place of business of the corporation. Any such records shall be in written form or in a form capable of being converted into written form.

Inspection of Corporate Records

Any person who is a Member of the corporation shall have the right at any reasonable time, and on written demand stating the purpose thereof, to examine and make copies from the relevant books and records of accounts, minutes, and records of the Corporation. Upon the written request of any Member, the Corporation shall mail such a member a copy of the most recent balance sheet and revenue disbursement statement.

The blue parts spell out directly what was to be given in response to a request for examination of the records. The ambiguity surrounded the red parts: what exactly does “records of the corporation” mean? Is that the “Permanent records” section above? And if so, does that include the other red section: “membership of the corporation”. Then what does that mean? Does it mean just membership trends, membership numbers, membership dues income, a membership list, a list of names of members, etc…

After all of these questions, we still held the same response. That no matter how the bylaws /could/ be read, it would not be our place to give that information out. It shouldn’t be something we needed to entertain, especially after we made our decision as leadership. When the request was not dropped at our initial response and was pushed farther than what we were willing to divulge, we had to discuss what to do moving forward. We felt it important to bring this issue for discussion and decision to the membership, stripping it of all situational and personal information regarding the request, so we could discuss it for ALL such future requests, not just this one. A vote supports leadership’s initial decision, reinforces that we were NOT acting in a biased, improper, petty or secretive manner by our response and sets a precedent of how to move forward with such things in the future.

Unfortunately our bylaws are full of loopholes, inconsistencies and points of confusion/ambiguity. While bylaws need to be flexible and specifically non-specific, we need to work out the “dangerous” parts. Obviously, general decency, ethics, laws, etc. will always trump what our little bylaws say, but moving towards making them better is important.

So, moving forward: We really need to fix this ambiguous section of bylaws so that we can better officially deal with such requests, and that’s what we’re attempting to do.

I think it is important to have an official decision from the membership on how to deal with this (although it’s pretty unanimous so far). A special meeting must be announced at least 72 hours ahead of time (along with the subject matter of the meeting), so we have time to change the formal things we are voting on with input from this discussion; we can work on how to change what has been proposed.

tl;dr - Leadership already responded that we will not give out personal information. This was challenged, therefore we are now asking the membership to re-affirm this decision because membership trumps leadership.

Nobody is disagreeing that there is a problem. This is an opportunity to correct it.

• Ian B.

Good, I want to thank the various members of leadership that have responded to this unreasonable and unfair request with a patient, reasonable, and fair response.

I’m a bit concerned that the bylaws also call for “records of accounts”. In particular I’m concerned that the next request could be for bank account numbers, PINs and other information that could be used to access these accounts. While the records of what happened with the accounts should be available (balance sheet and revenue disbursement), the account numbers do not help in providing any sort of accountability, while potentially opening the door to fraud and other malfeasance.

leadership, applause

The inspection of corporate records is likely to pertain to the records
that have to do with the corporate entity and not necessarily the
membership. These were intended to be (and IMO should remain) separate
things.

This is why there is a board of directors and a membership with voting
rights to whom the board ultimately answers. The board+bylaws are a
requirement for the corporation; the corporation is a requirement for the
non-profit status. Therefore, the requirement to disclose corporate
records would probably include the persons who are members of the
corporation, as in holders of positions listed in the corporate charter and
or bylaws, namely the president, secretary, and the board.

It's been a long time since I was part of the leadership, so my
understanding of the bylaws is obviously dated. If they have been modified
to include a number of people in volunteer positions outside of those
required for a corporation in Ohio (president, secretary, board) this is
probably a flaw.

What is the concern with option B, opting in to be in a list, for the “no to either” folks?

To put it another way, if someone were to stand up in a meeting and say “I’m putting together a list of members for a newsletter, please see me if you would like to be included”, would it be similarly unacceptable, and if not, what is the difference?

For the record I’m not a current member, and I wasn’t the one who asked for a list; I’m just curious. I certainly would be in the “hell no to option A” camp.

Marcus, I see nothing wrong with someone standing up in a meeting and doing that. That would give everybody there the option to put their name in or saying nothing and leave their name out of a mailing list. Similarly, a person could put that same request out on this email list and say “Hey, I’m compiling a list of names of members for a newsletter, please send me your information.” And then people can choose, or choose not to send their information to that individual.

I thought I might weigh in… I know I haven’t been around much, so take my opinion with a grain of salt ( however, I am the person that wrote the Bylaws ). I am not a lawyer.

1. When I wrote this section about Inspection of Corporate Records, I took it to refer to Permanent Records as defined in the other section. I don’t know if that holds up in a court of law, but that’s what I thought I was doing. I did believe that it would include a list of the other members.

