sensitively informing group that discussion isn't 100% private
September 12, 2016 2:38 PM Subscribe
I am a moderator for a private discussion board affiliated with a larger website. (There are many other public and private boards on the site.) Another moderator recently learned that the website staff can and do access all private boards to investigate complaints. Although this isn't totally surprising, it is not something made clear to members. The website management have indicated that although this access is "not a secret," they would prefer it not be widespread knowledge. However, the other moderator and I feel that we have a duty to inform our private board members, so they're aware our board is not entirely private and may be read by website staff. We want to do it in a sensitive way in order not to alarm people who are already feeling vulnerable. Can you suggest some appropriate wording?
I am one of the moderators on a private discussion board for women who have had a termination (abortion) for a specific serious but not always fatal medical condition. There are many people who feel it's their duty to tell us we are monsters. The private board exists to provide a safe space for women in this situation to process, grieve, and support each other, free from fear of this kind of judgment. More than one member, myself included, feels this board has saved our mental health during a horrible time, and many of us have formed friendships on the boards.
Another moderator recently discovered by accident that all website staff can and do access private boards. (I am not totally surprised by this, but it's not made clear anywhere on the website.) A staff member was not careful and left traces of herself by "liking" comments while lurking on private posts. The staff member's supervisor said that staff are only supposed to enter private boards to investigate specific reports or complaints, and are not supposed to just lurk out of curiosity. (They would not say what the specific complaint was, "for privacy reasons," but said they were satisfied it had no basis.)
We've been reassured the website management will review the policies with all staff and they will undergo more privacy training. At the same time, it was strongly implied they don't want the staff's ability to read private boards to be widespread knowledge.
The other moderator and I feel we have a duty to inform our private board members and make it clear that there may be non board members--website staff--who read our posts, but also make it clear the narrow parameters within which they are allowed to do it. It's important that we inform in a way that isn't fearmongering or alarming. Can you suggest some good wording?
I am one of the moderators on a private discussion board for women who have had a termination (abortion) for a specific serious but not always fatal medical condition. There are many people who feel it's their duty to tell us we are monsters. The private board exists to provide a safe space for women in this situation to process, grieve, and support each other, free from fear of this kind of judgment. More than one member, myself included, feels this board has saved our mental health during a horrible time, and many of us have formed friendships on the boards.
Another moderator recently discovered by accident that all website staff can and do access private boards. (I am not totally surprised by this, but it's not made clear anywhere on the website.) A staff member was not careful and left traces of herself by "liking" comments while lurking on private posts. The staff member's supervisor said that staff are only supposed to enter private boards to investigate specific reports or complaints, and are not supposed to just lurk out of curiosity. (They would not say what the specific complaint was, "for privacy reasons," but said they were satisfied it had no basis.)
We've been reassured the website management will review the policies with all staff and they will undergo more privacy training. At the same time, it was strongly implied they don't want the staff's ability to read private boards to be widespread knowledge.
The other moderator and I feel we have a duty to inform our private board members and make it clear that there may be non board members--website staff--who read our posts, but also make it clear the narrow parameters within which they are allowed to do it. It's important that we inform in a way that isn't fearmongering or alarming. Can you suggest some good wording?
You need to clarify your internal privacy policy first, and then craft the messaging to your users. Once you have a clear policy (for example: staff members may review contents of the board in the event of complaints; they will limit themselves to viewing posts tied to the complaint they are investigating, and in no case will they participate in the discussions) then you can clearly articulate it to your users.
posted by fingersandtoes at 3:47 PM on September 12, 2016
posted by fingersandtoes at 3:47 PM on September 12, 2016
Is this a paid gig?
