techcafeteria

We’re all back from the Nonprofit Technology Conference, where nine of the ten Idealware bloggers congregated, along with some 1,440 of our peers in the nptech community. What a gas! NTC, as we call the conference, is what high school would have been like if everyone had been a member of the popular clique. The combination of peer education and celebration of our common interest in saving the world with heart and technology make for an exuberant occasion. And I can’t say enough about the awe and appreciation I have for Holly, Anna, Annaliese, Brett, Sarah and Karl, and the amazing event that they recreate year after year for us.

But, enough gushing. One of my (many) rants regards my concern that, although the biggest group of people that we call “nptechies” are the ones who support technology in their organizations, our biggest nptech conferences focus heavily on social media and the web (NTC, Netsquared, and now SXSW). It is true that the advent of social media and the interactive web is spawning a revolution in the way that we do advocacy and fundraising. But there is no less of a revolution in our server rooms, where virtualization, cloud computing and wireless devices are changing the entire way that we manage and deliver applications.

Our System Administrators, Support Specialists and Accidental Techies need to share in the peer support that can inform their efforts and help them feel more connected, both to their missions and the broader community. This year, in deference to a throat getting hoarse from ranting, I took a first stab at addressing this gap.

The Tech Track

The tech track was conceived as a six session “mini” track; five of the proposed sessions made the cut. The topics went from the basics to the broad overview:

• Tech Track 1: Working Without a Wire (But With a Net): Dealing with Wireless Networks, Laptops, and Cell Phones


• Tech Track 2: Proper Plumbing: Virtualization and Networking Technologies


• Tech Track 3: Earth to Cloud: When, Why and How to Outsource Applications


• Tech Track 4: Budget vs Benefits: Providing Top Class Technology in Constrained Resource Environments


• Tech Track 5: Articulating Tech: How to Win Friends and Influence Luddites.

Joining me in these sessions were fellow blogger Johanna Bates of OpenIssue, Matt Eshleman of CITIDC, Tracy Kronzak of Applied Research Center, John Merritt of the San Diego YMCA, Michelle Murrain of OpenIssue, Michael Sola of National Wildlife Federation and Thomas Taylor of the Greater Philadelphia Cultural Alliance.

Subject Matter

Instead of doing the usual Powerpoint presentations and talking to the crowd, we pulled the chairs into circles for these sessions and put the session agenda up for grabs, asking each group what issues, related to the session topic, were foremost in their minds. The conversation was rich, and served as a healthy catalogue of the challenges facing nonprofit technology practitioners. Some highlights:

• Supporting remote laptop use in a western state with very little wireless bandwidth available


• Securing our networks while making network data accessible on mobile devices


• Supporting use of and crafting fair policies to address the boom in mobile devices


• Understanding the risks and benefits of virtualizing servers and desktops


• Knowing how and when to virtualize, and how Storage Area Networks fit in the big picture


• Weighing the risk of cloud computing, which also entails weighing the risks of our non-cloud networks


• Knowing what to ask a cloud provider to insure that data is safe, even in the case of the provider going out of business


• Assessing the cost of owned vs service-provided applications


• Assessing the readiness of Cloud Computing, and moving large, complex server rooms to the cloud


• Chickens and eggs: what to do when IT is asked to budget, but is not part of the planning process prior?


• What strategies can be applied to provide good technology with limited budgets?


• What tools and resources are available to help with the budgeting process?


• How can we engage our users when we roll out new technology?


• How do we get them to attend training?

Next week, I’ll follow this up with some of the answers we came up with for these questions.

I recently took on the project of migrating the Idealware articles and blog from their old homes on Idealware’s prior web site and Google’s Blogger service to our shiny, new, Drupalbased home. This was an interesting datamigration challenge. The Idealware articles were static HTML web pages that needed to be put in Drupal’s content database. And there is no utility that imports Blogger blogs to Drupal. Both projects required research and creativity.

The first step in any data migration project is to determine if automating the task will be more work than just doing it by hand. Idealware has about 220 articles published; cutting and pasting the text into Drupal, and then cleaning up the formatting, would be a grueling project for someone. On the other hand, automating the process was not a slam dunk. Database data is easier to write conversion processes for than free form text. HTML is somewhere in the middle, with HTML codes that identify sections, but lots of free form data as well.

