A service of:
Community123.com
Professional websites for HOAs & condos, since 2004
🎁 1st year FREE for HOATalk members! →
 Return to Topics List

Email Addresses of Community Members (Security of them)

Started by FhadminF34 replies • 2762 views

💬 Join us to post & get advice from 50,000 HOA & Condo leaders.

Create Free Account →

⚡ Takes 30 seconds

Already a member? Log in

FhadminF
Posts: 12
Posted:
I am the Website administrator/ developer for my HOA. I am not a member of the board but a volunteer. I have held this position for over 3 years. I would like to know what standard rules are followed with respect to member's email addresses, home addresses, phone numbers and so on. Here is the situation:

An HOA member used a paper copy of the directory held by the board to build a distribution list and sent out an invite to the next HOA meeting. This directory also includes Names, addresses, phone numbers, payment history. That member's action violated rules put in place by the board about electronic community wide communications. Due to past issues the rule is all of those communications are sent out via the web admin and all of those emails are blind (use Bcc) & sent form the official HOA email address. This board member CC'ed the member's email addresses form his personal email account!

As noted the board actually has some common sense rules in place about protecting the personal information about members. The first rule is they don't release member's email addresses. Requests for any other information has to be made in writing to the board.

This is not the first website that I have been the Web master for but it is the first HOA site for me and the smallest. I have never had this issue come up because the rules were followed.

The board member quit. Some on the board would say due to my response. But his actions could cost the community the website and more.

Thoughts?
SusanW1 (Michigan)
Posts: 5,202
Posted:
Some thoughts:
1. he did not use the emails to sell something
2. you might have a hard time proving that he gleaned the emails addresses from your source
3. anyone who does not want an email from you or any other person has the option to block it
4. too bad you lost a board member over this.

MaryA1 (Arizona)
Posts: 7,043
Posted:
Fhadmin,

Are you saying a board member used the website directory of members' email addresses to send notification of the next HOA meeting to the members? I don't understand what he did wrong. Seems to me that would be a great way to communicate with the members!

What am I missing?
KirkW1 (Texas)
Posts: 1,665
Posted:
What I see between the lines is that someone who didn't know better had a bunch of people jumping down their throat for trying to be helpful.

I would say that your Board should put together an orientation packet detailing a lot of things including that you have a distribution means in place to notify residents via email. It should include a lot of stuff to help people come up to speed on serving.
FhadminF
Posts: 12
Posted:
SusanW

You brought up a great point about soliciting sales off of the distribution list. I am glad did not happen. I do actually have clear proof that this member used the list held by the board which is due to be revised. One of the big concerns we had to deal with in the past is that a member put the HOA email address on several SPAM porn sites. We had to shut that address down because we could not get everything blocked. We don't want that to happen to our members as a result of the list getting out from us. Also there were concerns about email storms. I think we have all seen it when people keep replying to all on an email with a long list of emails. Blocking is good and effective but we don't want to be the source of the annoyance. Many of our members have asked that information not be shared. I am actually going to ask the board to move to implement terms and conditions vetted by their attorney for the use of this type of information.

It is a very bad thing that we lost a board member. The board is short handed and not a lot of volunteers. Honestly the last thing I wanted to have happen.
SusanW1 (Michigan)
Posts: 5,202
Posted:
Get a web site and any homeowner who wants to visit it can do so.

Stop sening out mass mailings if you are so concerned about corruption of the process.

FhadminF
Posts: 12
Posted:
To MaryA1-
The member did not use the website directory. He used another directory that the board has (due to be revised to match the web directory). The issue is not the invite to the meeting. The issue is that he carbon copied the community therefore releasing all of the email addresses of the members. The board put a rule in place not to release the email addresses they have on file. All emails from the board were to be sent out using blind copy and there were to be sent from the HOA email address not from a personal email address.

The intent of the invite was good.
FhadminF
Posts: 12
Posted:
We have a site. A good one. We use BCC to hide email addresses.
FhadminF
Posts: 12
Posted:
I have suggested that they put something together many times. I am now pushing to get terms and conditions put together as well. Actually, the board member did know better as he stated in the past that he wanted to do this but the board outlined the rules to him.
MicheleD (Kentucky)
Posts: 4,491
Posted:
Quote:
Posted By SusanW1 on 10/17/2009 7:59 AM
Get a web site and any homeowner who wants to visit it can do so.

