How Not to Start a Community

The IAPP uses Avectra’s netFORUM AMS to manage our membership information. I’ve never been all that happy with the netFOURM software and certainly not Avectra’s horrific support, but last week they did something that makes we want to scream.

They launched an online community. To kick-start this community they decided it would be a good idea to take every user of their system and set up a profile. These profiles contain the user’s full name name, email, business address, phone number and the organization they work for (which they have on file to manage netFORUM access). That’s fine, I guess, but they took it one step farther. Not only did they set up the profiles without seeking consent, but they decided to opt everyone in to displaying all of their information to every other user of the system.

What marketing and/or IT professional in 2011 decides that this appropriate? Do they not realize they’re likely in violation of European and Canadian laws. At the very least did they not consider that there actions are in direct violation of their privacy policy?

However, as bad as that is, it is even worse than that. Everyone they signed up, which is everyone that uses netFORUM, was set up in the community with a default username and password. The username is the person’s email and the password is, by default, the same password for everyone! So, not only don’t they care about their users’ privacy, they don’t care about security either.

I won’t give away what that password is, but anyone who is part of this new community can easily log in as anyone else. All they need to know is the target’s email — a pretty low bar for even a computer novice. This whole launch is pathetic.

If you are an Avectra user and haven’t gone in and changed your password, do it now! And, if you are like me, you will set everything to “private” which should have been the default to begin with.