This document is a data use policy given the systems and technology that we currently use to manage data for chapter members and allies. This is not a legal document. The goal is to have a set of expectations that members and allies can trust the chapter is working towards and hold it accountable to. This document will be republished yearly or as needed with updates to the tools used. Any larger changes must be approved by the steering committee.
If you would like to be involved in any of these projects, please reach out to the operations committee via either #operations on Slack or at firstname.lastname@example.org.
- First approved by the Steering Committee: 6/21/2020
- Second update, approved by the Steering Committee: 2/3/2021
- Major changes: Accuracy, clarity, and updates to changed practices; requires that MDA must be approved annually by the SC; requires that members must sign a data access agreement before receiving access; update to access to data when involved in a grievance
- Third update, minor changes only: 3/25/2021
- Minor changes: Updates to changed practices, including clarifying that this policy applies to data provided by nonmembers as well
Chapter data management
TL;DR: Use common sense, common courtesy, and caution when it comes to gathering, storing, or using personal information.
Personal information will never be shared outside of the chapter, in whole, in part, or in aggregate, except with third party technical services we rely on for communications and list management and/or approved data sharing with coalition partners during communications or actions coordinated by the chapter. We will not collect any additional, private information that you have not voluntarily given to the DSA. We will be transparent to membership with any information we choose to collect, and we will not collect needless data.
One or more member data administrator(s) shall be designated by the Operations Committee and the Steering Committee. The Steering Committee will confirm the data administrator(s) through a yearly vote in October. These administrator(s) will be identified to the chapter in a pinned message on the #operations and #inreach-turnout channels on Slack, the chapter Wiki, and lists of chapter leadership. The member data administrator is responsible for processing and protecting all member data lists when received from National. The data will be kept in a secure location.
Secure location currently means: a private Airtable database accessible only by the Operations Coordinator, the Technology Coordinator, an appointed member data administrator, and the co-chairs.
Aggregated data may be made available to members, such as data visualizations of member density, certain survey or voting responses, or demographic information of the chapter. This data will only be available via channels such as Slack, the newsletter, or TCDSA meetings.
A member data administrator, either co-chair, or Tech Coordinator may grant partial or complete data access to other members of TCDSA for the purposes of chapter business, such as the newsletter and event turnout. Complete member lists generated for branch, working group, or other miscellaneous projects must be approved through a vote of the Steering Committee. Before being entrusted with data access, the member must have been active for at least six months and sign the data use agreement found at tcdsa.org/agree. Newer members may receive limited, temporary data access for purposes of neighborhood, inreach, and turnout organizing. Nonmember allies may be granted access only when approved by the Steering Committee. When members are granted data access for any reason, they should first be thoroughly trained on the appropriate use and handling of personal data by the Tech Coordinator, either co-chair, or the member data administrator. This training will be developed and begin within one month of this policy’s adoption. A slide deck can be found at tcdsa.org/Data101.
Organizers may not create or maintain records for themselves outside of organizing purposes and they must keep all data in a secure location. Any member doing or coordinating chapter organizing work must commit to using chapter databases or reporting any contact results or changed contact information to the member data administrator. Members may not externally share information they obtain during this work unless it is relevant to the project (e.g. notes in the database are good; tweeting screenshots of private conversations without permission is bad). It is also the responsibility of the member data administrator or either co-chair to remove data access and destroy or securely store paper lists (e.g. walksheets, sign in sheets, written surveys) at the end of a project.
Secure location currently means (non-exhaustively):
- for organizing and communication purposes, a contact management system, EveryAction, available to approved members;
- for newsletter purposes, a MailChimp database accessible to members of the Operations/Communications Committee involved in newsletter coordination (an option phasing out in early 2021).
