New Majority Guide: Securing Member Lists And Accounts
A practical guide for protecting Personally Identifiable Information for organizations
The most valuable asset and greatest strength of our organization is our membership. Protecting member lists and other sensitive information, therefore, is a critical responsibility of a chapter’s or organization’s leadership. Organizing is a practice built on trust, and if we cannot tell our members that we are doing everything we can to protect their personal information, we cannot hope to retain the people we need, much less recruit others. Our comrades who are undocumented, victims of state violence, or LGBTQ, as just a few examples, are people who deserve special consideration when talking about the responsibility leaders have to safeguard personal data.
Protecting this information can seem overwhelming to organizers who are already overwhelmed with the tasks of running a chapter. Most chapter leaders are not data security experts. But, there are certain specific steps leaders can take to reduce their risk of being compromised. Here, we will provide some recommendations for “easy” steps that chapters can take to secure their member data.
Defining our Terms
Sensitive Information – When we talk about sensitive information, we primarily mean member lists. Member lists can be official lists of dues paying members from National, but it also includes campaign or working group-created lists and event sign ups. Any time a chapter or campaign is taking a member or participant’s personal information, they have a duty to secure it. It can also apply to anything internally sensitive or would present risk for those outside of the organization to see.
Secured Accounts – Secured Accounts, for our purposes, will mean anything with the chapter name on it that is password protected. Many of these tips can also be applied to securing chapter and campaign accounts for social media, internal sites and databases, as well as chapter websites and publications.
Principle of Least Privilege – To discuss our recommendations, we will be guided by the principle of least privilege, used in the information security field. In short, with the practice, users are “given the minimum levels of access – or permissions – needed to perform [their] job functions.” This applies to what access is provided (ex. what rights do they have to modify and download), who gets access (only people known and vetted, as few as possible), and what information they are provided (ex. what fields are exported). In all cases, chapters will have to balance the need to protect their data and use that information to reach members and operate as an organization.
Approach 1: Secure Who has Access
The most important step an organization can take in securing member data is controlling who has access to lists and systems. As socialists, we want as much transparency and access to resources as possibly. But, it is an understood principle in data security that the more people who have access to information, the higher the risk to the security of that information. The risk increases exponentially as more people are added.
As a first step, chapters need to take a bit of a self-inventory. Some chapters have centralized processes for how campaigns should reach out to members or set up accounts. But, many have an independent web of sign up sheets on Action Network, Google forms, and other locations. Take stock of where your lists are, and see if they can be consolidated so that:
Any document with sensitive information, especially member lists, should be locked. No link sharing, a person with admin rights to the document must invite the user directly.
Permission groups are a great way to manage this.
If permission groups are not available, create a folder of all list documents so their access can be checked regularly.
Should be placed and hosted in a chapter owned account and not a member’s account.
Sign up sheets and new accounts should be made from chapter, not member, -specific accounts. If it is created under a personal account, that member can make edits, revoke access, or distribute out information at any time without the chapter knowing. Accounts tied to the chapter allow the chapter leadership to control and secure the information and access.
Pick strong passwords for any accounts you use for DSA business (including unconnected or semi-connected accounts like a personal Email), and store them securely in a password manager, and look into enabling two-factor authentication where possible. If an account appears to be compromised, change your chapter account passwords.
If accounts change hands, like say after a leadership election, the passwords for these accounts should be rotated with a new strong password to remove access of those who no longer require it.
For shared accounts (e.g. a chapter’s Email), it is also important to not share sensitive credentials outside of a secure medium, like a password manager. There are free and open source, as well as paid, password managers that allow group sharing of passwords and two-factor authentication tokens, which will improve security for the accounts stored without needing to pass a password around text messages or tying it to an individual member’s cell phone.
Take an inventory of who has access to your accounts and lists. Make sure that every person is still an active organizer in your chapter and still holds the role that requires access. This should be done regularly (every six months) to ensure that your security is up to date
Extend this down to files and resources. Chapter leaders should not maintain access to old documents when they step down from the role, chapter members should only maintain access to resources for the duration of a campaign
When deciding who is required to have access, there are a few considerations to take into account. You do not want to be so restrictive as to impede work within the organization, but you do want to have as small of a potential cyber attack surface as possible. How to balance these two factors will be a democratic decision for a chapter or organization to decide together. This can be decided via a policy resolution passed by leadership or the general body, as appropriate. This policy should address what members will be provided sensitive information and secured accounts, and under what conditions. This can include provisions for:
“New” volunteer organizers cannot get access to member lists or secured accounts until they have been active for a certain amount of time, or have a reference from an active member.
