KaviŽ Members Help

Chapter 10. User and Company Privacy Options

How Kavi Members helps support your privacy policy

Kavi Members offers an extensive, highly configurable set of privacy protections to help support your organization's privacy policy, including email opt-out and controls over the kinds of personal and company information displayed on rosters and directories.

Back to top

What is a privacy policy?

Prospective members often want reassurance that an organization is cogniscent of the need to protect the privacy of personal and company data before they join the organization. The organization's privacy policy is a legally binding statement that describes how an organization uses the member data it collects and manages, and explains what protections the organization offers to safeguard its members' privacy.

The organization's privacy policy is posted on its web site and links to the privacy policy are typically provided in a standard location on all web pages, usually in the footer. Links are also included on forms that collect company and user data, such as online membership application or company representative signup forms. A privacy policy is required if you want to display a TRUSTe "trustmark" or other indicator of the organization's high privacy standards.

Privacy policies are usually crafted by the board of directors in conjunction with legal advisors. The privacy policy reflects the privacy concerns of the organization's membership, its operating proceedures and goals. A good privacy policy is a thorough and up-to-date description of the organization's current practices. It should clearly state how company and personal information is collected and used, whether this information is shared with third-parties or sold, and describe whatever mechanisms are in place to protect privacy, such as the organization's opt-out policies.

Back to top

Standard privacy policy elements

Typically, organizations cover these kind of topics in their privacy policies:

  • Types of personal information collected and how it is used on the web site

  • Cookies and other automated information-gathering tools. See the section below if your site uses Google Urchin Web Analytics.

  • Partners and any other third-party access to users' information

  • Automatic email subscriptions and email contact forms

  • Opt-out opportunities and other options users may have regarding how their information is shared

  • What users can do if they want to have their information removed from the system

  • How long information is retained (especially in relation to a lapsed membership or deactivated account)

  • Special consideration for information collected about children (if applicable)

  • Organization contact information

  • How the privacy policy is kept up-to-date

Google Urchin Web Analytics

If Web Analytics are enabled on your site to track traffic on your web site, your privacy policy should describe the way that cookies are used by this tool. Google Urchin Web Analytics tool uses persistant first-party cookies to track browsing behavior. These are anonymous cookies that contain no personally identifiable data. For more information, see Google Urchin Traffic Monitor.

Back to top

Configuring Kavi Members to support your organization's privacy policy

Kavi Members can optionally provide email and privacy opt-out fields to users and companies. Each organization can configure how these fields are interpreted by online directories and rosters. For example, when a user selects 'No, do NOT share information' for the Privacy Option question, the organization can choose to hide the user entirely from directories or to have only select portions of the user's most sensitive information protected. Because these options are configurable, Kavi Members provides a template that can be used to explicitly state how the user's preferences will be interpreted by the organization.

Back to top

Privacy Preferences

Kavi Members privacy options center around two distinct kinds of opt-out. First, users may opt out of receiving certain kinds of organization email. Secondly, a company or user may opt-out of having all their information displayed in rosters and directories. The Configure Privacy Options tool allows Super Admins to configure privacy settings that provide these opt-outs for organization members.

An organization doesn't have to provide either of these options to its members in order to meet its obligation to protect member privacy. Organizations that are geared towards promoting their members or disseminating information might find these options nonsensical or even counter-productive. Other organizations might have an open exchange of member information within the organization because they have a restricted membership and almost no exposure of information outside their membership.

Email opt-out

This option applies to users only, but includes individual members and company representatives. If the 'Provide Members Email Option' is set to 'Yes' in the Configure Privacy Options tool, users are presented with an option that they can set if they want to opt out of receiving the nonessential email ordinarily sent to members, such as messages from the Members mailing list and other template-based email broadcasts. This opt-out doesn't apply to essential messages, such as membership welcome email, renewal reminders and membership bills, etc.