2. Let’s all be clear about whether we are talking about other members having access to the records versus any outside entity having access. I think it is clear that currently only a member has a right to inspect the records. I don’t think either of Jim’s options changes that, and I don’t think there is anyone who would find it reasonable for us to hand over anything to any outside entity unless compelled to by law. I personally don’t think it’s that bad for any member to know who all the other members are*.

3. That being said, I don’t think we have, or are legally required to have, a “real names policy”. When you join, you give a name and an email address. We don’t require you to affirm that it is your real name and your real email address. So if someone becomes a member and is worried about other members knowing their identity, I don’t see anything stopping them from providing whatever name and email address they choose. ( We don’t have any other PII about our members, do we? )

So,

A) I do support a privacy policy that would make our stance on member information clear, but I don’t think it needs to be a Bylaws change. I think it can just be a Policy. “We promise not to give your information to anyone but other members, and only the information you provided on your application… blah blah blah” Maybe the Bylaws can refer to the Policy, or maybe they don’t even need to do that.

B) I don’t think it would be a bad idea to at least find out how much it would cost for a lawyer to give the Bylaws a once-over. Think of it as a legal pen-test.

Hack on,

Dave

• • But Dave, what if an LEO joins just in order to inspect the member list and then hands that over to the FBI? Well, yes, that is a threat. The mitigation is two-fold: 1) the application must be approved ( if something is fishy, we can reject an application ) 2) see above re: “real names”. Is that fool-proof? No. I mean, do you want to get into some actual threat modeling? Is that what we are doing now? If so, then this whole conversation is putting the cart before the horse…

Transparency. In the case of option B, anybody can ask and potentially get the list without any disclosure of their interest. Nobody would know other than the officer that fulfilled their request. In your example the interested party is revealing who they are, and what their purpose is. So option B, with it’s Opt-In allows people to deliberately open themselves to this, if they’re so interested. Maybe they’ll get a newsletter or maybe they’ll get spam, but it’s not worth going through the hassle of giving out their info again.

Also, let’s be very clear what’s happening. The party in question asked leadership in private for some very sensitive information. It doesn’t appear they have an explanation for why they want this information or what they intend to do with it. They were told “No”, which establishes a pretty clear boundary, assuming there was any doubt about the sensitivity of this information. Instead of honoring that boundary they’ve gone back to leadership, this time insisting that leadership is compelled to do so by their own bylaws. At this point the ambiguity of the bylaws is being used to coerce leadership into doing something that goes against their better judgement, and potentially the well being of the organization as a whole.

Finally the party who has made this request has still not revealed themselves, or explained their purpose in making this request. Could be they have a perfectly reasonable explanation for this (like the newletter). However, the longer it goes without them explaining the less likely this seems.

Does leadership have any obligation to keep the request private? I’d say transparency goes two ways.
-D

What is the “very sensitive” information that was asked for? What do we even have that is “very sensitive”?

~Dave

Let me start by saying I was the one who made the request. I am in no way trying to hide this request and think it’s a good idea to be transparent. I wanted to bring this to the mailing list last week but was asked by leadership to not bring it up until after the board meeting. At first I refused but after a second request I reluctantly agreed. If I had known that the next course of action was to have someone else bring up the matter I would have disagreed and properly posted my request vs letting everyone play the telephone game and let the entire story be incorrectly told.

I originally made this request so I could know who our voting members actually are. Sure we have our regulars who show up at the meetings and post to our mailing list but that number seems small in comparison to our overall membership. In my request I asked for the names of our current members and possibly their emails but clearly stated that I understood if emails were off limits. I also clearly stated my purpose of wanting to be able to socialize ideas for new proposals outside of our core members. From reading our bylaws, this seemed like a reasonable request.

After hesitation to this request other rumors came to my attention (and I hope they are just rumors) that there are multiple people who have not been paying dues, voted as members, and some even hold leadership positions. At this point I also asked to review the books so I could verify if these accusations are true. There is not reason to let these rumors spread and cause conflict within, without someone validating them.

When it comes to sharing personal information I am in agreement with many of the views that members have shared. I do not share my information freely nor would I want others to spread it. On that same note, I do not believe that knowing the names of our current (paying) membership is something that should be considered personal or a secret. Knowing the names of our members, what level of membership they have, and seeing the income from these transactions would go a long way in reassuring everyone that people are not cheating the system. Having your name on an active member list doesn’t seem much different than being at a meeting and raising your hand saying you are a voting member, except the list may keep you honest. Many of the people who have raised objections to sharing their name show up to meetings and vote every week.

Also one last note, in the spirit of total transparency, there was a time a while back where my PayPal lapsed and I didn’t pay dues. It has been rectified and my automatic billing is back to normal. These things happen and I hope the rumors are just an oversight. Also if anyone would like a complete email exchange of my request feel free to reach out and I will send it to you.

