IT and Volunteers
I'm looking for good advice on how to use volunteers for IT work, especially development work. Thanks to several of you who have already commented on some of the recent related posts.
How do you manage the security and privacy issues? This is one of our first challenges with trying to use volunteers for "significant" IT projects. If we're really going to create new interfaces to our church data, then the developers must have full access to the member, and perhaps contribution, data. How do we give the developer the access he needs AND simultaneously protect the privacy of our congregation? We're a bit wary of this balance of power even for our own full-time staff. Is it "safe" to give volunteers that much power? If it's not safe, what is the alternative?
Jason pointed me to a year-old post from Terry Chapman about volunteers at Fellowship. Terry's first note in the systems area jumped out at me: "Rarely do we allow the volunteer [to] do the actual work in these areas." This sounds like a familiar concern. I like the concept of using the high-power volunteers as consultants, rather than as actual developers.
James made a couple of comments, 1 and 2, touching on both the "IT people are really busy and passionate" as well as the need to let go and hand stuff off to the volunteers. And maybe accept less than perfection! Oh my. (as if any of us come close to perfection)
It's also interesting that while composing this post I ran across Kathy Sierra's post at Creating passionate users, "BrainDeath by Micromanagement: The Zombie Function." The key quote: "The more you use your reins, the less they'll use their brains."
So, how do we recruit volunteers, let them use their brains (with the very reasonable assumption that they are a lot smarter than me), allow them to get to all the necessary data, and still protect privacy and security and avoid any hint of inappropriate use of very private data?
Healthcare workers have to deal with HIPAA, and maybe this is very similar. A few days ago a programmer who works with healthcare information made a very interesting statement. "To ensure compliance with HIPAA, you have to violate it." The programmers who protect us have to be able to get to everything, and it's a trust system that they don't abuse it. If that's what the healthcare industry has to deal with, then don't we, as churches, need to do even better?
I don't think having volunteer programmers sign a piece of paper that says something like "I promise to be good" will do the job. Perhaps we should go through a more extensive interview process for volunteers than for staff and members (and that includes an elder interview process). Am I'm being over-cautious? Is protecting membership data worth all the fuss? I still think so. Your thoughts and suggestions would be appreciated.
Here is what we do. We dont have any volunteers do data entry or our membership database. I dont even have access to alot of that information in Shelby my self. Our business manager controls that access. I think that is best. Its all in what you are trying to accomplish though.
Posted by: Austin | December 26, 2005 at 10:11 PM
Tony, It seems that perhaps the way to determine the appropriate level of access for volunteers may be with time. Over time, the volunteer will prove him/her-self as trustworthy, reliable, competent etc. and as time passes, more access could be granted.
I just recently stepped down from my volunteer tech position in my church, but for nearly 2 years I had complete freedom to do what I needed and access to every part of the system. Of course, I never ventured into the financials, such as contributions, as that was never anything I needed to do, however, they are just now rolling out F1 and I did alot of the legwork in setting that up. (I stepped down, reluctantly, on the brink of going live, due to other reasons) Within F1, I had complete access to everything including financials, but didn't have a need to snoop around or use the info indiscriminantly.
I often wondered what I did to earn the level of trust that I had within the church, considering when I stepped forward to volunteer, I was a virtual unknown. But the admin pastor and I had talked off and on leading up to that, mainly about spiritual things, as opposed to technical, but he apparently saw enough of integrity/character in me, (I guess I fooled him pretty well :) ) to never second guess the things I did. Also, he was in over his head technically, he admitted, and periodically, he would mention that he had no doubts about what I was doing and never second guessed giving me free reign.
I guess my point is that it's all a matter of trust and relationship.
I worked on my own for most of my time there, but on a larger scale it might make sense to have a staff person closely oversee a group of volunteers and over time, give more freedom to specific people.
Posted by: Jim Walton | December 27, 2005 at 12:17 AM
I agree with Jim - you have to learn to trust folks over time. Having come from the "you're a warm body, so fill this position" church prior to my current one, taking just anyone can be very dangerous and can lead to dire consequences. At the very least, I'd perform a background check to the level of what a children's ministry worker has to go through. This, however, may not be needed if you have a tiered structure of volunteers - those that perform PC support don't need the access that a server support person would need.
The other thing to remember is that the tasks that a volunteer performs within a ministry is a direct result of either 1) their love of the task itself 2) their love of the Lord and those around them. If we are spending time raising up our volunteers, working side-by-side with them, and getting to know them personally, then we can know a little more about their heart condition and their trust level. The key is to remember that the tasks come last, after spending time with them. It is, afterall, called a ministry not only for the need to minister to others externally, but internally as well.
Posted by: James Higginbotham | December 27, 2005 at 10:32 AM
If your developers use a separate copy of the data during the development process could you not scramble the data so as to provide the necessary privacy? If the data does not reveal the actual information related to a specific individual or their household then prying eyes will have no incentive. Just make it known that the data is scrambled so the developers won’t be tempted.
Posted by: Kevin Merritt | December 27, 2005 at 12:31 PM
Tony, your BLOG continues to provide excellent food for thought, congratulations.
I think your question is potentially one of the most important questions facing IT in the Church ~ building a trusted, secure, approachable community-based environment for technically inclined lay people. Embracing and empowering the wide range of volunteer skills and passions available to a ministry, even in a narrowed focus such as technology, can be daunting just looking at providing community and purpose, much less creating that in a secure, trusted manner for both the volunteer (liability) and the church as a whole. The resources, if coordinated appropriately, could truly change the face of ministry and the world in turn. I also ponder the place for traditional ministry IT partners in this quest. Truly interesting!
Posted by: Matt Smith | December 28, 2005 at 06:01 PM
I wish the guys at Willow were blogging. Check out this link to see all their IT volunteer opportunities http://www2.willowcreek.org/volunteer/details.asp?F=1&Ministry=INFO
I'd love to know how they're managing what I imagine is a large number of people...and what kind of access they're given. And perhaps most important is how did this develop over the years.
Road trip anyone?
Posted by: Jason Powell | December 29, 2005 at 11:38 AM
A Willow road trip sounds good to me!
Posted by: TonyDye | December 29, 2005 at 10:23 PM