In May 2011 the UK government passed legislation imposing an EU directive on all websites in the UK, requiring them to get explicit permission from website visitors if they use any ‘cookies’, the little bits of code that are used to remember things like users’ preferences and track their usage of websites.

From 26 May 2012, organisations in breach of the new regulations face fines from the Information Commissioner’s Office (ICO) of up to £500K, though only after failing to comply after a direct warning has been issued.

The new rules sound great in theory. Don’t we all value our privacy? Don’t we all want to be aware of and have control over what information websites store about us?

Certainly none of us wants our online activity tracked and then the data used for commercial gain or otherwise misused. But the problem with this legislation is that it is somewhat unworkable in its present form.

It means that every single website you visit will need to ask whether you accept to have a cookie stored to keep track of your choices. And if you refuse, then there is no way of storing that preference (as that would require a cookie!), so you’ll be prompted to answer the same question every time you visit.

And as for all the bad tracking information that this is designed to counteract, the irony is that in the time it has taken to conceive and impose this directive, many advertisers and web spies have shifted to newer, more invasive and less obvious technology to track us. So once again it’s a case of regulations punishing the innocent rather than the guilty.

It’s not all bad news, however. The spirit of the legislation is certainly good and will hopefully encourage good practice in website development.

Here are some practical suggestions for ensuring that you comply with the new directive, without turning people off your website.

Start with an audit

The first step is auditing your website for its use of cookies. The easiest way to do this is to use a browser extension like the ‘View Cookies’ extension for Firefox. Make a note of all the cookies logged as you browse your site and together with your website developer work out what they do.

Focus on policy and communication

Arguably the main thrust of the new legislation is improving communication. If your website doesn’t already have a clear (and easy to find) privacy policy, make sure it does, and that it explicitly describes what cookies you use and what their purpose is. And then tell users how to use their browser settings how to turn off cookies, as that’s by far the most sensible place for the permission to be given or denied. (It’s kind of like having a switch inside the car for headlights, rather than being prompted by every road you drive on whether or not to use them.)

All cookies are not created equal

Recognising that not all cookies are bad, the new legislation does allow cookies that are ‘essential’ for the operation of the website. Examples include login sessions and shopping carts which ensure smooth transition between various parts of the website. From your audit results, work out if the cookies you use are permissible under this guidance.  The definition is relatively narrow, though, and ads, personalisation and social media widgets are not exempted from the restrictions.

Scale down visitor tracking

The most obvious breach of the new regulations for most organisations’ websites would be the use of statistical tools like Google Analytics (which is used on up to 90% of all websites). Until Google addresses the issue, or the ICO exempts analytics, it may be a worthwhile turning off Google Analytics or finding a cookie-free alternative.

Use a friendly interface for prompts

When prompting users to allow or refuse cookies, pay attention to user interaction design. Most solutions involving pop-ups or banners we’ve seen are ugly and will only turn users away from your website. Consider instead implementing an elegant solution like the one provided by the Cookie Control script from Civic UK.

For further information, you are welcome to contact us at Avec Online by emailing info@avecsolutions.net as we are offering third sector organisations free advice on compliance with the UK cookie law.

For the longest time, ‘one desktop PC for each office worker’ was pretty well the axiomatic IT equipment provision within most organisations.

As a deployment strategy it was easy to plan, cost and support – particularly when the desktop footprint of hardware and software could be standardised and replicated – so it is no surprise that it became the preferred way of working for accountants and IT support staff alike. And it is little wonder that not a few funders still reflex in these terms when they consider how to provide IT resources to third sector organisations they support.

In recent times, however, this model has come under increasing challenge from both new technologies and social trends, to the extent that it is not too early to predict that the classic era of the ‘work PC’ is over.

Whilst this is no doubt the stuff of nightmares for both finance and IT departments, it is vital for all organisations to come quickly to grips with the new realities and enact policies within their larger IT strategies to deal with them.

Laptops eclipse desktop PCs

The first challenge to the standard work PC model arose from the rapid rise in the use of portable computers in the last decade.

For a long time the exclusive domain of senior managers or hardened road warriors, laptops have become the first choice for office workers right across most organisations as people move to more flexible working arrangements.

A few years ago, laptops and their diminutive ‘netbook’ cousins surpassed desktop PCs in total sales for the first time, and portables now account for almost three-quarters of all personal computers sold.

This is due in no small part to the fact that, whilst portable computing used to mean a compromise in performance, dramatic improvements in technology mean that even super-thin and light ultra-portables (which eschew optical and hard drives in favour of flash-based storage) are capable of the most demanding of office applications.