Stop sening out mass mailings if you are so concerned about corruption of the process.


Susan, the original poster is the webmaster of the HOA's website. He stated that in the very first sentence of his post.

FhadminF: First, the fact that the then board member "built" an email distribution list with a paper copy of the board's own directory has absolutely nothing to do with the website, and I'm not sure, if you're not a board member, why you are involved in establishing board member communication rules to the community. I can see that you would have input, possibly, and be the one responsible for emails that go out through the website you built and maintain, but the board should determine it's own communication policies. Besides, apparently the email box access is available to all the board members?

Otherwise, how did this person manage to use the HOAs email as the FROM?

No offense, but that's just asking for mistakes like this (and worse) to happen. If the board wants to have the flexibility to have several people access the mail account, that's fine. But perhaps there should be a separate (no-reply) email that is used solely for mass member communications that no board member has access to.

And I may also be reading between the lines, but you seem to be "concerned" that this member has the list that has all sorts of other information on it besides email addresses. Frankly, that's none of your business.

As a board member he most certainly would be allowed to have access to that information. Did he include everyone's address and dues status in the "Meeting Notice" mass emailing? I doubt it.

Why is it even being mentioned, then, that he has that list? Again, that seems to be an internal board issue about which you really shouldn't have any say.

DJ1 (Ontario)
Posts: 798
Posted:
Amazing the number of people who don't know the difference between cc and bcc! I am one of those who wants to minimize the release of my email address. When I've seen someone use cc, revealing mine to others, and vice versa, I've always sent an email suggesting they use bcc. There is no reason for me to see the addresses of a whole bunch of others I may or may not know. Err on the side of caution and use BCC.

As far as the other issues, others can speak to that.
FhadminF
Posts: 12
Posted:
BCC is the rule from our email box.
Thanks
FhadminF
Posts: 12
Posted:

The board established the communication policies that I am following. 1 .All board emails come from the official email box. 2. All emails are BCC. 3. No emails from board members personal email accounts to the community. 4. No releasing of the community members personal information electronically outside of the board. 5. Mass emails and website content are vetted by the board prior to going out. 6. Email content sent to webmaster and sent out by webmaster from the official mailbox. They also mandated that a website be established and maintained. The board set these rules not me.

This board member was informed several times by fellow board members about the "board's" rules. He violated 1,2,3,4,5, and 6.

I have no issue with the board members having the list of emails, home addresses, names, dues payments,... It is vital information and is part of the business of running an HOA. I'm helping them consolidate and correct contact information as a part of one of their initiatives. And it is the business of the community members to know and understand the types of information the board collects about the community and how it will be used. It is not the business of community members to know the information of individuals.

All of this said. I am just seeking information on best practices so that I can help give input to the board on these matters as they have asked. The board (and I) have put a lot of effort into to building and transitioning to a new website, consolidating & improving communications,... with real cost savings to the community. We would like to keep the momentum going.

JeanneK3 (Maryland)
Posts: 562
Posted:
I'm not sure what the laws are in West Virginia but in Maryland any homeowner is allowed to distribute information relative to the HOA or condominium without the permission of the board. I believe this can be by mail, door to door or by e-mail. This really is democracy in action.
Jeanne
MaryA1 (Arizona)
Posts: 7,043
Posted:
Fhadmin,

Was this the first time this particular board member violated the email rules and was their any harm done in what he did? IMO, these two factors should have been taken into consideration when his resignation was tendered to the board. If the answer to both of my questions is "NO", then I don't blame him for resigning.
MicheleD (Kentucky)
Posts: 4,491
Posted:
Quote:
Posted By FhadminF on 10/17/2009 12:59 PM

The board established the communication policies that I am following. 1 .All board emails come from the official email box. 2. All emails are BCC. 3. No emails from board members personal email accounts to the community. 4. No releasing of the community members personal information electronically outside of the board. 5. Mass emails and website content are vetted by the board prior to going out. 6. Email content sent to webmaster and sent out by webmaster from the official mailbox. They also mandated that a website be established and maintained. The board set these rules not me.