Only certain chapter and Working Group leaders (or trusted individuals) can receive or access lists and systems.
Requiring bi-annually or quarterly audits for account access
Requiring the Steering Committee to approve anyone who gets access to certain accounts or materials.
There is not one right answer for how to approach it, but it is a vital discussion to have among your membership.
Approach 2: Secure the Level of Access
Beyond deciding who can have access to systems and information, there is the decision for what access to provide.
For documents with sensitive information, the mitigation for risk is simple. When you provide a list, do not export and provide every field available for every request. Only provide the fields needed for the purpose of the task it is being used for. Usually that is First Name, Email Address, Phone Number, and (sometimes) zip code. It is rare that last names and full addresses are required for a formation to reach out to those listed. They should only be exported if absolutely necessary.
For a text or phone campaign, tools like Spoke and Hubdialer have various levels of access. Instead of sending the lists to campaign leadership as requested, have a dedicated trusted team who have responsibility for creating the campaigns from the list. Then, organizers who are doing the calls and texts will only see the first names, and will not have access to the rest of the recipients’ personal information. Look into the admin console in your accounts and see what kinds of access control is available.
Tools like Action Network, World Builder, and even Google Documents have Permission Groups, which allow you to manage what functions and information users have access to. Access should only be provided based on what the person needs for their function, and not the entire system (if possible). Particularly, as limited a number of people as possible should have administrative access to any chapter-wide or public-facing account.
Finally, two-factor authentication for a chapter or formation account should only be held on the phone of an elected leader or if possible, held in a password manager that supports two-factor authentication codes. Chapters have gotten locked out of accounts because of not being able to contact the organizer who set up the account, and remain totally locked out. If two-factor authentication is enabled, ensure that backup methods (text, sms, security key) are enabled for account recovery procedures if the need arises.
Approach 3: Basic Data Security Practices
There are a couple of other steps you can take to secure your information and systems:
Turn on two-factor-authentication to your Action Network and any other account holding sensitive data. This is a pain, members hate it, but it is one of the best ways to secure accounts.
Audit your member lists regularly. Keep them in a folder and delete what you can when you can. Consolidate lists where you can, and don’t keep around multiple versions of the same list. The fewer documents you have with sensitive data, the lower your risk.
Invest in a shared drive for the chapter or organization. We do not recommend Google Drive, as Google is known to data mine its user content and has myriad moral and political issues. Other options include the iCloud, Proton, and Mega. This is by far the easiest way to maintain central control of sensitive information.
Approach 4: Build a Culture of Security
The most important step a chapter can take, by far, is building an internal culture of frontlining security. This means, at the very minimum, getting buy-in on policies through the democratic process, communicating the policies clearly, loudly, and often. They should be a part of your internal handbooks and other documents.
As a further step, you could require members getting access to information and systems to review or sign a “Data Responsibility” document wherein they agree that they have read and agree to confidentiality policies. An example is this Census Data Responsibility Statement implemented by DSA San Francisco.
Finally, members should be proactive and challenge stewards of their personal information. Members should be educated and empowered enough to ask about what safeguards and practices are in place to protect them, and have those measures explained in terms that they can understand.
What to do if you have a Breach
If you have a breach to one of your accounts or documents, your first instinct may be to panic. Try not to! Your first reaction will not necessarily be productive, or help to mitigate the damage. Though each situation will be different, we recommend you take the following general steps:
Lock down the account or document
If it’s an account, change the password immediately
If it’s a document, delete access
Take an inventory of what was taken
Notify chapter leadership and the national organization (if DSA):
National Political Committee: npc@dsausa.org
National Tech Committee: ntc@dsacommittees.org (their volunteer members may be able to assist with guidance)
If the platform has access or other logging, export them and preserve them locally for review from a org technologist
Notify the people who were affected
Decide as a leadership body whether and how to address publicly
Discuss as a leadership body and resources how to mitigate the damage
Reassess your current security.
The unauthorized disclosure of personal data is one of the many threats that socialist organizers face. Unfortunately, this is not limited to external threats that seek and disclose personal data for the purposes of bullying, intimidation or other types of undue influence. We must consider internal threats as well, whether it is the unwitting disclosure of personal information that exposes members to undue risk, or the malicious misappropriation of that data for financial gain or other unjustifiable reasons.
Regardless of the reasons member data may be lost, compromised, or stolen, leaders who have been entrusted with people’s personally identifiable information must execute a higher standard of care. While it is not possible or realistic to prevent each and every threat to personal information, these basic measures should be enough to frustrate the average bad actor and are also safeguards you can take with your own information.