Bring your own PC

But if accountants and IT managers have worried about the risks portability brought to their asset registers, it was nothing like the sheer panic that has been induced by the next major trend sweeping organisations.

In more and more workplaces, it has become commonplace for employees to bring in or choose their own computer, and there is no other way to describe this than as an end run around the policies and controls of both finance and computer support departments. Standardisation is giving way to variety – with Mac OS or Linux joining networks alongside Windows – and people are being freed to choose the software and other tools they feel to get their jobs done.

This trend has been largely ushered in by both the widespread adoption of the internet and cloud-based applications for business use – which are agnostic about the end user’s computer platform – as well as the consumerisation of technology which has seen computers oriented for personal use, particularly those with a luminescent Apple logo, become both more attractive and powerful than purpose-built business machines.

It sounds like a recipe for utter chaos, but the irony is that study after study shows that this eclectic approach not only leads to a considerably more productive workforce, but also to much lower support costs, and so there will be no slackening in this trend anytime soon. Indeed, organisations struggling to recruit good staff may be interested in knowing that almost half the respondents in a recent survey said they would prefer lower pay and their own choice of computer to a higher salary with less flexibility.

Organisations going the ‘bring your own computer’ route will of course need to grapple with both the financial implications of providing equipment allowances as well as the technological and security complexities of opening up their networks to a more multicultural computing environment. But for those that adopt the right tools – embracing cloud computing, or using a virtualisation technology like Citrix to deliver a standard desktop regardless of the client computer – the rewards are there to be gleaned.

The post-PC era

No sooner has the trend to bring your own computer taken hold, though, than it is being eclipsed by the even more far-reaching ‘bring your own device’.

We are moving rapidly into the post-PC era when most of our computing is not done on a desktop or laptop computer, and whether it is as a supplementary computing device or (as is increasingly the case) as their principal business tool, many people are now bringing their personal iPads or other mobile devices to work and demanding network access or email accounts to be configured and kept in sync.

So yet again established policies and IT staff are coming under pressure to be flexible to accommodate these requests, and in most cases they are struggling to catch up.

There are important considerations on both sides of the equation: business data security of course needs to be weighed up, but so do the implications of the post-PC era for employee privacy and the potential downside of permanent electronic tethering to the workplace. But with nearly 90% of us admitting to using our personal devices for work use already, it behooves every organisation to work through these questions and develop an effective strategy to deal with them.

As I write this, it’s less than a week since the death of Steve Jobs, and it’s impossible to write an article about IT without thinking of the man who has rightly been cast as our day’s equivalent of past industrial greats like Thomas Edison and Henry Ford.

You don’t have to own an iPod or a Mac or love Toy Story to appreciate that Jobs’s vision and leadership has literally transformed whole industries – personal computers, music, films, mobile phones, and now tablets – and much has been written about his lasting impact on our modern life.

As we lament his untimely passing, it’s perhaps useful to reflect on what we can learn from his approach to technology, to see if there are lessons for us in the way that IT is planned, deployed and used in the third sector. Here are a few thoughts.

The first lesson is that specifications are meaningless.

Too often technology comes down to ‘specs’, to the technical jargon and numbers. What’s the GB, the GHz, the RAM? How many megapixels, or what slots or interfaces does it have?

Jobs was one of the few to call the bluff on this technobabble and to see it as ultimately meaningless. To him, the real spec to worry about was always user experience.

Under Jobs, Apple moved away from numerical one-upmanship and focused on the end-to-end experience of technology for an end user, and they developed an integrated approach to hardware and software that made computers as easy as possible for people to use and get on with their real work.

This is a useful principle to keep in mind as we implement IT solutions, as too often the super-duper new network goes in (with all its great specs and new features) but staff members come in and can’t print, or can’t find their documents. Technology should be nearly transparent: like a good pair of shoes, it should be so comfortable we don’t notice it at all, let alone trip over it all the time.

The second lesson is: don’t give users what they want.

At first blush, this may seem to fly in the face of the previous point about focusing on user experience. But in actual fact, users often don’t understand, certainly at the outset of a project or before the implementation of a new technology, what they really want.

Jobs liked to quote Ford’s adage that if he’d asked his customers what they wanted, they’d have asked for a faster horse.

Under Jobs, Apple never followed current market trends, or conducted focus groups, and certainly never listened to the experts and armchair pundits. Instead, they looked around the next corner and single-mindedly pursued a particular vision of what the best system or solution would be.

