7

I belong to a large, geographically-distributed social organization. Everything the group does is the result of dedicated volunteers. Within this organization we have an award that is akin to a "lifetime achievement award" -- a prestigious, relatively rare award bestowed upon the members who have made a huge, positive difference within the organization.

Those who already have the award have a "community within the community". We discuss candidates for the award (we can recommend but do not make the decision), and we also talk about how to help people who are doing good work in this area (regardless of candidacy status), how we as a group can help the organization, and stuff like that. We're seen as a cohesive group by the broader membership; we're not just a collection of people who've received this award, but are also a group that works together to advance common goals. We communicate with each other via an email discussion list and occasional in-person meetings.

While discussions of broader topics aren't particularly confidential, the candidate list and discussions of candidates are. (This isn't like a university tenure-review board where everybody knows who's being discussed.) We've seen the damage that can arise when somebody who thought he was getting the award doesn't actually get it, and if deliberations about individual candidates aren't confidential, then (a) people will withhold critical comments and (b) leaked comments can cause upset. We need to discuss candidates, however, because not everybody knows every candidate personally (large, distributed group).

The problem is that there are a few members within this group who don't respect our confidentiality rules. In particular, they sometimes share things that were said in confidence with the candidates in question, when those candidates are their friends. (Or, occasionally, enemies -- we've seen this used to be hurtful too, unfortunately.) Sometimes they are deliberately violating our confidences; other times they think they are being careful about the source of the feedback but aren't.

We have already had numerous discussions, both in person and via email, about the harm this causes, but it continues. As a result, some people no longer participate in discussions, which hinders our ability to do our advisory job.

If we knew for certain who is doing this we would eject those people from the mailing list and meetings (at least temporarily), and those who bestowed the award could even revoke it (though this is very, very rare). But none of that happens because everybody denies it, evidence is circumstantial, and neither the community nor the leaders are ready to kick people out based only on rumor and circumstantial evidence. So we end up with a somewhat-toxic environment -- lots of suspicions, no actual proof -- but we don't know what to do about it.

This seems like a problem that would also be faced by personnel committees, HR groups, board of directors, and similar groups. What steps can we take to either persuade members to heed our confidentiality rules or identify them unambiguously so we can take action against them? The first is preferable.

Organization notes (in response to comments):

The (larger) organization is broken up into regions (kingdoms). Each region has rotating heads (royalty). Royalty can bestow this award (peerage) after consulting with those who already have it. (The existing peers don't, strictly speaking, have to agree, but usually royalty only bestow the award on people with strong support among the current members.)

Royalty can rescind a peerage; the latter is automatically reviewed by the larger organization's board of directors. Aside from this or matters specifically escalated to them, the board of directors almost never intervenes in the activities of the royalty. (Yes, there are checks and balances so the royalty can't, for example, spend the organization's savings.)

Organizational policies are silent on the subject of evicting a peer from the mailing list or meetings without taking the larger step of rescinding the award. I am, however, quite confident that we could achieve that, in the face of actual proof. Technically speaking, the meetings and mailing list aren't codified at all; they are an implementation detail for "must consult the members".

Improve this question
7
  • 1
    Is this confidentiality requirement codified anywhere that you could use to say what the rules (and consequences) are?
    – Andy
    Commented Oct 30, 2015 at 16:36
  • 2
    @Andy the rule is codified; specific consequences are not. The same people who bestow the award can, in extreme cases, revoke it, so I believe they could take the lesser action of barring a member from deliberations for a period of time.
    – Monica Cellio
    Commented Oct 30, 2015 at 16:42
  • I would certainly, from now on, make it a hard rule that who leaks on these issues, loses the reward. That will not solve your immediate issue, but may help aligning all noses.
    – user732
    Commented Nov 2, 2015 at 11:24
  • 1
    How does the community within the community see the normal community? It can happen that people, who have been bestowed with a prize and now are part of a super elite group, feel privileged over the normal users. Hence, they don't see rules as strict as they should.
    – Zerotime
    Commented Nov 2, 2015 at 20:07
  • @Zerotime hmm, interesting question. Most don't exhibit that attitude overtly (and I don't see it in the members I'm close-enough to to pick up on subtleties), but any large-enough group is going to attract some like that, I suspect. :-(
    – Monica Cellio
    Commented Nov 2, 2015 at 20:28

2 Answers 2

Reset to default
5

If, as you've said, you've discussed this and everyone is apparently in agreement that the leaks should stop, but someone is still leaking information then you are beyond the stage when you can reach an amicable solution and you do need to be assigning blame and applying sanctions.

The only sure way of doing this is to feed each person in the group a unique piece of information. Then monitor what information gets out and look for the tell-tale that will identify the individual concerned.

This isn't going to be easy as you have to make it look like everyone is getting the same information and if anyone discusses it "in-group" first then its value as a tell-tale has gone. However, the uniqueness doesn't have to be the actual message, but could be how it's presented.