This board member was informed several times by fellow board members about the "board's" rules. He violated 1,2,3,4,5, and 6.

I have no issue with the board members having the list of emails, home addresses, names, dues payments,... It is vital information and is part of the business of running an HOA. I'm helping them consolidate and correct contact information as a part of one of their initiatives. And it is the business of the community members to know and understand the types of information the board collects about the community and how it will be used. It is not the business of community members to know the information of individuals.

All of this said. I am just seeking information on best practices so that I can help give input to the board on these matters as they have asked. The board (and I) have put a lot of effort into to building and transitioning to a new website, consolidating & improving communications,... with real cost savings to the community. We would like to keep the momentum going.


Fhadmin, I have to say I don't know at all what it is you are really seeking here.

The board clearly already has an effective and well-thought-out communication policy.

And, as you clearly pointed out, the board set those rules, not you.

Contrary to what you are saying in this post, you were very much "concerned" about the board member having the directory.

The worst he did, in terms of releasing "personal" or "private" information is expose the emails of all residents to other residents.

And don't forget that there really is an unrealistic expectation that people have regarding the privacy of their email addresses, or even their email content, for that matter.

It seems to me what you may be seeking is confirmation (best practices??) that your response to the board member was not out of line.

It seems to me that you are looking to obtain support for the fact that whatever it is you said or did that caused the board member to react strongly enough to resign was appropriate.

I don't think you're going to find that here.

For one thing, it was merely a notice of a meeting. He "broke" the board-created rules, but it appears to have been a one-time event and possibly an error in judgment. Yes it revealed everyone's emails to everyone else, but, again, that isn't the same sort of "private" information as say, someones SSN or their amount due and owing a creditor.

What, exactly, was your response?

Perhaps if you could share with us exactly what you said and did, and how you said and did it, we can let you know if your response was appropriate or over the line.

Actually, as I'm thinking about it, you should not have had a "response" to this board member.

It was the board's internal rules that were broken, and, therefore, it is the board that is responsible for any "response."

I have no reason to believe that the board members are stupid, especially given the above communication policy they developed. So it stands to reason that they would be quite capable of admonishing, or "responding," to their own board member regarding a breach of that policy.

Long story short? My recommendation for "Best Practices" is to let the board handle their own breaches of policy and for vendors (even volunteer ones) to stay out of it.

And, more "best practices," like it or not, each and every board member is entitled to see all documents that the board handles, including a "directory" that includes such things as account status of members.

MicheleD (Kentucky)
Posts: 4,491
Posted:
Regarding how the board can mitigate the error?

They can send an email to the membership, drafted by the president, apologizing for the recent meeting notice mass email that contained the addresses of all the residents.

The president can assure everyone it was an accident and was atypical of their communications with their membership.

The president can provide them with the existing communication policy (as you listed above) and assure them that they are doing everything to ensure that the policy is closely followed.

Then let it go.

Don't point fingers, don't blame people, don't drag it out.

FhadminF
Posts: 12
Posted:
First time actually sent out yes. As far as harm or complaints no clue at this point.
FhadminF
Posts: 12
Posted:
You are dead on here and I suggested it and so did one other Board member. And they won't do it. But I guess that is an internal issue for the board to handle. Not for a member of the community to worry themselves with.
MicheleD (Kentucky)
Posts: 4,491
Posted:
Fhadmin:

I'm still curious as to what your response was that drove the board member to resign?

Perhaps we can work on helping you fix that?

The board could probably still use his assistance.
FhadminF
Posts: 12
Posted:
The well thought out policy was constructed with my help after the board had to deal with some very serious issues with their previous site. They came to me. I have experience from a corporate side but many of those rules don't apply.

I am not seeking any confirmation for my comments to the board on this matter. Yes I was tough on it. There are some expectations on email privacy when they say they won't release the information outside of the board. The board is split on my response.

I agree 100% with all board members must have access to the information. Said that in last response.
MicheleD (Kentucky)
Posts: 4,491
Posted:
No, Fhadmin, that's not what I'm talking about.