Coy

This seems reasonable to me and I think that this type of thing is the reason the members should be able to inspect the Corporate Records. Should everyone be able to log into our bank account? No. Should we give out people’s home addresses and occupations? No. But we should be able to ask who all the other members are and ask for some type of record demonstrating that they are in fact paying members.

In fact, now I’m interested in making the same request. Not because I want to know anything about anyone in particular, but because I think it should be the type of thing we should be able to produce if we want to.

~Dave

I wanted to bring this to the mailing list last week but was asked by leadership to not bring it up until after the board meeting.

So you asked for this information in private, rather than asking in public, and did so multiple times.

I also clearly stated my purpose of wanting to be able to socialize ideas for new proposals outside of our core members. From reading our bylaws, this seemed like a reasonable request.

The bylaws aren’t the only criteria in play here, and it seems disingenuous to insist that they be the only criteria. The bylaws don’t allow or prohibit a number of things, but that doesn’t mean they don’t also apply.

After hesitation to this request other rumors came to my attention (and I hope they are just rumors) that there are multiple people who have not been paying dues, voted as members, and some even hold leadership positions. At this point I also asked to review the books so I could verify if these accusations are true. There is not reason to let these rumors spread and cause conflict within, without someone validating them.

This seems unrelated to the request of contact information for the membership list.

When it comes to sharing personal information I am in agreement with many of the views that members have shared. I do not share my information freely nor would I want others to spread it.

Then why did you request it in the first place? Either it’s as you say something that shouldn’t be shared, at which point requesting it is outside the bounds of acceptable behavior, or it’s not. Your actions in requesting the contact information demonstrate that you feel that information should be generally sharable via a private request to leadership.

Many of the people who have raised objections to sharing their name show up to meetings and vote every week.

No, most people are objecting to having their contact information shared, it seems you’re confusing two issues: sharing personal contact information based on a private request, and checking on the membership rolls. The original post and all the commentary has centered around the privacy issues such a request raises. There has been no discussion about lapsed memberships, and it seems a distraction from the original topic. Maybe it would be best to start another thread to discuss that problem?

Further checking the membership rolls does not require any access to personal contact information, and can’t really be verified without looking at the books.

I wanted to bring this to the mailing list last week but was asked by
leadership to not bring it up until after the board meeting.

So you asked for this information in private, rather than asking in
public, and did so multiple times.

Not all requests or conversations need to be made publicly.

I also clearly stated my purpose of wanting to be able to socialize ideas
for new proposals outside of our core members. From reading our bylaws,
this seemed like a reasonable request.

The bylaws aren't the only criteria in play here, and it seems
disingenuous to insist that they be the only criteria. The bylaws don't
allow or prohibit a number of things, but that doesn't mean they don't also
apply.

The bylaws are set to govern the leading body of the Hive, so if the bylaws
allow one to make a request, then its that simple.

After hesitation to this request other rumors came to my attention (and I
hope they are just rumors) that there are multiple people who have not been
paying dues, voted as members, and some even hold leadership positions. At
this point I also asked to review the books so I could verify if these
accusations are true. There is not reason to let these rumors spread and
cause conflict within, without someone validating them.

This seems unrelated to the request of contact information for the
membership list.

Not all reasons have to be related to all requests. He even specified
contact info may be to talk to people other than the main group

When it comes to sharing personal information I am in agreement with many
of the views that members have shared. I do not share my information
freely nor would I want others to spread it.

Then why did you request it in the first place? Either it's as you say
something that shouldn't be shared, at which point requesting it is outside
the bounds of acceptable behavior, or it's not. Your actions in requesting
the contact information demonstrate that you feel that information should
be generally sharable via a private request to leadership.

So nearly every mailing list your own can sell your info you give them, the
information he requested is less than what many give to them. But beyond
that this information may be required for certain things. For example a
bylaw change requires a special meeting that all member must be notified
of. As any member can request a bylaw change, they need to be able to
notify the membership completely. That's done by contact information.

I wanted to bring this to the mailing list last week but was asked by leadership to not bring it up until after the board meeting.

So you asked for this information in private, rather than asking in public, and did so multiple times.

Not all requests or conversations need to be made publicly.

This one should, which is why people are upset. Further it appears that the facts are in agreement, he requested the information in private, multiple times, and then invoked the bylaws to force the issue. Have you been reading this thread?

I also clearly stated my purpose of wanting to be able to socialize ideas for new proposals outside of our core members. >From reading our bylaws, this seemed like a reasonable request.

The bylaws aren’t the only criteria in play here, and it seems disingenuous to insist that they be the only criteria. The bylaws don’t allow or prohibit a number of things, but that doesn’t mean they don’t also apply.

The bylaws are set to govern the leading body of the Hive, so if the bylaws allow one to make a request, then its that simple.

