Access to Nextcloud / sensitive personal data

An issue has been raised, not for the first time, regarding sensitive data being stored on Nextcloud, which we give every Exploring Member access to regardless of whether or not they become Associate Members. Specifically, this concerns the Members Registry, which includes everyone’s address, phone number and NRN. However, it may be worth thinking about in terms of other data that we have on there, e.g. potential site information.

One way to approach this would be to give limited access to certain documents, in the same way that only Ugne currently has access to the confesseur info. Or this could just apply to certain information, e.g. NRNs.

Another way to approach this is to only give access to Nextcloud to Associate Members, with the exception of certain documents (as we already do on the ‘Key documents’ thread on Edgeryders). It’s unlikely that many people go that deeply into the furthest corners of Nextclound during the exploring phase. However, this may have an impact on when things like the ‘Presentation fiches’ and ‘Skills and experiences’ docs get filled in.

It doesn’t seem like a particularly complicated issue to solve, but I’m not sure what’s best to do so. Which is why I’m tagging:
@reef-governance
@reef-it
@alberto (as the person who currently collects the NRNs for the GA minutes)

Thanks for raising this point @ChrisM. I think the passwords that are stored on Nextcloud have the same problem.

Can it be as simple as creating a folder on somebody’s personal Nextcloud, which we then use to store passwords, national numbers and whatever else that needs some protection, and then we share the link to that folder with anybody who needs access?

If I may add to the above as the person who has recently raised this. To me it is a question of data protection in general. Any personal data should be accessible only to those with legitimate interest. I still don’t know enough about how the Reef works, but I wonder if only up to 2-3 people could be given some sort of secretariat responsibility, and have inclusive access to any (and all) documents with any personal data of the members. A restricted folder can be a good solution, as long as only those few people manage it and its content and the related administration. Giving access on a case by case basis to the entire folder or full documents “for those who need it” does not ensure that all personal data is only managed by people who were supposed to do so for the specific purpose it was given for.
Concretely and in addition to the GDPR principles, all of us sharing our home address, date of birth and national number with so many people including those who do not carry any specific responsibility and might not stay with the project, also just makes us all vulnerable. So it is also a data security question.
I hope that clarifies why I have raised this. I think other than my own beliefs, it can also be important for the Reef community to get it right, protect ourselves not only as individuals but also as an entity managing personal data the right way.
Sorry if I have raised anything that you have discussed already in the past.

Thanks for raising this@Andrea_W.

I see your point, and I fully agree that we should be more cautious about the protection of data that could be abused. At the same time we are an organisation that is based on trust, which means that we need people to not only be trustworthy, but also to able to trust others to not abuse their trust.

This is important because in the absence of this we not only risk to create a suffocating atmosphere, but we’ll also have to spend our scarce resources on things that add little to no value to the building our cohousing group. I am not an expert on GDPR, but from what I understand of it full compliance would require a lot of our time and resources. I would find it odd, for example, if we can’t trust our fellow Full Members with our address or national number.

Again: I don’t mean to invalidate your concern, and I fully agree about the protection of sensitive data. If I am pushing back a little it’s because I tend to worry about strongly legalistic attitudes, because I have a very strong need for trust in the way we relate to each other.

I hear and respect these concerns . From the technical point of view i dont think it would be a problem to restrict access to sensitive data. but we need to agree, as a group, on a policy on this issue.

@Lee - perhaps something for the next Coordination Group agenda?

Or a @reef-it proposal for an upcoming plenary?

As it affects several teams (administration, recruitment & onboarding and IT) I would prefer to have a quick round at the Coordination Group first. Would that work?

I am sorry if my concern triggered the need for additional discussions or actions. I know you are all busy enough both with your personal lives and this project.