Converting HTML Articles with Regular Expressions

My toolkit (of choice) for this project was Sed, the Unix Stream Editor, and a generic installation of Drupal. Sed does regular expression searching and replacing. So I wrote a script that:

1. Deleted lines with HTML tags that we didn’t need;


2. stored data between title and body tags;


3. and converted those items to SQL code that would insert the title and article text into my Drupal database.

This was the best I could do: other standardized information, such as author and publishing date, was not standardized in the text, so I left calling those out for a clean-up phase that the Idealware staff took on. The project was a success, in it that it took less than two days to complete the conversion. It was never going to be an easy one.

Without going too far, the sed command to delete, say, a “META” tag is:

/

That says to search for a literal “less than” bracket (the forward slash implies literal) and the text meta and delete any line that contains it. A tricky part of the cleanup was to make sure that my search phrases weren’t ones that might also match article text.

Once I’d stripped the file down to just the data between the “title” and “body” tags, I issued this command:

s/.*(.*)/insert into articles (title, body) values (‘1’, ‘2’);/

This searches for the text between HTML “title” tags, storing it in variable 1, then the text between “body” tags, storing it in variable 2, then substitutes the variable data into a simple SQL insert statement in the replacement string. Iterating a script with all of the clean-up commands, culminating in that last command, gave me a text file that could be imported into the Drupal database. The remaining cleanup was done in Drupal’s WYSIWYG interface.

Blog Conversion

As I said, there is no such thing as a program or module that converts a Blogger Blog into Drupal format. And our circumstance was further complicated by the fact that the Idealware Blog was in Blogger’s legacy “FTP” format, so the conversion options available were further limited.

There is an excellent module for converting Wordpress blogs to Drupal, and there were options for converting a legacy Blogger blog to Wordpress. So, then the question was, how well will the blog survive a double conversion? The answer was: very well! I challenge any of you to identify the one post that didn’t come through with every word and picture intact.

I had a good start for this, Matthew Saunders at the Nonprofits and Web 2.0 Blog posted this excellent guide. If you have a current Blogger blog to migrate, every step here will work. My problem was that the Idealware blog was in the old “FTP” format. Google has announced that blogs in their original publishing format must be converted by May 1st. While this fact had little or no relationship to the web site move to Drupal, it’s convenient that we made the move well in advance of that.

To prep, I installed current, vanilla copies of Wordpress and Drupal at techcafeteria.com. I tracked down Google’s free blog converters. While there is no WP to Drupal converter, most other formats are covered, and I just used their web-based Blogger to Wordpress tool to convert the exported Idealware blog to WP format. The conversion process prompted me to create accounts for each author.

To get from Wordpress to Drupal, I installed above-mentioned Wordpress-import module. As with the first import, this one also prompted me to create the authors’ Drupal accounts. It also had an option to store all images locally (which required rights to create a public-writeable folder on the Drupal server). Again, this worked very well.

With my test completed, I set about doing it all over again on the new Idealware blog. Here I had a little less flexibility. I had administrative rights in Drupal, but I didn’t have access to the server. Two challenges: The server’s file upload limit (set in both Drupal and PHP’s initialization file) was set to a smaller size than my Wordpress import file. I got around this by importing it in by individual blogger, making sure to include all current and former Idealware bloggers. The second issue was in creating a folder for the images, which I asked our host and designer at Digital Loom.com to do for me.

Cleanup!

The final challenge was even stickier—the posts came across, but the URLs were in a different format than the old Blogger URLs This was a problem for the articles as well. How many sites do you think link to Idealware content out there? For this, I begged for enough server access to write and run a PHP script that renamed the current URLs to their former names—a half-successful effort, as Drupal had dramatically renamed a bunch of them. The remainder we manually altered.

All told, about two hours research time, three or four hours conversion (over a number of days) and more for the clean-up, as I wasted a lot of time trying to come up with a pure SQL command to do the URL renaming, only to eventually determine that it couldn’t be done without some scripting. A fun project, though, but I’d call it a success.