No, it’s not clear that they do, which is the point of this thread. If they did that doesn’t mean that the request is reasonable or acceptable by other standards. It’s pretty clear from reading this thread that few people consider the private request for their personal information to be a reasonable thing to do, nor something that would expect from reading the bylaws.

After hesitation to this request other rumors came to my attention (and I hope they are just rumors) that there are multiple people who have not been paying dues, voted as members, and some even hold leadership positions. At this point I also asked to review the books so I could verify if these accusations are true. There is not reason to let these rumors spread and cause conflict within, without someone validating them.

This seems unrelated to the request of contact information for the membership list.

Not all reasons have to be related to all requests. He even specified contact info may be to talk to people other than the main group

Right, you seemed to be missing the point, let me be a bit clearer. He has brought up a completely different topic from the original topic of this thread, the sharing of private contact information. Further the topic he brought up is a potentially inflammatory, and very likely to take the original topic way off course. General etiquette for such situations is to address the separate topic in it’s own thread to avoid completely derailing the conversation, and taking attention away from the original topic.

When it comes to sharing personal information I am in agreement with many of the views that members have shared. I do not share my information freely nor would I want others to spread it.

Then why did you request it in the first place? Either it’s as you say something that shouldn’t be shared, at which point requesting it is outside the bounds of acceptable behavior, or it’s not. Your actions in requesting the contact information demonstrate that you feel that information should be generally sharable via a private request to leadership.

So nearly every mailing list your own can sell your info you give them, the information he requested is less than what many give to them. But beyond that this information may be required for certain things.

You appear to be missing the point again, so allow me to clarify. His actions show that he wanted to privately request the contact information of the membership. He claims to not be in favor of sharing personal information. The two are clearly in conflict. What other mailing lists may or may not do is irrelevant to the discussion of the apparent contraction between his actions and his statement.

Given your tendency to contact individual members of leadership rather than the emailing the leadership list, I would like to take you up on your offer of a copy of the complete exchange.

Also, you want to “socialize ideas” to members that don’t show up to meetings, but you also claim to not need contact info. Can you, or anybody really, explain what that means?

As for the “rumors” I have certainly never heard them, although I am sure there will be some now, so thanks for that.

• Ian B.

I am starting separate threads for these issues.

When it comes to personal information I believe the hive must be able to keep a database of who members are when signing up. We have not had the issue yet however someone could join under an alias and bogus info. That is one thing where if we truly do not know who someone is, how do we put a waiver with a person? Or sadly if it’s something that would require law enforcement get involved after a theft or other act. I know we have people that could track down digital info after the fact but it would be tedious.

We also do events that involve children with library events, maker faires, and other venues, some people are not allowed in those situations by means of a court order. I am not saying we need to run crazy background checks or anything however to be compliant with the waiver at minimum, it could be very important in case of injury as well.

Now for how that info should be handled… by no means should address, full name, email address, phone number, or banking info be shared with membership. UNLESS someone wants to opt in for a membership contact list, even then the member chooses what to share.

For the means of “active members who can vote” possibly a membership number could be assigned to each number. This would keep current information if a simple member number is current on dues and if a vote is close enough or an audit needs done it would provide protection of personal info.

Now as far as storage and setting this up from here on out I believe the leadership/board should be the only people with access to full information. We have some very trustworthy people in spots that already deal with and have protected our information thus far.

Just throwing things out there, any ideas on this would be great. After thinking about how liability waivers go at the hive and the fact that someone could have just made up or used a nickname on the waiver then something happened to them, it could be hard to prove a waiver was done by that person. Any basic form of ID should be checked to make sure all is legal and a waiver easy to find for liability reasons down the road…

'Who you think is kevin

my name might not even be kevin and I could be a cia spy XD

You missed an important point in the corps favor. “at any reasonable time…” Right there is wiggle room. Written as is, there is implied discretion of the board and or the individual officers as needed.

The next is purpose? Why? All the discussion ever needed can be done on the google group, and or the meetings. A newsletter? Can be done by having the corp mail it out. A specific grievance or motion sent to the general membership? Same deal… can be done without divulging the personals via the officers mailing out the letter.

Again, the implied portion of making somebody divulge purpose is discretion, ie. if the corp does not agree with the purpose, then no release of documents.

That’s two roadblocks on releasing info… another is time. Nothing there states that a request is an emergency that requires an emergency meeting… so the issue waits until the next regular meeting. Or the bylaws meeting.

One way to handle this, is a voluntary phone list/registry. In today’s world, a cell number or an email is enough and also at times too much… an address for mail not so necessary, as files and pretty portable. My old club did the phone list yearly, beginning of every year. But then, we needed that list for rescue call out, in the days before cell phones, and interwebs dominance. This way, people choose what info is available, and know what is put forth is public. The general membership of the hive does not need my home address. I’ve put my personal mail up several times, so that cat is out of the bag

Gotta run, but hope to be able to help on the issue.