Incident update - email sent erroneously to some members

[Andrew van der Stock]

Hi Board

As you are no doubt aware, the Google account clean up initiative was restarted recently, and for reasons we are still investigating, it sent messages to a set of members who are not leaders (I didn't receive it for example), but we are working out why these folks were given this message. 

Background on the Google account clean up. For many years, due to various reasons, the Foundation was either not permitted by the then ED, or did not feel it could enforce the end of membership in the absence of an ED or without a clear membership policy. As time went on, the lack of enforcement of policy led to over 1000 accounts that were open and dormant. We use Google accounts as a proxy for membership benefits, including access to the Membership portal, member conference discounts, and partner benefits, such as Secure Flag. So the clean up is necessary and extremely overdue - some of the accounts are from 2012. It has been significantly delayed on several occasions, including to allow the complete running of the election and due to previous incorrect results.

We do intend to continue the clean up, but there will need to be investigations as to why this included more people than expected, but also to ensure that we can manage to our membership policy and bylaws, and ensure that our member benefits are only available to members.

Harold is working out why the script, which has been used to notify members with some success back in July and early August, included more members than was expected. The script was tested extensively, but there are obviously differences between test and production that have been triggered here.

The biggest impact is that the messaging is wrong: these members do not need to take any action to renew or keep their membership. No memberships or mailboxes have been suspended, and even if left unattended, they wouldn't have been for another 15 days.

Medium-term, we will be replacing our current membership system with an off-the-shelf Association Management System. We are currently documenting our actual business requirements (musts, needs, wants, nice to have), and then we will be going through a thorough selection process, picking a system that will have a single source of truth, reliable automation options, and improved customer experience.

I will continue to keep you updated. Hopefully, we can button up this incident today.

thanks,

Andrew

[Harold Blankenship]

All,

Regarding the recent email notices, I have determined that the issue revolves around a failure to retrieve the necessary member/not member information from our Copper back-end. In pseudocode, our process was as follows:

if not a member and not a leader:

  send appropriate notice

Although the intent was to err on the side of the user (like it does for the 'not a leader' test),  the 'not a member' determination returned that a particular person was not a member if the function failed to retrieve data from Copper (due to any reason, like a timeout). This will be resolved to indicate that an error occurred and that, for these purposes, the user will be treated as a member. Tests will be re-run and the output re-validated and will include this particular failure.

Resetting the timeline looks like:

November 9: fix this issue

November 10-12: set up tests/test users

November 15-28: run tests, validate nightly results

November 29: present results

November 30: re-communicate email deactivation startup

December 3: Re-enable functionality based on 15-23 success

Regards,

Harold