Non-profits, co-ops, and other organizations that depend upon volunteers often have challenges when it comes to protecting corporate information assets against individuals who leave the organization.
For example, I’ve recently been dealing with a situation involving the use of Yahoo Groups. While it’s a great way to share information with a group of people, here’s what can happen:
- A volunteer sets up a group on behalf of the corporation, bearing the corporate name.
- The volunteer runs the group for a while but subsequently decides to leave the role.
- The volunteer refuses to turn over control of the group to a board member.
- When pressed on the issue, the volunteer claims that the group is inaccessible because it hasn’t been used for a while.
- When pressed further, the volunteer deletes the group including all content.
Unethical volunteers (and employees) can create disruptive scenarios. In this case, they have the potential to impact communication with group members and information can be quickly lost. While criminal and civil proceedings can be initiated after the fact, the disruption has already occurred.
In an ideal world, there would be services available that take these issues into account. For example, one could have multiple administrators and require two of them to approve sensitive transactions. But until services like that exist, your best defence is to recognize what can happen, ensure that someone other than the group administrator has a copy of all documents and maintains a list of participant’s email addresses so that they can be contacted if an issue arises.
Have another suggestion? Please comment and let me know!