I'm asking you what your "response" to the board member who sent the email was.

How did you handle that, because it was that response that you claimed contributed to the board member resigning.

Now, I'm starting to get a little concerned about your role in this HOA.

And I feel that, for whatever reason, you are not being completely truthful with us.

First you say you are just seeking . . . something, I don't know what . . best practices about . . . something . . . that you really haven't clarified.

Then you go into what a bad thing this one board member did.

Then you say that you advise the board on communication policy.

Then you say that, no, they developed the policy themselves.

The board established the communication policies that I am following. 1 .All board emails come from the official email box. 2. All emails are BCC. 3. No emails from board members personal email accounts to the community. 4. No releasing of the community members personal information electronically outside of the board. 5. Mass emails and website content are vetted by the board prior to going out. 6. Email content sent to webmaster and sent out by webmaster from the official mailbox. They also mandated that a website be established and maintained. The board set these rules not me.

Now you say that it was done with your help after "serious issues" with their previous site.

You then say you are seeking confirmation to the board on this matter. . . but yet you have yet to share with us WHAT those comments were, specifically.

Would you care to relay that?

MicheleD (Kentucky)
Posts: 4,491
Posted:
***Note: The bolding after this line is accidental:

The board set these rules not me.

MicheleD (Kentucky)
Posts: 4,491
Posted:
But for the record, and because I have to dash out for something, if what I suspect is true, then it would seem to me that you would need to be doing some damage control yourself, and not just the board to the members.

I would recommend that you send an email to the board apologizing for your initial communication and over-reaction, and apologize for directly down-dressing the board member who sent the mailing.

I would fall on the sword and explain that your first concern was the inadvertent breach of the protocol and that you in no way meant to step over your line of authority and responsibility.

Because if that is what you did, send a harsh email to the entire board dressing down the board member who did the emailing, then you were out of line.

That is an issue internally for the board, it's their policies, even you have acknowledged that, and it's their "problem" to correct and/or address.

If you felt you needed to send your concerns to anyone, it should have been the president only and then let him deal with it.

FhadminF
Posts: 12
Posted:
As I noted some on the board state that it was due to my response. But per his email resigning it was in response to what a Board member said.

As for my response. I reiterated the policies of the board and I made it very clear that I did not appreciate him sending out my email address to everyone in the community against the policy that he knew about! (Yes, I spoke for myself on that note.) He had been told several times not to do it! I also re-iterated past incidents that have occurred with the site. Yes I was tough about it.

You are correct the board can use the assistance. The board is thin. The committees are thin. They need help. It is an all volunteer board. Volunteers are scarce. They need people with all skill sets. I believe they can convince the member to come back.

They are also going to work on other internal issues. Of which I am not a part of and don't want to be.
MaryA1 (Arizona)
Posts: 7,043
Posted:
Quote:
Posted By FhadminF on 10/17/2009 1:29 PM
First time actually sent out yes. As far as harm or complaints no clue at this point.

If anyone was angry about it, I'm sure you would know by now. As I thought, this is much ado about nothing.

Because it's hard to get good volunteers in your community (actually the case for most HOAs!) I hope this board member does decide to come back.

FhadminF
Posts: 12
Posted:
I hope the member comes back as well.
MicheleD (Kentucky)
Posts: 4,491
Posted:
Quote:
Posted By FhadminF on 10/17/2009 2:17 PM
As for my response. I reiterated the policies of the board and I made it very clear that I did not appreciate him sending out my email address to everyone in the community against the policy that he knew about! (Yes, I spoke for myself on that note.) He had been told several times not to do it! I also re-iterated past incidents that have occurred with the site. Yes I was tough about it.

There you go. There's my "best practices" for you, as I mentioned above.

You were out of line to be the one to communicate and "admonish" the board member.

It was not your place, regardless of speaking for yourself on the "note" of not appreciating your email being given out.

My next "best practice" recommendation is for people who jump the gun and admonish members of the board of directors for something that is the responsibility of either the entire board to handle or the board president to send out an immediate and sincere apology for over-reacting.

You had no standing to be "tough about it" or otherwise with this director. It was not your role or responsibility.