For example, In the 1980's during the revival of Star Trek as Star Trek: The Next Generation they were concerned about leaks so they started colour coding the scripts sent out to cast and crew. When the next leak happened they found that it had come from Gene Roddenberry himself!

In your case you might use one form of words for one person and something else for everyone else, then if the unique form of words is used by someone else then that's your tell-tale.

Improve this answer
1

I can't agree with @ChrisF on this topic. His idea is way to find out who is to blame and who is at fault. But it should be used as last action, not as first. It's legitimate to feed everyone a unique piece of information to single out this one particular member of your community, nonetheless, it's a rude method as you, as leader / organizator, show serious mistrust in other users. It can make the toxic environment even more toxic.

First off, you have to analyze the situation. You don't have necessarily someone among you who is against you, it could be that it's someone who doesn't share the same opinion on the matter of privacy. This is what you have to convey, be honest from the very first moment.

On the next meeting, you should tell your community that there is this breach of confidential data and that it is not desirable. The community's health is your utmost priority and the past has shown that revealing such confidential data can harm it. You don't want to work against anybody, you want to work together. Therefore you would like to hear everyone's opinion on the topic, even if one's opinion doesn't align with the rules. Talk about the matter openly and discuss possible solutions.

One important thing in such situations is, if you are the one who is introducing the problem, to have a leap of faith in other members. You can of course ask now why. And it's legitimate to ask that. Never forget that there could be a silly coincidence, like someone uses the same computer as someone else.

As you want to solve the matter fairly, you must show that you are ready for it. Mistrusting everybody is a step into the wrong direction because you involuntarily devalue the work and commitment of others.

Avoid rumors at all costs. Even though you pretend (or you actually do) trust everybody, as soon as the others members hear of it, rumors are going to spread. "I heard it was Bob!" "No, Alice, it was Alice!" These are hasty conclusions and you should try to avoid them. Rumors are a good way to slice apart a community if everybody has a secret little story about everyone.

However, communicating openly and fairly can prove useless if there really is one who wants to harm the community at all costs and is good at disguising himself. If that's the case, you within the community can't do much. You must get someone else involved who can see the situation objectively. Usually, this is the next formal leader or the board. However, even this can prove wrong if the normal community hears of it. "Why is the board there all of sudden?" "Perhaps, because they can't handle a situation." Ouch, try to retain a organized and friendly face to other parts of your community.

In your particular situation where some users already single themselves out because they feel betrayed, it's good, it can help you. You can make sure that the users who temporarily leave the community aren't the ones who are leaking informations. This makes the group of possible data-thieves more small. Now, you can consider to tackle personal conversations with everyone. If they resist because it's you, let someone who is formally higher as you, handle it.

If this still doesn't work, you can consider to use a method like @ChrisF's. But always keep in mind to discuss it first, and then to take action. Doing something before you have communicated the problem clearly can be a hassle afterwards as you show to have severe problems with trust among the members.

Let's now take a look at what to do after you have found out who has done it. Your community will want to know how future situations which could arise are handled. Of course, breaking rules result in sanctions, for example being thrown out of the maillist but with the option to be able to regain the trust. One important question is if you want to make an example of the case or not. If you see yourself in such situations potentially often in the near future or have seen related cases in the past, it can help to make an example of it to show that you want to contribute to the community's health as much as possible. Nonetheless, members could also wonder why you are not more forgiving because it could still have been just a mistake which could be done by everyone.

However, after you will have resolved the situation, you should make sure to make a punishment part of your rules because future cases could claim to receive an unfair sanction. Doing that could help them to get into the favor of the community.

Summarizing this, you should try to discuss the matter in with all first. This step is to ensure that everyone is with you but can also help the one who's leaking information to feel more confident if there are others who have a similar opinion. Nevertheless, it's not bad if the one in question feels encouraged and understood, it can probably encourage him to open up because there are others who think alike.

If it doesn't work, contact your board and signalise that you have a problem. Let your board come to the next meeting where they will talk about the matter and share their opinion on the problem. The board members should be upright and open and convey that they wish for nothing else than a solution.

After that, you can start to get more personal with each one of your community. Talk to them personally on the matter and make clear that you aren't someone who is against them but with them. You must show a leap of faith here, too.

However, if this fails too, you can consider to introduce "more target-oriented measurements to ensure the community's health" which basically means a method like @ChrisF mentioned.

In your talks, you should not be taunting or impolite. People want to be respected and don't like if there's someone who mistrusts the whole community.

After finding the one and applying measurements, you should update your set of rules to make more clear that a information breach is an offense towards the community and is punished.

Improve this answer
1
  • 1
    We've already had many discussions of confidentiality; everybody says they're on-board but some few are nonetheless not following through. One clarification: I'm not the leader of this community, just a member of it.
    – Monica Cellio
    Commented Nov 5, 2015 at 14:22

Not the answer you're looking for? Browse other questions tagged or ask your own question.