I had the opportunity to attend and speak about cloud computing and IT governance at the Nonprofit Risk Summit in Chicago, held on August 26-28th. This was the first time that I’ve been to this conference and a good opportunity to get a different perspective on the issues that nonprofit organizations face from a risk management perspective.
Most of the conferences that I attend and speak at are focused on cool new technology or how to better manage and govern the existing technology resources and processes in place. At the Nonprofit Risk Summit the advice wasn’t given by other IT directors or consultants, but lawyers and insurance providers. I admit some of the information that I gathered did put a bit of a damper on my perpetually optimistic outlook on the power of technology, but it also provided some helpful tools for understanding the full spectrum of issues involved with technology adoption and use.
While we in the non-profit sector tend to focus on the functionality and effective use of the technology platforms in our organizations, we often look past the very real constraints that copyright law or reporting requirements have on our use of technology.
I attended a session by Paula Cozzi Goedert of Barnes & Thornburg, LLP about the top 10 legal risks and learned a lot about the importance of obtaining rights to use digital assets in an organization’s website, newsletters and publications. She shared a story from a client who had innocently used a picture taken by a friend of a staff member at an event on the organization’s yearly resource DVD. They didn’t obtain permission to use the image and as a result were forced to redo the resource DVD without the image in question, republish the DVD and send out new copies along with a letter asking that the original DVD be destroyed. In addition to the substantial cost the organization’s reputation was damaged by this event.
We’ve been talking with a lot of organizations about better managing their digital assets from the perspective of easier accessibility and improved workflow. After this session I found that accurate tagging of copyright information may be the most compelling reason to implement a digital asset management system.
Another critical takeaway was around the importance of a clear Bring Your Own Device (BYOD) policy. Once again the session was led by a lawyer, this time Cecil A. Lynn III of Littler Mendelson. From the legal perspective they recommend separate devices for work and personal use, which typically isn’t the case in the nonprofit community. They do recognize that more and more organizations are allowing staff to use their own devices to access organizational data. The fact is that while this may improve morale and be touted as a cost saving measure the fact is that BYOD may cost you 33% more than a company- owned device approach.
There may be reasons other than perceived cost savings to moving to BYOD. Littler has published a very thorough guide for organizations to use when developing BYOD policies.
The conference was well organized and run by the folks from the Nonprofit Risk Management Center.   Executive Director Melanie Lockwood Herman led an opening session that I wasn’t able to attend on “Leading in Times of Crisis”. Her presence at the conference and expertise in this sector were obvious.
She even managed to convince more than a few risk adverse attendees to cut loose on the dance floor. The city and agenda for the next risk management conference hasn’t been established yet, but I encourage folks to check out the resources available on their website and learn more about establishing an effective culture of risk management.