I hope this helps you out if you ever find yourself faced with a similar challenge.

[Oops! Forgot to publish this Idealware post from late January…]

Here are a few updates topics I’ve posted on in the last few months:

Nonprofit Assessment

The announcement that GuideStar, Charity Navigator and others would be moving away from the 990 form as their primary source for assessing nonprofit performance raised a lot of interesting questions, such as “How will assessments of outcomes be standardized in a way that is not too subjective?” and “What will be required of nonprofits in order to make those assessments?” We’ll have a chance to get some preliminary answers to those questions on February 4th, when NTEN will sponsor a phone-in panel discussion with representatives of GuideStar and Charity Navigator, as well as members of the nonprofit community. The panel will be hosted by Sean Stannard-Stockton of Tactical Philanthropy, and will include:

• Bob Ottenhoff of Guidestar


• Ken Berger of Charity Navigator


• Lucy Bernholtz of Blueprint R & D


• Christine Egger of Social Actions


• David Geilhufe of NetSuite


• and host Holly Ross of NTEN.

I’ll be participating as well. You can learn more and register for the free event with NTEN.

The Half-Life of Internet Explorer 6

It’s been quite a few weeks as far as headlines go, with a humanitarian crisis in haiti; a dramatic election in Massachusetts; A trial to determine if California gay marriage-banning proposition is, in fact, discriminatory; high profile shakeups in late night television and word of the Snuggie, version 2 all competing for our attention. An additional, fascinating story is unfolding with Google’s announcement that they might pull their business out of China in light of a massive cybercrime against critics of the Chinese regime that, from all appearances, was either performed or sanctioned by the Chinese government. There’s been a lot of speculation about Google’s motives for such a dramatic move, and I fall in the camp that says, whatever their motives, it’s refreshing to see a gigantic U.S. corporation factor ethics into a business decision, even if it’s unclear exactly what the complete motivations are.

As my colleague Steve Backman fully explains here, here’s been some fallout from this story for Microsoft. First, like Google and Yahoo!, Microsoft operates a search engine in China and submits to the Chinese governments censoring filters. They’ve kept mum on their feelings about the cyber-attack. Google’s analysis of that attack reveals that GMail accounts were hacked and other breaches occurred via security holes in Internet Explorer, versions six and up, that allow a hacker to upload programs and take control of a user’s PC. As this information came to light, France and Germany both issued advisories to their citizens that switching to a browser other than Internet Explorer would be prudent. In response, Microsoft has issued a statement recommending that everyone upgrade from Internet Explorer version 6 to version 8, the current release. What Microsoft doesn’t mention is that the security flaw exists in versions seven and eight as well as six, so upgrading won’t protect you from the threat, although they just released a patch that hopefully will.

So, while their reasoning is suspect, it’s nice to see that Microsoft has finally joined the campaign to remove this old, insecure and incompatible with web standards browser.

Google Wave: Still Waters

I have kept Google Wave open in a tab in my browser since the day my account was opened, subscribed to about 15 waves, some of them quite well populated. I haven’t seen an update to any of these waves since January 12th, and it was really only one wave that’s gotten any updates at all in the past month. I can’t give away the invites I have to offer. The conclusion I’m drawing is that, if Google doesn’t do something to make the Wave experience more compelling, it’s going to go the way of a Simply Red B-Side and fade from memory. As I’ve said, there is real potential here for something that puts telecommunication, document creation and data mining on a converged platform, and that would be new. But, in it’s current state, it’s a difficult to use substitute for a sophisticated Wiki. And, while Google was hyping this, Confluence released a new version of their excellent (free for nonprofits) enterprise Wiki that can incorporate (like Wave) Google gadgets. That makes me want to pack up my surfboard.

Details have come in for two exciting events in February:

On Thursday, February 4th, at 11:00 am Pacific/2:00 pm Eastern, don’t miss The Overhead Question: The Future of Nonprofit Assessment and Reporting. This panel discussion with represenatives from Charity Navigator and Guidestar will cover all of the questions I’ve been blogging about here. Join me with moderator Sean Stannard-Stockton of Tactical Philanthropy, Bob Ottenhoff of Guidestar, Lucy Bernholtz of Blueprint R & D, Christine Egger of Social Actions, David Geilhufe of NetSuite, and host Holly Ross of NTEN. Free registration is here.