Sorry, and I'm not trying to be harsh, but this is the crux of the issue, not the stuff you posted dancing all around the issue.

We can not give you support to now take back to the board and say that other board leaders think you were right to handle it the way you did.

Somehow, though, I don't think that is getting through to you.

I understand that you are trying to protect the association from any potential issues. But your voice about this should have been directed to the president and then you should have let it go.

FhadminfF (West Virginia)
Posts: 4
Posted:
After some thought you are absolutely correct. You did get through. I should stay out and let the board handle the issues. They were elected to handle the business of the community. I am just a volunteer. Not an advisor. Not a stakeholder. The board and their committees will do what is needed.

Thank you.
MicheleD (Kentucky)
Posts: 4,491
Posted:
Quote:
Posted By FhadminfF on 10/17/2009 7:51 PM
After some thought you are absolutely correct. You did get through. I should stay out and let the board handle the issues. They were elected to handle the business of the community. I am just a volunteer. Not an advisor. Not a stakeholder. The board and their committees will do what is needed.

Thank you.

Don't say it like that "just a volunteer"! We are all volunteers (including the board) and you are a stakeholder, everyone in the association is.

But this was their problem to correct.

I'm quite sure they need all the help they can get, including the assistance you are obviously providing with your role on the website.

I do hope that you can make things right with the former board member. No doubt he's probably embarrassed on top of everything else.

I hope it works out for all of you.

Keep us posted.

FhadminfF (West Virginia)
Posts: 4
Posted:
No really I have to say I am just a volunteer and unfortunately I started to care. I have seen too many community members get told they have no right to question the board and if they voice their opinion above a monotone they are shut out. I watched this community go to war over which day to trick or treat!

On top of this with the website. The President invited a member of the community that is not in compliance (possible 2nd lawsuit) to be a sitting member of the compliance committee. He saw no issue with it. They have a director who was openly not in compliance while as director. They have another committee member who has not paid their dues for over a year. That committee actually has an allocated budget. The is a clear violation covenants/ bylaws.

Venting a little...sorry.
So really if someone can offer advice on terms and conditions for HOA sites/ personal information I would really appreciate it. That is why I came here. It was asked of me to find out. I really would hate to see that resource go away.

GlenL (Ohio)
Posts: 5,491
Posted:
I would simply advise the homeowners who are afraid of their email addresses getting out; to get another one from the myriad of free email providers out there. I restrict my personal email address (the one I got from my internet provider) to my immediate family and friends. Then I have a bunch of others (aol, gmail, yahoo, live, etc.) that I use for other business. If too much starts escaping the spam filter I simply delete the account and start another one.
Studies show that 5 out of 4 people have problems with fractions
GlenL (Ohio)
Posts: 5,491
Posted:
Quote:
Posted By FhadminfF on 10/17/2009 8:41 PM
No really
So really if someone can offer advice on terms and conditions for HOA sites/ personal information I would really appreciate it. That is why I came here. It was asked of me to find out. I really would hate to see that resource go away.


The best policy in the world if not followed which is what happened in your case is equal to none.
Studies show that 5 out of 4 people have problems with fractions
FhadminfF (West Virginia)
Posts: 4
Posted:
Glenn the your last comment about policy not being followed rings very true. I believe the board is going to address this in their next executive session and put something in writing and make it clear that all will follow. I will await their decision.
I was informed by a member that legally they have a wide latitude on the use of the information they collect but the board wants a strict policy in place based on past experience.

But in the end they will have to follow it.
FhadminfF (West Virginia)
Posts: 4
Posted:
Could not agree more with this. Our site was moved to Google and requires a gmail account. We have had an ~70% adoption rate and the go forward plan is to only send emails to the Gmail accounts. This just hit in the middle of that transition.

🎯 You've read this entire discussion

Join the conversation with 50,000 HOA & Condo Leaders:

  • ✓ Ask follow-up questions
  • ✓ Share your experience
  • ✓ Get expert advice
  • ✓ Access 350,000 discussions
Create Free Account →

⚡ Takes 30 seconds

Already a member? Log in here

Terms of Use and Privacy Statement