5 Ways to Keep Member Information Private in your Association’s Public Registry

In the previous 2 posts we talked about some best practices in the public registry area of your association management software (AMS) to keep your member data as useful as possible to the end user. We also talked about some new features of AMS software for regulatory bodies.

In this post – I’m going to talk a little about some best practices to help ensure that your member data does not fall into the wrong hands.  These practices will include some configuration options that should be available in your AMS software and also will discuss a few technical options that you can confirm with your association management software vendor.

Whenever you are displaying data about your members in a public arena like a public registry, you have an obligation to ensure that you are only displaying the data elements that the public has a right to see.  For a regulatory body, that right is usually defined by legislation – either your own bylaws or government legislation.

The following suggestions could help any regulatory body determine what information is displayed to the public and will help guard against unauthorized access.

1. Allow Members to Choose

There may be certain data elements like home address, email address, phone number and registration number that a regulatory body may wish to display or not display about members. Your association management software should have the ability to show or hide that information globally – i.e. hide registration numbers for all members.

Sometimes though that choice should be left up to the registrant or member as long as allowing them to not display certain information is not a violation of the legislation your regulatory body falls under.  Often members who are employed in private practice will want their contact information to be part of the public registry so that potential clients can contact them directly.  Giving your members an option to decide if they want certain information displayed helps them remain in charge of their privacy.

2. Choose What Sensitive Information Is Displayed

Another scenario is that you are required to show sensitive information to the public, but that information is incredibly sensitive – complaint or discipline cases are a common example.  Because discipline cases can often contain information that could be harmful to a registrant if there was something incorrect, it’s important to ensure that only cases that have been reviewed and completed are published to the public registry.

Many jurisdictions don’t display complaint cases to the registry but all healthcare regulatory bodies in Ontario must – and other jurisdictions are considering the possibility.

Your association management system should be able to turn on publishing of complaint cases, but still only display the cases that you or the complaints director determine are ready to show on the public registry.  Certain business rules can also control the publishing of this information – for instance only publishing discipline cases that are marked as “complete” and also marked as “reviewed”.

Conditions and restrictions on licenses may also be candidates for this.  While the display of conditions may be globally turned on, there may be some conditions on a license that the College or association may wish to turn off on a member by member basis.  For instance, identifying that a member must complete the continuing competence program may not be necessary for the public – but is important internally.

3. Complete Blackout for Individuals

Unfortunately, from time to time it may be required to not display a registrant on the public registry at all – particularly when he or she is a victim of online stalking or abuse. Often, setting this option for a member is a personal safety issue and must be configurable as quickly as possible by your College or association staff in order to minimize the chances for victimization. In most cases, your College or association may require some documentation is uploaded to justify setting this privacy setting – this helps you ensure that there is a real requirement to not display the member – not just that the member doesn’t want something embarrassing like a complaint case shown.

Your association management software should allow you to set a flag on a member to turn them off from display on the public registry at all.  Make sure you confirm with your AMS vendor that they follow the advice in number 5!

4. Make Stealing your Data Harder

An unfortunate side effect of maintaining a public registry is that unscrupulous people may want to get a copy of all the data that you display to the public. You probably get calls and emails from them all the time to get as much data as they can. Often though, rather than going through legitimate means to gather your data, they will try to use a common data mining technique called “scraping” or “web scraping“.

Web scraping uses computer a computer program to attempt to navigate all of the pages on a website and automatically harvest all of the information on the pages. Public registries can be targets for these programs because they store data in a consistent manner.  Here are a few ideas for making your data less vulnerable to web scraping:

a. The only solution that works 100% of the time is requiring a login to search the public registry.  Requiring a login before searching the registry makes it less convenient for users to search your membership – so it’s not as common a solution.

b. Use a captcha. You probably hate them.  You might even hate me a little for suggesting it. I don’t blame you – I hate them too!  I hate me a little for suggesting it – but they are often fairly effective.  What is a captcha? A captcha is a tool that requires a user to answer some sort of question before proceeding – helping to make sure that the “person” using the website is a real person.  Here’s an example of a captcha screen:

c. Convert text to images.  Instead of displaying the text of a persons last name, consider displaying a generated image with the persons name.  The scraping software tends to have a harder time with pulling the text from an image rather than off of the web page. Your association management software vendor may be able to offer this enhancement to help secure your data.

5. Watch Out for the Technical Users!

This is another technical item, but is very important. Some web pages will have data sent to the browser from the server – but that data is just set to not display.  While the average user will just assume it’s not there, a technical user is more likely to know that they could inspect the code of the page and be able to see that data.  The solution?  Make sure that data that is not supposed to be shown to the end user is not just hidden, but  is not returned to the browser at all.

A good analogy for this scenario is Microsoft Excel.  Imagine that you have a spreadsheet with some user data that you want to send out to a vendor.

But you definitely don’t want to give them a password! But rather than deleting the password column, you just hide it.

That password data is still in the spreadsheet – it’s just hidden. Any user with a little knowledge of Excel can right click and un-hide that column.  The same is true for hidden data on a public registry – a knowledgeable user could inspect the code for the web page and view the hidden data.

The solution?  Your association management solution should just not send any data to the browser that should not be displayed.


CONCLUSION:

I hope that these tips are useful information when considering implementing a public registry of your registrants or members.  If you have other suggestions for keeping your member information private where necessary, please post them in the comments!

Alinity comes with a built-in Public Registry allowing you to choose many of these options and others.