If not "Some of you may have noticed the likes by Snoopy McStafferson. Staff can, and have always been able to, check all the boards for security reasons, but forum policy is that they don't unless there is an issue. Snoopy is being counselled and shouldn't lurk here again. If anyone wants content deleted or handles changed please let us know. "
posted by taff at 3:47 PM on September 12, 2016 [5 favorites]
If not "Some of you may have noticed the likes by Snoopy McStafferson. Staff can, and have always been able to, check all the boards for security reasons, but forum policy is that they don't unless there is an issue. Snoopy is being counselled and shouldn't lurk here again. If anyone wants content deleted or handles changed please let us know. "
posted by taff at 3:47 PM on September 12, 2016 [5 favorites]
A thought- is Snoopy perhaps someone who has had a termination also? Perhaps they're more than disinterested staff. Or maybe they mistakenly used their staff login when they usually have a member handle to visit. Is that possible?.
posted by taff at 3:52 PM on September 12, 2016 [1 favorite]
posted by taff at 3:52 PM on September 12, 2016 [1 favorite]
Mod note: Clarification from the OP:
Those of us who are moderators don't work for the site and have no control over the site's privacy policies nor its communications about these policies (or anything)--we are not staff but volunteers.posted by LobsterMitten (staff) at 4:40 PM on September 12, 2016
Seconding update your privacy policy to make it clear that website staff have access for administrative purposes.
It sounds to me like you have been operating on an assumption of privacy that is not realistic and never was. So, you might also want to update your posting policies in a way that makes it clear that people need to be mindful of the fact that you never know who all can read something. If all you need is an email address to join, then your boss, mother in law or other party might join without your knowledge. You might want to go over some information security best practices, such as using nicknames, not stating your location or other identifying info, etc. If they make friends, they can share that info elsewhere.
Frame it something like "We have recently become aware of certain concerns, thus we are updating our policies. There has been no security breach, but now that we are aware of these concerns, we would be happy to delete (or edit or whatever) anything if you feel the need."
The above wording is semi inspired by legal wording used in letters I had to write for a job I had that was regulated by HIPAA, among other things.
I have been on email lists with sensitive info where they did not keep an archive or where they purged the archive periodically for protection of its members. They always made it clear that you need to be mindful of the fact that you do not know who else is a member and they suggested the use of nicknames and so forth.
posted by Michele in California at 5:21 PM on September 12, 2016 [1 favorite]
It sounds to me like you have been operating on an assumption of privacy that is not realistic and never was. So, you might also want to update your posting policies in a way that makes it clear that people need to be mindful of the fact that you never know who all can read something. If all you need is an email address to join, then your boss, mother in law or other party might join without your knowledge. You might want to go over some information security best practices, such as using nicknames, not stating your location or other identifying info, etc. If they make friends, they can share that info elsewhere.
Frame it something like "We have recently become aware of certain concerns, thus we are updating our policies. There has been no security breach, but now that we are aware of these concerns, we would be happy to delete (or edit or whatever) anything if you feel the need."
The above wording is semi inspired by legal wording used in letters I had to write for a job I had that was regulated by HIPAA, among other things.
I have been on email lists with sensitive info where they did not keep an archive or where they purged the archive periodically for protection of its members. They always made it clear that you need to be mindful of the fact that you do not know who else is a member and they suggested the use of nicknames and so forth.
posted by Michele in California at 5:21 PM on September 12, 2016 [1 favorite]
Somewhere on most boards, there's a pinned FAQ or welcome message. I'd mention it in there and make clear that while the board is somewhere to share, members need to take measures to protect their own privacy. I find that people don't get this; they use their real names or the same handle they use everywhere and give out identifying information all the time even though they know that all they did was sign up with an email address. If we're talking about Facebook or something similar where there are names and photos, I'd be explicit: "please remember that admin will allow almost everyone to join and only remove members for policy violations." If this is a public group, even if your profile is completely locked down, your posts in that group will be visible to the public.
People who want access to members information and stories often take the position that if it's easily accessible online, then it's not private and they can use it. They liken it to listening to a conversation in a public space. I'm thinking of researchers in particular. Sometimes they'll obscure identities but lots of people don't as a way of crediting their source/providing a reference.
Bottom line, if it's easy to join, it's just not private.
posted by stellathon at 3:13 PM on September 13, 2016 [1 favorite]
People who want access to members information and stories often take the position that if it's easily accessible online, then it's not private and they can use it. They liken it to listening to a conversation in a public space. I'm thinking of researchers in particular. Sometimes they'll obscure identities but lots of people don't as a way of crediting their source/providing a reference.
Bottom line, if it's easy to join, it's just not private.
posted by stellathon at 3:13 PM on September 13, 2016 [1 favorite]
This thread is closed to new comments.
posted by Vaike at 3:44 PM on September 12, 2016 [1 favorite]