Thank you so much for your reaction and reflections @Lee. I realise I used too much legal and GDPR lingo - bad professional habit. I am fully with you on the aspect of trust - one of the reasons why I joined & how I already live my life. I wanted to add that to my original note, but I did not want it to be even longer. You are right and by no means I suggest full compliance. Simply, as you said, being more cautious and conscious about the basics - what personal data we really need, why, how we manage that and who needs to have access. Using that one example, I have many friends and family members I fully trust, but I don’t send them my registration number, because they do not need to know that. One of the greatest things about the Reef’s approach is transparency, but it does come with some risks, and why not try and protect ourselves if it is possible with simple tweaking of how we do things. It might create even more trust.

I hope I managed to express it this time in a more human way. I think we are not talking about different things and our views and aims can actually meet and strengthen each other.

Thanks for clarifying that @Andrea_W, and no problem of course to bring about a debate.

As I said before: I fully agree that we need to be more cautious about the protection of sensitive personal data, and that there is quite some room for improvement.

That being said, I still feel a bit uneasy about the notion of risk that you bring up, because I have a very strong need for trust in this project. There are a lot of things that we handle in a quite informal way, and we do that because we, and by this I mean the Full Members, fully trust each other. Trusting each other in this project is a necessity, because we expose ourselves to quite a lot of vulnerabilities.

So applied to this particular example, I am all for putting in place a mechanism that would reduce the exposure of national numbers, but I would be a bit reluctant to set out a policy of “only those who need to know” get access. The reason for this is twofold: 1) I want to trust my fellow Full Members that they won’t abuse or do anything stupid with my national number, and 2) I want to keep as much agility as we can, so that somebody who does not need access can easily step in for somebody who does need access in case of need, so that we can keep things moving without getting stuck due to administrative obstacles.

The cost of going 100% strict, for me, is not worth the benefit. For me, this is a compromise we make that comes from being a self-managed group: we cannot live up to professional standards, but we also don’t need to, because there is a lot more trust than what you can find in professional contexts.

As I said before: I really appreciate that you bring in your views and your needs. It’s really important that you do, and I’d be happy to continue to discuss and exchange. If I am still pushing back quite a bit, it’s because I worry about this approach to risk and adherence to strict management methods, because this is something that I’m afraid we can’t deliver, even in areas that are weightier than national numbers.

That being said I think it’s probably going to be more efficient if we have a quick chat when we see each other, so that we can add more nuance and arguments a bit more easily. Another thing that I think will help is just to witness how we work, and then see whether that is compatible with your risk tolerance.

Sounds like a good plan!

Absolutely no need to be sorry about raising concerns… especially when those concerns lead to constructively using our group intelligence to make the project move forward in a way that works for us all

Based on your answer my messages might have been misinterpreted. I would not like it to be about my personal ‘risk tolerance’ or the perception that I question the working methods in general. I am not sure how we got there to talk about my approach instead of the issue in hand. You talk about full members’ trust between each other, while I raised this very concrete issue when still as an observing member I got access to such information about all of you. I am not expecting more precautions than what all of us would have anyway in any other part of our lives. In fact I did not raise any expectations, just explained where I was coming from when I had first raised this question. Let’s discuss it in person as you suggest, because honestly this exchange here is making me feel nervous about asking questions in the future. Not because we disagree or you push back. I am happy to support whatever is best for the group which I am still just learning about. But because we seem to talk about different things and it somehow (at least in my own perception which might be wrong) got a bit personal, questioning my (‘legalistic and risk-aware’) approach based on this one small thing. I would not want this to be the perception about me because it could not be further from the truth.

Reading back through the conversation more closely, it does seem that there are two different conversations/issues being talked about, that are related but not on the opposite side of one debate/discussion. Trust between Full Members is obviously important. But there is also the fact that Exploring Members who come and go in the weeks following a presentation currently have access to everything, including personal sensitive data. I’m sure we can use our collective intelligence to come up with a good policy that honours the former while addressing the latter

Hi @Andrea_W,

I am sorry this conversation triggered nervousness in you, this has never been my intention. I really appreciate your thoughtfulness when you reply, and I hope you can accept my apologies.

How about we meet for a coffee one of these days, and we make space to listen to each other so that we can better understand each other’s underlying needs?