Technology Principles & Best Practices

Our group, like any operating in the 21st century, relies on a number of digital platforms and products. Technologies are not neutral, and we always have the opportunity to put our values of mutuality, solidarity, and care into the decisions we make in this area as in others. We are all continually learning, individually and collectively, and this document is meant to help us think critically about KWT Mutual Aid tech and data use.

This is a living document and we will adjust and update as needed.

We try to operate by the principles that Mutual Aid NYC has set forward at https://www.notion.so/Data-Privacy-Best-Practices-a6963bec234247b7827fb6cfc5efb535.

We consider privacy practices and other political dimensions of tech (e.g. free and open source vs proprietary?) when deciding on platforms to use. We recognize that there is often a trade-off between accessibility and political alignment, and we aim to use technology in a way that allows everyone to participate while not violating our values.

We collect and retain the least amount of personally identifying data necessary.

We pledge to the community that we won't sell their data for any reason.

If we ever shut down, we plan to delete the data at that time.

* * *

Never share passwords via email or in unlocked channels or open documents.

Do not post full email addresses, phone numbers, or other personal info (e.g. demographics, location, or nature of request) for people, whether neighbors volunteering or receiving assistance, in open Slack channels.

Include in trainings, orientations, and guidelines (pinned guidance in Slack) for closed groups (intake, dispatch, cash and grocery deliveries) privacy guidelines for neighbor information. For example add the word "Confidential" to emails/texts sent with details to delivery volunteers as a reminder the information and the exchange should not be shared.

Share any Google sheets or documents containing personal information only with the individual people and/or KWT organizational accounts that need access. Make sure that Google files are not accessible to anyone who simply has the link.

Be mindful of what we share on the unlocked #community-activism channel, e.g. don't post pictures of protestors or share info beyond what has been released by event organizers to the public.

Audit Slack, email accounts, and document access every 6 months to consider removing inactive members.

Change passwords to Airtable and the Intake call log every 6 months.

We conduct periodic data audits to always understand what data we're creating, where it is stored, and who has access to it.

"Collect as little data as possible"

"Be mindful of permissions, and restrict access where possible"

"Use encryption in transit and at rest"

"Think about which companies, people, and systems you’re trusting with this sensitive data"