American Mensa Header

Where Brilliance Belongs

Data security for Local Groups

Zipping about the globe at near the speed of light — though sometimes at the brisk pace of the USPS — data drives our business. We store, analyze and transmit to and from Local Groups and volunteers thousands of pieces of data daily, and it's not uncommon for members to have 50 years (or more!) of historical membership records. We store children's information, and we store information on you.

To protect the privacy of all of our members, and the security of our most vulnerable, we have to often reevaluate the data security practices we implement and recognize the potential consequences of poor data management. In an age where everything is "in the cloud," we have to carefully balance convenience with safety. To do so, we've compiled a couple of tips and best practices for Local Groups to help ensure that membership data is properly protected, both in transit and at rest.

First, the obvious:

  • Install software updates.
  • Manage your (and your LG's) passwords carefully. Use strong, unique passwords and change them regularly. We suggest using a password manager, like Keepass or LastPass.
  • When possible, use two-factor authentication.

Now, the less obvious:

  • Don't put any data that you receive from the National Office on any web server. This includes the National Office's servers, Dropbox, Google Drive, or your own homebrewed solution.
  • Ensure that any LG-generated publication containing members’ personal information or Mensa’s proprietary information is hosted in a location that requires members to log in to view. (This includes your LG newsletter.)
  • We highly recommend using the National Office's newsletter upload and distribution system.

It is also strongly recommended that Regions, Local Groups, and SIGs develop their own policies regarding responsibilities, rights, restrictions, and removal of users and administrators. In addition, each Local Group should publish its own policy regarding the inclusion of member information in calendar listings. You might also take a moment to review AML’s Membership Data Agreement and the Policy and Guidelines for Administrators of Internet Communication Services, from the Actions Still in Effect.

As always, if you need more information, or if you have a question about implementing — either in theory or action — practices to increase your LG’s data security, we’re here to help.