And on Wednesday, February 10th, from 10:00 to 2:00 Pacific (1:00 to 5:00 Eastern), NTEN and the Green IT Consortium are putting on the first Greening Your IT Virtual Conference. With a plenary by Joseph Khunaysir of Jolera Inc. and six tactical sessions explaining how your org can benefit yourselves and the earth, including the one I’m co-presenting with Matt Eshleman of CITIDC on Server Virtualization.  Registration is $120, and it looks well worth it.

...or you might. I find that, in a 25 year IT career that has always included a percentage of tech support, human nature is to use the features of an application that we know about, and only go looking for new features when a clearly defined need for one arises. In that scenario, some great functionality might be hiding in plain sight. Here are a few of my favorite “not very well-hidden” secrets. Share yours in the comments.

Google Search Filtering

Have you ever clicked the “Show Options” link on your results page? Do a search for whatever interests you and try it (it’s located right under the Google logo). This will add a left navigation bar with some very useful filtering options. Of note, you can narrow to a trendy real-time search buy clicking on “Latest” under “Any Time”; choose a date range,filter out the pages that you’ve seen, or haven’t seen yet – how useful is that for finding that page that you googled last week but didn’t save? The funny thing is that Google has an “Advanced Search” screen, which, of course, can do many things that this bar can’t (such as searching for public domain media).

Microsoft Outlook Shortcuts

If you use Outlook, you know how simple it is to find your mail and calendar. Other common folders are conveniently placed in your default view. But if you’re the slightest bit of a power user, or you work in an environment where users share mailbox folders or use Exchange’s Public Folders, than keeping track of all of those folders can get a bit tedious. That’s what the Shortcut view is for. Buried below the Mail, Calendar and Task buttons, you can move it up to the visible button list by right-clicking on the bar area (in the lower-left hand corner of Outlook 2003 or 2007’s screen) and choosing “Navigation Pane Options”. Highlight “Shortcuts” and then click “Move up” enough times to get it in one of the first four positions. Click OK, then click on the “Shortcuts” bar. From here, you can add new shortcuts and, optionally, arrange them in shortcut groups. You can rename the shortcuts with more meaningful titles, so that, if, say, you’re monitoring a norther user’s inbox, you can give it their name instead of having two folders named “Inbox”. One tip: to add shortcuts to a group, right-click on the group title and add from there.

Facebook Friend Lists

Nothing makes Facebook more manageable than Friends Lists, and, with the new security changes, this is more true than ever. If you’re like me, your connections on Facebook span every facet of your life, from family to childhood friends to co-workers. Wouldn’t it be useful to be able to send links and messages to all of your co-workers but not your friends, or vice-versa? Click on “Friends” from the Facebook menu, then all connections. If you’ve become a fan of a page or two, you’ll see that Facebook has already created two lists for you: Friends and Pages. To make more, scroll through your connection list and click to “Add to List” option to the right. You can create new lists from there, and add friends to multiple lists.

When you share a link, note, video or whatever, you can choose which list to send it to by clicking on the lock icon next to the “Share” button and choosing “Customize”.

There Are More

Did you know about these features? Are there other ones that you use that make your use of popular applications and web sites much more manageable? Leave a comment and let us know.

A few months ago, I blogged a bit about Google Wave, and how it might live up to the hype of being the successor to email.  Now that I’ve had a month or so to play with it, I wanted to share my initial reactions.  Short story: Google Wave is an odd duck, that takes getting used to. As it is today, it is not that revolutionary—in fact, it’s kind of redundant. The jury is still out.

Awkwardness

To put Wave in perspective, I clearly remember my first exposure to email.  I bought my first computer in 1987: a Compaq “portable”. The thing weighed about 60 pounds, sported a tiny green on black screen, and had two 5 and 1/4 inch floppy drives for applications and storage).  Along with the PC, I got a 1200 BPS modem, which allowed me o dial up local bulletin boards.  And, as I poked around, I discovered the 1987 version of email: the line editor.

