Explicit Consent May Be Required to Publish Society Names in Europe

When I wrote a rough draft of the SCA Release Forms Handbook back in 2021, I incorporated a distinction reflecting practice here in the East Kingdom: participants’ modern names are considered personal information and must not be published by the Society without their explicit consent — the same rules that apply to their home address and other real-world contact details — but their Society names are considered “in-game” attributes and their publication doesn’t require any paperwork.

Following the release of the Handbook in 2023, folks from Drachenwald mentioned that their interpretation was different; under the European GDPR, Society names could be seen as “information relating to an identified or identifiable natural person,” and thus protected as personal data, which should not be published without consent.

Continue reading “Explicit Consent May Be Required to Publish Society Names in Europe”

Is Data Disclosed by the SCA’s Digital Membership Card Vendor?

On June 23, the SCA announced the upcoming availability of “digital membership cards,” an electronic representation of the SCA’s traditional paper membership cards, delivered in formats compatible with smartphone apps such as Apple Wallet and Google Wallet.

On June 26, SCA members received email messages sent on behalf of the SCA, containing instructions on how to download their personal digital membership card. The email was sent by Cuseum.com, a vendor providing this service on behalf of Neon CRM, the service that the SCA uses for its membership data.

In the last day or so, a number of SCA members have expressed concern that the Cuseum.com privacy policy allows them to sell (“share”) user data, and thus information about SCA members might be being given to advertisers.

Continue reading “Is Data Disclosed by the SCA’s Digital Membership Card Vendor?”

Release Form Improvements

When the new Release Forms Handbook was published earlier this year, it included updated versions of the release forms themselves.

Although I had a chance to provide feedback on the contents of the handbook, the new forms unfortunately weren’t shared with me prior to publication, so I wasn’t able to proofread them or provide suggestions for their appearance.

Continue reading “Release Form Improvements”

The SCA Lists Archive Breach

TL/DR: An SCA IT web configuration error exposed confidential email messages.

  • For three years, the SCA mistakenly published all email sent to Board of Directors’ feedback address, allowing anyone on the Internet to read messages that had been sent in confidence, including reports of harassment and sexual assault.
  • If you emailed sca-comments@sca.org between March 6, 2020 and February 2, 2023, you should be aware that the message you sent is no longer secret and has likely been read by other people outside of the organization’s leadership.
  • Six mailing lists used by committees for internal communication were also affected.
Continue reading “The SCA Lists Archive Breach”

Membership Database Privacy Policy

The SCA recently transitioned its online membership database from a service run by Members Only to one operated by Neon One.

The Members Only platform had been in use since 2012, but the software had become stagnant and the very small company that offered it appeared to be wrapping up operations. By contrast, the new Neon CRM platform seems much more technically capable and the company appears to be much larger and more dynamic.

As part of the SCA’s announcement, they encouraged people to contact their membership email address with any questions we might have, so I inquired about the interaction of the two privacy policies at sca.org and neonone.com.

Continue reading “Membership Database Privacy Policy”

Tracking Privacy Policy Changes

As part of last year’s group effort to rewrite the Webminister Handbook, I spent a bunch of time closely reading the privacy policy on the SCA.org website, as it applies to all SCA-controlled websites and online services.

One line in the policy caught my eye and prompted me to write Society leadership for more information; frustratingly, it required three emails over the course of six months to elicit a reply.

Continue reading “Tracking Privacy Policy Changes”