Technology Committees, Part I: Creating a Technology Team/Advisory Committee
 
Technology is becoming increasingly useful and pervasive in how nonprofit organizations operate, from organizing volunteer efforts to attracting and accepting online donations to the availability of e-filings. However, “technology” may still be an avoided word for some nonprofits despite the growing need to meet the demands and expectations of their users, especially as technological savvy continues to become commonplace in the younger generations. Many nonprofits today find themselves reevaluating how they can keep up, from the improving the usability of the organization’s websites to improving internal efficiency through workstation networks. This is not just about being “in” with popular trends; it is about producing real benefits for the organization that help drive its mission. As Anna Mills, former Project Associate for CompuMentor, writes, a technology plan can save an organization from starting at square one when their tech-brainchild leaves because both the current technological state and future plans are documented; it can help an organization spend less to meet the same needs; and importantly, it can transform technology from a stumbling block into a useful tool.
 
To address this challenge, a first step for many organizations is to create a technology team. In his article, “Technology Team: Guiding ideas into reality,” Marc Osten, founder of Summit Collaborative, describes a technology team as the organization’s “brain trust” for technology – it helps establish a blueprint (i.e., a defined vision, goal(s), and plan) and carries out the responsibility of overseeing its implementation, evaluation, revision, and refinement. A technology team may take the form of a technology advisory committee. Chris Peters, technology writer and tech analyst for TechSoup's MaintainIT Project, explains four main reasons for creating a technology advisory committee in his article, “Creating a Technology Advisory Committee at Your Nonprofit: You don't have to go it alone”:

1. To be a resource about current technology: what is and is not possible, and the real costs associated with it.
2. To stay up to date on the constituents’ changing concerns and needs, and desires about a certain technology and the organization. This also includes reaching out to potential but currently unconverted audiences.
3. To learn about the technological successes and failures of colleagues, and what resources (e.g., tools, training, support services) are necessary to improve and move forward.
4. To be the advocates of this vision and communicate it to volunteers, colleagues, and other constituents.

If a nonprofit does not feel ready to create a formal advisory committee, Peters recommends taking other steps to get the ball rolling such as creating informal feedback loops (e.g., making technology a regular conversation around the organization), recruiting individuals with a technological background to the board, or getting in touch with techies either locally (e.g., meeting for lunch) or online.
 
Addressing technology is important, whether formally or casually, because technology can be a valuable asset for proper governance in compliance with the law – something all nonprofits should be concerned about. A technology team can help address issues such as:

• Document Retention.The new Form 990 now asks whether an organization has a written document retention policy. See Form 990, Part VI, Section B(14). Although not required, it is considered a best practice to have such a policy. Unfortunately, as Jack Siegel of Charity Governance Consulting LLC points out, organizations may currently be victim to an overly-simple, “paper-centric” document retention policy of putting documents in a box on a shelf and tossing the entire box after x years. A policy that destroys documents based on a time frame alone does not, for example, appreciate that some documents have more value than others; founding documents such as an organization’s bylaws, articles of incorporation, and Form 1023 may be widely understood as important, but so are contracts/leases, meeting minutes, and other documents that occur throughout a nonprofit’s lifetime. Furthermore, it is questionable whether fiduciary duties are being adequately satisfied under such a system or no system at all. Assigning a technology team to utilize technology to facilitate a better document retention policy can be as simple as using hard drives and off site back-ups to create more “space” so that an organization is less inclined to create a policy based on physical shelf space and an aversion to accumulating paper rather than the practical needs for proper governance.
• Criminal Liability. An adequate document retention policy is important for addressing other risks such as criminal liability. The Sarbanes-Oxley Act of 2002 imposes criminal liability on an exempt organization if it destroys documents with the intent to obstruct a federal investigation. W. Warren Hamel, partner at Venable, LLP, states that in practice, at a minimum, the document management policy should “guide employees in handling and disposing of documents, specifically focused on documents that may relate to ‘matters within the jurisdiction of an agency’ of the federal government” (e.g., tax matters within the jurisdiction of the IRS or employment matters within the jurisdiction of the Equal Employment Opportunity Commission). One way a technology team could help is by setting up the necessary technological infrastructure to keep these documents organized and flagged for special handling.
• Network Security. A network can never be 100% secure and the collapse of an organization’s IT system due to a virus or technological problem is a devastating event. Even in the “best case” situation (relatively speaking) that no information is lost or leaked, there is still the major issue that business is probably at a standstill until troubleshooting the problem and rebooting systems can occur – which is a waste of time and money, especially if the risk could have been mitigated. A technology team can serve as a good preventative measure (e.g., installing surge protectors, running virus scans, etc.) and an efficient recovery team (e.g., using prepared recovery plans for different situations, having resources on-hand for the right tech support, etc.).
• Security Breaches. Nonprofit organizations can collect a large amount of sensitive information, including personal information such as credit or debit card numbers as well as the organization’s corporate records. Organizations should be proactive about break-in security from both insiders and outsiders. Passwords, automatic log outs, firewalls, and data encryption are just some of the options available for a technology team to implement to protect against outside jobs, inside jobs, and unintentional releases of information. This responsibility should not be taken lightly, as reflected in the California law (SB 1386) which requires nonprofit organizations, regardless of geographical location, to notify any California customer when a security breach has occurred to the computerized data storing their unencrypted personal information (as defined by SB 1386).
• Intellectual Property. Brian Rowe, Executive Director for Freedom for IP, states “intellectual property is embedded in everything we create” from e-mails to scribbles on a napkin. Many nonprofits use user-generated content to garner support, which automatically raises questions about intellectual property and fair use. Intellectual property is an especially developing field of law; a technology team is more able than, for example, directors to become versed in these best practices because of the team’s narrow focus, and can also help create a system that accounts for and is in compliance with the applicable laws.
• Records for Public Inspection. In addition to the public inspection requirement of Form 1023, the IRS also requires nonprofits to make their annual reports (Form 990 or 990-EZ) available for public inspection at their principal offices and to provide copies upon request unless they are otherwise widely available on the Internet. Thus, many organizations make their annual reports widely available on the Internet which is an easier option for an organization in directing requests to their websites rather than printing copies, and also a green-alternative to hard copies. Note that the new Form 990 asks how organizations make this available, whether by its website, another website, and/or upon request. See Form 990, Part VI, Section C(18). Satisfaction of the “widely available on the Internet” option is according to the specification outlined by IRS regulations.

Marc Osten’s article, “Technology Team: Guiding ideas into reality” is available here.
 
Chris Peters’ article, “Creating a Technology Advisory Committee at Your Nonprofit: You don't have to go it alone,” is available here. It also includes additional resources for finding technology advisors (e.g., paid consultants and computer user groups) and learning about successful technology projects.
 
Anna Mills’ article, “Why a Technology Plan: Ain’t nothing like the real thing, baby” is available here.
 
To read more about document retention policies, please view Jack Siegel’s article, “Non-Profit Record Retention Policies: Either get on the bus or transfer your assets to someone who already is on board.”
 
More information about the criminal provisions of the Sarbanes Oxley Act 2002 is available in W. Warren Hamel’s article, “What Corporate Governance Legislation Means To You.”
 
The Free Management Library addresses network security in its article, “Computer and Network Security (including worms, viruses, hoaxes and spam)”, available here. Please also view
TechSoup for Libraries article on network security, “Cookbooks: Introduction to Network Security.”
 
To listen to Brian Rowe’s short interview on fair use, please listen to the podcast available on the Nonprofit Technology Network website. Additional resources from the 2009 Nonprofit Technology Conference (NTC) Fair Use, User Generated Content, Terms of Service and the DMCA Safe Harbor is available online.
 
For more information about security breaches, please view a PowerPoint presentation, “Security Matters: It’s Not About the Network” by Holly Ross, Executive Director of the Nonprofit Technology Network.
 
The text of the California Senate Bill 1386 is available online. A summary of this statute written by James F. Brelsford of Jones Day is available here.
 
More IRS guidance about the internet option of the Form 990/990-EZ Public Disclosure requirement is available here.
 
– Emily Chan