On those early BBSes, emails were sent by typing one line (80 characters, max) of text and hitting “enter”.  Once “enter” was pressed, that line was sent to the BBS.  No correcting typos, no rewriting the sentence.  It was a lot like early typewriters, before they added the ability to strike out previously submitted text.

But, regardless of the primitive editing capabilities, email was a revelation.  It was a new medium; a form of communication that, while far more awkward than telephone communications, was much more immediate than postal mail.  And it wasn’t long before more sophisticated interfaces and editors made their way to the bulletin boards.

Google Wave is also, at this point, awkward. To use it, you have to be somewhat self-confident right from the start, as others are potentially watching every letter that you type.  And while it’s clear that the ability to co-edit and converse about a document in the same place is powerful, it’s messy.  Even if you get over the sprawling nature of the conversations, which are only minimally better than  what you would get with ten to twenty-five people all conversing in one Word document, the lack of navigational tools within each wave is a real weakness.

Redundant?

I’m particularly aware of these faults because I just installed and began using Confluence, a sophisticated, enterprise Wiki (free for nonprofits) at my organization. While we’ve been told that Wave is the successor to email, Google Docs and, possibly, Sharepoint, I have to say that Confluence does pretty much all of those things and is far more capable.  All wikis, at their heart, offer collaborative editing, but the good ones also allow for conversations, plug-ins and automation, just as Google Wave promises.  But with a wiki, the canvas is large enough and the tools are there to organize and manage the work and conversation.  With Wave, it’s awfully cramped, and somewhat primitive in comparison.

Too early to tell?

Of course, we’re looking at a preview.  The two things that possibly differentiate Wave from a solid wiki are the “inbox” metaphor and the automation capabilities. Waves can come to you, like email, and anyone who has tried to move a group from an email list to a web forum knows how powerful that can be. And Wave’s real potential is in how the “bots”, server-side components that can interact with the people communicating and collaborating, will integrate the development and conversation with existing data sources.  It’s still hard to see all of that in this nascent stage.  Until then, it’s a bit chicken and egg.

Wave starting points

There are lots of good Wave resources popping up, but the best, hands down, is Gina Trapini’s Complete Guide, available online for free and in book form soon. Gina’s blog is a must read for people who find the types of things I write about interesting.

Once you’re on wave, you’ll want to find Waves to join, and exactly how you do that is anything but obvious.  the trick is to search for a term “such as “nonprofit” or “fundraising” and add the phrase “with:public”. A good nonprofit wave to start with is titled, appropriately, “The Nonprofit Technology Wave”.

If you haven’t gotten a Wave invite and want to, now is the time to query your Twitter and Facebook friends, because invites are being offered and we’ve passed the initial “gimme” stage.  In fact, I have ten or more to share (I’m peterscampbell on most social networks and at Google’s email service).

Fans of this blog are likely fans of the other site I blog at, Idealware.  So you already know that Idealware offers a rich, valuable service to the nonprofit community with it’s reports, webinars, trainings and programs that help nonprofits make smart decisions about software.  One of the big challenges that Idealware faces is to maintain a high level of independence for their reporting.  If your goal is to be the Consumer Reports of nonprofit software, and you need funding in order to do that, you also need to be very careful about how you receive that funding, in order to make sure that no bias creeps through to your reporting. Laura Quinn, Idealware’s founder and primary force, has come up with a few clever models for eliminating such bias, but today she unleashed a more sustainable approach to funding that will greatly simplify the process.

The Idealware Research Fund will provide basic, pooled funding for the great work that Idealware does, keeping it independent, unbiased, and resourced to provide the critical insight that smooths the stormy waters when we embark on big and small technology projects. The fund was kicked off today with a goal of raising $15,000 by December 31st.  Please let people know about Idealware’s work and this opportunity to support them, and consider supporting them yourself, if you can afford to.

Note that my self-interest is minimal here.  I’m an unpaid, volunteer blogger at Idealware and will remain such.  I have been paid (via Techsoup) for a couple of articles I’ve written.  But my support and pitch here is based solely on my belief that Idealware does great, effective work and needs our support.