Branch, working group, caucus, etc. data management
Data obtained by branches, working groups, etc. by other methods (such as sign in sheets, surveys, and email lists), including data of nonmember community allies, will also be maintained in a secure location. Access to this data will be given only to those who have a need for it (such as branch and chapter leadership, data management, and inreach). When reasonable, changed member contact details will be communicated with the member data administrator for the most accurate data possible throughout the chapter. Members can update their information with the chapter at tcdsa.org/updateinfo.
Chapter leaders may request member or voter lists from the member data administrator, tech coordinator or either co-chair with clear parameters (e.g. the Ramsey County branch may request active members in Ramsey County, meeting turnout coordinators may request people who have not attended a meeting in the last year, the electoral branch may request a list of members in Ward 4, etc.). Requests for non-EveryAction data access can be made at tcdsa.org/access.
Voter file information will be subject to the same restrictions, except where it is out of the control of the chapter. Some data management tools provided to us by National may have provisions for limited data sharing with allied organizations (not the DNC). The chapter will be transparent about the use of these tools. Currently, the only voter data tool the chapter uses is the TargetSmart voter file on NGP VAN, through National’s membership in The Movement Cooperative.
TCDSA leadership has advised branch, working group, interest group, caucus leaders, and organizers that strategic or personal data should not be stored or tracked in insecure locations (such as Google Docs, Forms, or Sheets that are available to anyone with the link) and has encouraged them to be cautious with what they choose to record. However, there is a chance that branches may store and share data via unsecured means. The chapter will make sure that all branches are trained and aware of responsible data practices and tools (some of which will be provided by the chapter or National), but ultimately they are responsible for any data that they create or collect.
Information security for applications/accounts
- Tech Coordinator and designees will be authorized to grant access to chapter-wide applications and accounts. This does not include accounts and applications set-up by individual branches (such as Airtables or Keybases).
- A list of applications and accounts used by the TCDSA will be pinned in the #operations channel on slack, along with members authorized to create or distribute passwords for access.
- A database will be maintained that tracks what members have access to an application or account. This database will be maintained by the members who authorize access. This database will be available to members upon request.
- No members will have access to an account or app unless they are actively going to use it in the foreseeable future. A member’s access rights will change to accommodate their role in the organization.
Other miscellaneous but important things
- The membership list may only be used to promote TCDSA activities.
- The membership list may not be used to promote political candidates unless the candidate is endorsed. Likewise, the membership list may not be used to promote third party organizations or activities unless TCDSA is acting as a co-host and/or when approved by the Steering Committee.
- TCDSA will not provide member data to any criminal investigations, unless served by a warrant or subpoena. This sentence will be removed from this document in its next revision if we are forced by a warrant or subpoena to disclose member information to a criminal investigation.1 We expect but cannot guarantee the same protection from any third party services.
- Any member may opt out of any communication method at any time, and that information will be conveyed as rapidly as possible to the member data administrator or Tech Coordinator to change the database accordingly. Any member can request that their data be removed from the chapter database at any time, with or without cause. Members should communicate requests for removal from National or branch databases directly to National or branches.
- It is the responsibility of TCDSA leadership and members alike to secure permission before sharing their comrades’ likeness (images, videos, or any other identifiable information such as social media handles or names) in any medium, including and especially public social media. Members can request at any time that any image, post, or other such public communication that includes their likeness be removed or obfuscated. Such requests should be honored in a timely fashion, to the best of one’s ability.
- By participating in chapter-wide and branch communication mediums like text messages, Spoke, Slack, Signal, Keybase, or via email, members are voluntarily sharing their information with others and should be aware of the risks inherent in sharing such data. All social mediums should be considered public, including encrypted ones.
- Any member who is involved in a grievance process may have access to member data removed at the discretion of the Grievance Committee, who will notify the member data administrator(s) or the Steering Committee if access must be restricted for an administrator. It is the responsibility of the Grievance Committee to inform the co-chairs, Steering Committee, Tech Coordinator and member data administrator of any restrictions as they begin and end.
1 This is a warrant canary. Definition of a warrant canary here.