Another set of configuration options allows the organization to prevent certain types of company representatives from opting out of standard organization email. These 'Force Email Subscription' options are available through tools used to define types, such as the Add a Contact Type tool.

The 'Primary Contact' Contact Type is frequently configured this way because many automated email notifications that concern company participation in the organization are addressed exclusively to 'Primary Contacts'. If a 'Primary Contact' is allowed to opt out of receiving email, their company could miss important email messages and might be inadvertantly denied the full benefits of their membership.

Disabling email opt-out for 'Primary Contacts' closes this potential loophole and provides a little extra incentive for the company to update their Kavi Members account promptly when a new Primary Contact is designated to minimize the amount of unwanted email received by the outgoing primary contact.

Privacy opt-out

Companies and users can be given the option of opting out of display on Kavi Members rosters and directories if the organization chooses to offer this option. The organization can configure which kinds of data are omitted for users and which kinds are omitted for companies. This may be configured to completely omit the company or user from all rosters and directories, or user or company data may be partially hidden by including only a select set of data fields and omitting all others.

Back to top

How to Hide All Rosters

The 'Show Company Roster' option can be set to 'Do NOT show a company roster' if the organization prefers to keep all company rosters private. Privacy is subjective, however. More privileged users, such as those with the 'company_admin' role, are able to view the company roster even though ordinary company representatives are not.

Back to top

Privacy policy and preferences

Although policy is primarily the driver of configuration, to some extent, configuration can be fed back into policy definition. Once the basic policy is defined and Kavi Members privacy options have been configured accordingly, configuration details can be woven back into the policy to provide specifics of policy implementation. For example, if Kavi Members is configured to offer a company or individual member an opportunity to opt out of having their information displayed in a roster, what happens? Is the member completely omitted from the roster? Or is the member displayed on the roster, but with most of the usual contact data omitted? If so, the privacy policy can specify what kinds of data will be displayed.

The Configure Privacy Options tool provides fields where the organization can provide specific information about its 'User Policy and Preferences' and 'Company Policy and Preferences' that will be displayed to users alongside the privacy preferences option. Here is an example of a 'User Policy and Preferences' statement for an organization that displays skeletal information for users who opt to protect their privacy, rather than completely omitting them from rosters and directories. This organization also has the 'Show Company Roster' option set to 'Yes, show a company roster', so the roster is available to company representatives.

The Company Roster on the My Account page displays a list of all of your company's representatives.

Everyone who has has been approved as a company representative can view their own company's roster (but not rosters that belong to other companies).

If you answer 'No' to the Privacy Option question, certain kinds of personal and contact information will be excluded when the roster is displayed.

The following information WILL be displayed in your company's roster:

- your full name

- your title

- your primary email address

Back to top

Limitations of privacy policy support

Privacy preference enforcement operates in a limited scope, primarily applying to rosters and directories available through Kavi Members. Kavi Members privacy preferences settings are used to set KaviŽ Groups privacy settings, but Kavi Groups employs different rules about the kind of data that is hidden. Group participants are never omitted from rosters, and certain kinds of data are always presented for participants, regardless of which kinds of data are displayed in Kavi Members rosters and directories. Privacy preferences set in Kavi Members do NOT effect the availability of KaviŽ Showcase profiles or data management rules implemented by any other software installed on the site.

Privacy policy support NOT provided by Kavi Members

  • The privacy policy itself does not come with Kavi Members. Creation and adoption of a privacy policy is the responsibility of the organization and its legal counsel.

  • Kavi Members does not restrict information available for download in reports. Site administrators are responsible for respecting privacy options and the privacy policy when working with member data outside of the web site.

  • Kavi Members does not prevent administrators from sending email or subscribing users who have opted-out of email, although it does provide tools that encourage administrators to respect the users' contact preferences.

  • Kavi Members does not guarantee that any other software on the web site will respect user privacy options. While Kavi Groups does respect this information, custom and third-party software may not. All tools on the web site should be independantly reviewed for compliance with the organization's published privacy policy.

Back to top