Sometimes it feels like the bane of my existence is my office phone. It’s so bad that I rarely answer it, preferring to forward it to Google Voice where I can peruse the barely readable transcripts just well enough to filter out the 90% cold sales calls I receive. So what a pleasure it was to answer my desk phone on Thursday and have an illuminating conversation with my Microsoft Licensing representative. He called to tell me that I own some awesome benefits that come with my Software Assurance program. I’m betting that I’m not the only one who was clueless about these benefits.

Microsoft Licensing, as you know, is the little-known tenth circle of hell. It’s a conceptual labyrinth of terms and conditions that was likely conceived by a team of the writers of the original “Prisoner” series with the advice of contract attorneys that graduated from law school 30 years ago and have never since seen the light of day.

Software Assurance is the tax we pay on our MicroSoft purchases that allows us to upgrade to the newest versions without paying upgrade fees (as long as we’ve paid our software assurance fees, of course). I assume that this is of interest to Idealware readers because most of us pick up a lot of our MS software from Techsoup Stock, and the Techsoup Stock donations come with Software Assurance, not without.

But Microsoft isn’t evil; they’re just bureaucratic, and every now and then a few smart people step up out of the morass and do things that I appreciate. These Software Assurance benefits include:

This isn’t fluff. We’ve been paying full price for Office at home (more than we do at work) and I’ve purchased E-Training on MS products and an MSDN subscription (fairly equivalent to Technet) because I had no idea that I already owned them. It makes me feel much better about what seemed like a pre-emptive insurance program that makes me commit to the next version of MS products before I’m ready to make that commitment, at times.

Of course, this is smart business for Microsoft. With Google announcing that their Google Apps offering will be on a feature par with Office within a year, and OpenOffice under active development as a pretty comparable alternative, you don’t want your business customers to get too comfortable with those free alternatives at home. It’s just surprising to me that, for years, this was buried in the small print section of eOpen, and not broadcast widely. So I’m doing MS a favor and blowing the horn on this one.

To access these benefits, log onto eOpen (which I hope you’re using to manage MS licenses!) and once you’ve signed in and clicked “unhide licenses”, find your last Techsoup order (or a similar large purchase) and open it up. The very first link in the license detail should be “Start and Manage your Software Assurance Benefits”. Clicking on that will pop you to a paragraph that includes a link to the “Software Assurance Benefits Management Tool”. Click on that to get the benefits. The more MS software you’ve bought, the more tedious this will be: there are benefits associated with each Software Assurance purchase, so you’ll need to register this way for every relevant order. But it sure beats paying for these things at Best Buy!

Last week, I shared a lengthy piece that could be summed up as:

“in a world where everyone can broadcast anything, there is no privacy, so transparency is your best defense.”

(Mind you, we’d be dropping a number of nuanced points to do that!)

Transparency, it turns out, has been a bit of a meme in nonprofit blogging circles lately. I was particularly excited by this post by Marnie Webb, one of the many CEO’s at the uber-resource provider and support organization Techsoup Global.

Marnie makes a series of points:

I’ve made the case before for shared outcomes reporting, which is a big piece of this. Sharing and transparency aren’t traditional approaches to our work. Historically, we’ve siloed our efforts, even to the point where membership-based organizations are guarded about sharing with other members.

The reason that technologists like Marnie and I end up jumping on this bandwagon is that the tech industry has modeled the disfunction of a siloed approach better than most. early computing was an exercise in cognitive dissonance. If you regularly used Lotus 123, Wordperfect and dBase (three of the most popular business applications circa 1989) on your MS-DOS PC, then hitting “/“, F7 or “.” were the things you needed to know in order to close those applications respectively. For most of my career, I stuck with PCs for home use because I needed compatibility with work, and the Mac operating system, prior to OSX, just couldn’t easily provide that.

The tech industry has slowly and painfully progressed towards a model that competes on the sales and services level, but cooperates on the platform side. Applications, across manufacturers and computing platforms, function with similar menus and command sequences. Data formats are more commonly shared. Options are available for saving in popular, often competitive formats (as in Word’s “Save As” offering Wordperfect and Lotus formats). The underlying protocols that fuel modern operating systems and applications are far more standardized. Windows, Linux and MacOS all use the same technologies to manage users and directories, network systems and communicate with the world. Microsoft, Google, Apple and others in the software world are embracing open standards and interoperability. This makes me, the customer, much less of an innocent bystander who is constantly sniped by their competitive strategies.

