The Network Program is moving towards formalizing our data, security, and privacy standards to make strides towards more protection for people we interact with within and outside of the Network. Code for America is in the process of hiring a Privacy Manager who will help support this effort.

Items We Hope to Address

• How CfA uses Brigade and volunteer data
• How Brigades use Brigade and volunteer data
• Network program privacy & security best practices and templates
• Brigade account and data retention
• Volunteer data usage
  • What are the limits to “solo experimentation” when a volunteer has access to program data?
  • How do we define sensitive data, or data that gains increased sensitivity in aggregate?
  • Where does open data become program data?

Note: This is not an exhaustive list

Policy on Brigade Accounts for Tools

One of the major items we’ll explicitly address in the Brigade MOU is how long the Network Team will retain Brigade accounts for tools/services we provide. Note that there will be exceptions, such as:

• The Brigade has temporarily paused its activities but plans to resume within six months or is actively recruiting for leadership

• The Brigade member has requested a 1-month extension to transition off a Brigade project or CfA account (e.g., the Brigade member has several accounts tied to their CfA email and needs to change the email addresses on said accounts, the Brigade member needs to transfer a Heroku project to a partner organization, etc.)

• The Brigade project supported by an in-kind is still active and in use by its audience, and there is a plan for Network volunteers to maintain the project through the Projects Branch.

Prompts for Discussion

Share your thoughts in the comments section below.

• What else do you hope can be addressed or clarified?

• What are your thoughts about the retention policy on Brigade accounts for tools outlined in the table above?

Can I like this more than once?

I am delighted that plans are underway to hire a Privacy Manager.

One thing I would like to see added to the list is the expectation that, to the extent possible, Brigades’ online presences should be accurate. For example, if a Brigade is “on break” or otherwise inactive, its online presence (at a minimum, Brigade website, CfA website, and Meetup) accurately reflect that to potential new volunteers. This might mean the website has a banner that says “We are on break for first quarter of 2023.” Providing current, accurate information is part of being accountable to communities. If there is an appropriate backup contact to designate, that contact should be listed. If the circumstances of the break make it impossible for Brigade leaders to make those updates, Network staff should make them to the extent possible. Making sure those listed as leaders are currently serving as leaders would also be part of this expectation.

Overall I am a huge fan of the steps proposed here. Thank you all for putting this proposal forward.

I agree that Brigades should keep their online presence up to date. I will say it is a perennial challenge at Code for Boston. Our website is open for contributions on GitHub but rarely do project teams proactively update their status. If I don’t do it, it often does not happen. My recommendation is to make sure CfA has a credential to most brigade web and other presences such that CfA staff can do this if the Brigade volunteers don’t think to.

I think it would also be worth mentioning Brigade Slack Workspaces that represent themselves with their official Code for America names. At a minimum, I believe there should be a set of norms around owner and admin roles on these Slacks.

Here’s what was added in the Participatory Governance area at Brigade Congress:

• How are partners like DemocracyLab using volunteer’s data?

IMG_80991920×2560 403 KB

Please see DemocracyLab’s Privacy Policy for information about how DemocracyLab uses volunteer’s data. Thanks!