As your membership software platform, we process your member’s data according to your instructions, where your instructions include the actions you take (for example, when you click “Email” to email your members), as well as the various settings you’ve selected in the software. In legal terms, we function as your Data Processor, and you are the Data Controller.
With the General Data Protection Regulation (GDPR) and many other data privacy and security laws going into effect all over the world, organizations are now held responsible for protecting their members’ data and privacy. So it is important to understand how the different actions and settings within our software affect the privacy and security of your member’s data.
For example, when you publish a members directory on a public web page, you are exposing the information in each member’s profile to the public. If you download your member’s data into a CSV file and place that file in a place where it can be downloaded by anyone, then you are also exposing the member’s information to the public.
In this post, we look at how different features in MembershipWorks affect what data is public and what data is private, best practices to adopt, and also what practices to avoid.
A directory profile is the most obvious way your member’s data is exposed to the public. If you do not want members (or members of specific membership levels) listed in a directory, to ensure that their data is not accidentally exposed, make sure that the setting “allow these members to be listed in directory” is unchecked under each membership level’s settings under Labels & Membership.
If you do publish a members directory, you will want to ensure that your members consent to be listed. Typically you would have mentioned this as a benefit of membership on your website, but we recommend re-visiting your website to ensure there is no possible ambiguity that they are giving consent. We also recommend adding the privacy fields to allow your members to opt out of being listed altogether, or to opt out of having certain personal information listed.
MembershipWorks offers a number of privacy fields:
- Do not list in directory
- Do not show street address
- Do not show phone number
- Do not show mobile number
- Do not show contact name
- Do not allow messaging
If the “Do not list in directory” field is enabled, then the member’s data would not be exposed in the directory at all. The other settings allow members to opt out of having certain information being listed – the street address of the “Address” field, the “Phone” field, the “Mobile” field, and the “Contact Name” field.
Do note that these apply for the standard account Address, Phone, Mobile and Contact Name fields, and do not apply to any custom fields even if you label them as “Phone” or “Address”.
The last privacy field allows your members to opt out of allowing others to send an email message to them from the directory.
Protecting Email Addresses
Spammers are constantly looking to add to their spam email lists and if you display your members’ email addresses in your members directory, that can be easily harvested by spammers. You should be aware that there are a number of different laws that may prohibit you from publishing email addresses without direct individual consent from each member – such as the CAN-SPAM act (USA), CASL (Canada), and more.
By default, MembershipWorks does not display any email addresses in a directory. Instead we provide a messaging feature that allows users to send an email to your member through the directory, in a way that protects the email address of the member as much as possible.
Messaging From Directory
The “Contact Information” box in the directory allows users to send an email message to your members without exposing the email address of your member first. When a user clicks on “Send A Message”, before the email is sent to the member, our system checks that the email address of the sender is valid by sending them a verification email. Then our system passes the email through an automated spam checker. If the email address is valid and passes the spam checker, then our system will send the email message on to your member.
To further protect your members from spam, we limit the number of messages a user can send per day, and we also include a report spam link in the email we deliver to allow your members to report spam messages, which allows us to block those users in the future.
Do note that even with protections in place, no one can guarantee complete protection from spam – it is still possible for a spammer to use a disposable gmail or yahoo email address, and send a message that would not be caught by the automated spam filter. But so long as the member does not reply to the message (note that includes automated replies) the sender will never know their email address. If your members do encounter spam, encourage them to click on the “Report Spam” link so we can blacklist those senders. Remember your members can also opt out of messaging from the directory by enabling the “Do not allow messaging” privacy field, provided that you add that field to the membership form templates.
Fields in Directory Profile & Directory List
With our Directory Profile and Directory List customization options you can display any field, including custom fields, in the HTML content of the directory profile or the directory cards.
If you created custom fields that will be displayed in the member’s directory profile or directory cards, it should be clear to the member that they are consenting to having the data displayed. Be aware of the responsibility and liability if you obtain and publish any sensitive information such as health records, social security numbers, etc. Consult with a legal representative if you have any concerns about the data you are collecting and publishing.
Members Only Directory
To limit access to your members directory to certain users only, you can enable the visibility setting “show only if user viewing page has any of these folders/labels” for every tab of the Directory Profile template under Customization. Note that this is the third visibility setting that deals with what folders/labels the user viewing the page has to have, not to be confused with the first setting which deals with the folders/labels for the account that is being displayed.
If every tab of the directory profile is restricted to certain users, then the entire directory becomes restricted and your members directory data cannot be accessed by the public or bots.
If you are using WordPress, be aware that using the [memberonly] shortcode on your directory page does not secure your member data the same way; the data is still technically available through our API. If you wish to limit access to your members directory to certain users, always use the visibility settings under Customization > Directory Profile, which will block the data through our API as well.
Even if your directory is restricted to members only, we still recommend that you consider carefully what data is exposed through the directory, obtain consent from members to be listed and offer them opt out options through the privacy fields. All you need is one bad actor (especially if you offer free memberships or trials), and your organization can still be liable.
Giving Your Members Access To Their Data
GDPR allows members to request all the personal data you have collected from them. The simplest way to accomplish this is to add all the data fields that contain personal data to the Member Manage template. You can also provide members with their payment and event history by adding “Payment/Invoice History” boxes to the Member Manage template.
Exposing Data Through Emails
Emails are not encrypted, so they could be read by any of the servers relaying the email message. Do not send any sensitive information such as social security numbers, healthcare data, credit card numbers, etc through emails.
Data Shared With Third-Parties
When you setup MembershipWorks to integrate with your payment gateway (Stripe, Paypal, Authorize.net, Braintree), or services such as MailChimp, Xero/QuickBooks, and Website Toolbox, the nature of the integration requires that we pass on personal data to those third-party services. Please check with these service providers so you are aware of what data is stored with each service, whether you need to take any action to secure your members’ data on those services, and what tools or settings are available to you.
Your Organization Security
The most common cause of a data or security breach is the use of insecure passwords. Make sure you and all administrators with access to the system use secure passwords. Set a different password for every service you use – your MembershipWorks password should be different from your payment gateway password, which should be different from your website content management system password, and so on. This ensures that if one service is compromised, it would not compromise every other system you use.
Because your members are accessing their membership through your website, they are trusting your website and by extension your website server. Access to your website (through the CMS, cPanel, PHPMyAdmin, SSH, FTP, etc) should be carefully secured. If your web server is breached, hackers will be able to install malware to capture personal and credit card data from your members, without having to access MembershipWorks at all. Note that this is a separate issue from having to obtain/install a SSL certificate.
Check your computers regularly for viruses and malware. If your computer is compromised, then all your membership data would be compromised since that data can be accessed through your computer while you are signed in.
Handle all membership data you have outside of MembershipWorks with care – if you downloaded member data into a CSV file, be careful about where the file is stored. If the data is shared in any way (eg. if you email the file to someone else, if you use a file sharing service), personal data could be exposed or breached there.