So how does this translate to our social service, advocacy and educational organizations? Far too often, we frame cooperation as the antithesis to competition. That’s a common, but crippling mistake. The two can and do coexist in almost every corner of our lives. We need to adopt a “rising tide” philosophy that values the work that we can all do together over the work that we do alone, and have some faith that the sustainable model is an open, collaborative one. Looking at each opportunity to collaborate from the perspective of how it will enhance our ability to accomplish our public-serving goals. And trusting that this won’t result in the similarly-focused NGO down the street siphoning off our grants or constituents.

As Marnie is proposing, we need to start discussing and developing data standards that will enable us to interoperate on the level where we can articulate and quantify the needs that our mission-focused organizations address. By jointly assessing and learning from the wealth of information that we, as a community of practice collect, we can be far more effective. We need to use that data to determine our key strategies and best practices. And we have to understand that, as long as we’re treating information as competitive data; as long as we’re keeping it close to our vests and looking at our peers as strictly competitors, the fallout of this cold war is landing on the people that we’re trying to serve. We owe it to them to be better stewards of the information that lifts them out of their disadvantaged conditions.

Yes, we do Twitter requests!

To break down that tweet a bit, kanter is the well-known Beth Kanter of Beth’s blog. pearlbear is former Idealware blogger and current contributor Michelle Murrain, and Beth asked us, in the referenced blog post, to dive a bit into internet security and how it contrasts with internet privacy concerns. Michelle’s response, offers excellent and concise definitions of security and privacy as they apply to the web, and then sums up with a key distinction: security is a set of tools for protecting systems and information. The sensitivity of that data (and need for privacy) is a matter of policy. So the next question is, once you have your security systems and policies in place, what happens when the the policies are breached?

Craft a Policy that Minimizes Violations

Social media is casual media. The Web 2.0 approach is to present a true face to the world, one that interacts with the public and allows for individuals, with individual tastes and opinions, to share organizational information online. So a strict rule book and mandated wording for your talking points are not going to work.

Your online constituents expect your staff to have a shared understanding of your organization’s mission and objectives. But they also expect the CEO, the Marketing Assistant and the volunteer Receptionists to have real names (and real pictures on their profiles); their own online voices; and interests they share that go beyond the corporate script. It’s not a matter of venturing too far out of the water—in fact, that could be as much of a problem as staying too close to the prepared scripts. But the tone that works is the one of a human being sharing their commitment and excitement about the work that they (and you) do.

Expect that the message will reflect individual interpretations and biases. Manage the messaging to the key points, and make clear the areas that shouldn’t be discussed in public. Monitor the discussion, and proactively mentor (as opposed to chastising) staff who stray in ways that violate the policy, or seem capable of doing so.

The Case for Transparency

Transparency assumes that multiple voices are being heard; that honest opinions are being shared, and that organizations aren’t sweeping the negative issues under the virtual rug. Admittedly, it’s a scary idea that your staff, your constituents, and your clients should all be free to represent you. The best practice of corporate communications, for many years, was to run all messaging through Marketing/Communications experts and tightly control what was said. I see two big reasons for doing otherwise:

We no longer have a controlled media.

Controlled messaging worked when opening your own TV or Radio Station was prohibitively expensive. Today, YouTube, Yelp and Video Blogs are TV Stations. Twitter and Facebook Status are radio stations. The investment cost to speak your mind to a public audience has just about vanished.

We make more mistakes by under-communicating than we do by over-communicating.

Is the importance of hiding something worth the cost of looking like you have something to hide? At the peak of the dot com boom, I hired someone onto my staff at about $10k more (annually) than current staff in similar roles were making. An HR clerk accidentally sent the offer letter to my entire staff. The fallout was that I had meaningful talks about compensation with each of my staff; made them aware that they were getting market (or better) in a rapidly changing market, and that we were keeping pace on anniversary dates. Prior to the breach, a few of my staff had been wrongly convinced that they were underpaid in their positions. The incident only strengthened the trust between us.

The Good, the Bad, and the Messenger

Your blog should allow comments, and—short of spam, personal attacks and incivility—shouldn’t be censored. A few years ago, a former employee of my (former) org managed to register the .com extension of our domain name and put up a web site criticizing us. While the site didn’t get a lot of hits, he did manage to find other departed staff with axes to grind, and his online forum was about a 50-50 mix of people trashing us and others defending. After about a month, he went in and deleted the 50% of forum messages that spoke up for our organization, leaving the now one-sided, negative conversation intact. And that was the end of his forum; nobody ever posted there again.

There were some interesting lessons here for us. He had a lot of inside knowledge that he shared, with no concern or allegiance to our policy. And he was motivated and well-resourced to use the web to attack us, But, in the end, we didn’t see any negative impact on our organization. The truth was, it was easy to separate his bias from his “inside scoops”, and hard to paint us in a very negative light, because the skeletons that he let out of our closet were a lot like anybody else’s.

What this proves is that message delivery accounts for the messenger. Good and bad tweets and blog posts about your organization will be weighed by the position and credibility of the tweeter or blogger.

Transparency and Constituent Data Breaches

Two years ago, a number of nonprofits were faced with a difficult decision when a popular hosted eCRM service was compromised, and account information for donors was stolen by one or more hackers. Thankfully, this wasn’t credit card information, but it included login details, and I’m sure that we all know people who use the same password for their online giving as they do for other web sites, such as, perhaps, their online banking. This was a serious breach, and there was a certain amount of disclosure from the nonprofits to their constituents that was mandated.

Strident voices in the community called for full disclosure, urging affected nonprofits to put a warning on the home page of their web sites. Many of the organizations settled for alerting every donor that was potentially compromised via phone and/or email, determining that their unaffected constituents might not be clear on how the breach happened or what the risks were, and would simply take the home page warning as a suggestion to not donate online.

To frame this as a black and white issue, demanding that it be treated with no discretion, is extreme. The seriousness and threat that resulted from this particular breach was not a simple thing to quantify or explain. So it boils down to a number of factors:

• Scope: If all or most of your supporters are at risk, or the number at risk is in the six figure range, it’s probably more responsible, in the name of protecting them, to broadcast the alert widely. If, as in the case above, those impacted are the ones donate online, then that’s probably not close to the amount that would fully warrant broad disclosure, as even the strident voice pointed out.

• Risk: Will your constituents understand that the notice is informational, and not an admission of guilt or irresponsibility in handling their sensitive data? Alternatively, if this becomes public knowledge, would your lack of transparency look like an admission of guilt? You should be comfortable with your decision, and able to explain it.
• Consistency: Some nonprofits have more responsibility to model transparency than others. If the Sunlight Foundation was one of the organizations impacted, it’s a no-brainer. Salvation Army? Transparency isn’t referenced on their “Positions” page.
• Courtesy: Some constituencies are more savvy about this type of thing than others. If the affected constituents have all been notified, and they represent a small portion of the donor base, it’s questionable whether scaring your supporters in the name of openness is really warranted.

Since alternate exposure, in the press or community, is likely to occur, the priority is to have a consistent policy about how and when you broadcast information about security breaches. Denying that something has had happened in any public forum would be irresponsible and unethical, and most likely come right back at you. Not being able to explain why you chose not to publicize it on your website could also have damaging consequences. Erring on the side of alerting and protecting those impacted by security breaches is the better way to go, but the final choice has to weigh in all of the risks and factors.

Conclusion

All of my examples assume you’re doing the right things. You have justifiable reasons for doing things that might be considered provocative. Your overall efforts are mission-focused. And the reasons for privacy regarding certain information are that it needs to be private (client medical records, for example); it supports your mission-based objectives by being private, and/or it respects the privacy of people close to the information.

No matter how well we protect our data, the walls are much thinner than they used to be. Any unfortunate tweet can “go viral”. We can’t put a lock on our information that will truly secure it. So it’s important to manage communications with an understanding that information will be shared. Protect your overall reputation, and don’t sweat the minor slips that reveal, mostly, that you’re not a paragon of perfection, maybe, but a group of human beings, struggling to make a difference under the usual conditions.