Whether it was a new-fangled input device called a ‘mouse’, a computer without a floppy drive, or a mobile phone without a keyboard, no focus group could have come up with the idea or indeed endorsed it.

A tablet computer? That’s been tried for ten years and has never caught on, the experts said. Nobody wants a tablet! Jobs ignored this ‘wisdom’ and forged ahead with the iPad. The rest, as they say, is history.

The message here is that a good IT strategy should be bold, visionary and forward-thinking, which is not what you get if you focus on the ways things are or have always been done.

The third lesson is that failure can be very useful.

We all fail sometimes, but most of have learned to pick ourselves up and carry on, trying to distance ourselves as quickly as possible from the failure and whatever caused it.

Steve Jobs was a serial ‘failure’ – a college drop-out, fired from the first company he founded, Apple, just as it was getting going, founder of NeXT Computers which was a commercial disaster, the list goes on.

What set him apart was that in each instance he learned from his failure and came back stronger. We can all learn from success, but it takes a special person to learn from getting things very wrong.

Getting fired from Apple, Jobs said, was the best thing that ever happened to him. After taking some time out, he invested in a tiny animation company called Pixar. He started NeXT and developed the technology that would later be the basis of Mac OS X and the iOS operating system that runs iPhones and iPads.

Like Jobs, a good IT strategy should be nimble and learn a lot from past mistakes.

The fourth lesson is that technology should embrace wider values like good design.

Apple, Jobs always said, lives at the crossroads of technology and the liberal arts, and that’s what separates it from other computer companies.

It is no secret that part of what makes using a Mac or an iPad so enjoyable is the special effort that went into crafting the devices and their software, almost as works of art.

And this aesthetic imperative reflects a deeper truth, namely that technology on its own doesn’t resonate with the values of most human beings, but when it is elegantly conceived and executed it can become a powerful delivery agent for the things that do.

That’s an important message for those who work with these technologies in the third sector: that IT for IT’s sake, packaged in dull beige boxes with all their fancy specifications, will always fail, but IT designed for the important things in life – whether that’s the fundraising campaign of a charity, or simply meaningful family movies or photos – is what endures.

A few years ago, when the East Belfast Partnership was setting up Espresso East, a social enterprise espresso bar, we brought in a consultant to advise us on the finer points of the coffee business.

One of his questions for us sticks with me to this day. ‘How will you know how much your staff are stealing from you?’ he asked. Not if, note, but how much.

In the retail trade, it is widely assumed that some staff members will be dishonest and there are security measures (like CCTV cameras trained on the till) and procedures (like carefully monitored end of day cash reconciliation) designed to mitigate the effects of this.

Over the years I have seen a similar diligence in third sector organisations in the way they use IT systems to guard against the potential vices of their staff: everything from user-based security permissions on folders so junior staff can’t find out what salaries managers are earning, to the blocking of social networking and other time-sapping websites, measures deployed with varying degrees of purpose and effectiveness.

But in this rush to use IT to control staff behaviour, the integrity of those implementing the systems is rarely questioned, despite the fact that as computer systems become ever more pervasive, the amount of information access and power at the fingertips of IT workers is increasing dramatically.

In many organisations it is not uncommon to find that the most important and sensitive company data is restricted to a few senior managers – and to whatever staff members happen to look after the network server.

In this article, I want to ask you, ‘Can you actually trust the people looking after your IT?’ Or coming directly back to the retail trade analogy, ‘How do you know what information your IT support people are stealing from you?’

It’s a question all too infrequently posed. IT staff are employed or support is outsourced mainly the basis of value, capacity and experience, and ethics rarely enter into the equation.

Yet an IT industry survey once revealed that a third of IT staff admitted using their administrator passwords to snoop through company systems and peek at confidential information such as salary data.

In another poll of more than 16,000 IT professionals, 62% said they had accessed another person’s computer without permission and 50% read confidential or sensitive information without a legitimate reason. In addition, 42% said they had knowingly violated a company’s privacy, security or IT policies.

And these weren’t just junior IT staff. The average experience level was more than eight years, and about 32% of respondents were at or above the manager level. Over four-fifths worked at companies with more than 5,000 full-time employees.

Of course, there’s nothing shocking in these (probably understated) statistics for anyone with a passing familiarity with human nature, but what is surprising is how we seem to give technology and technologists a ‘bye’ on moral questions.

The truth is that principles and values matter as much in IT as in the social and community spheres in which most charitable organisations operate. Indeed, the day-to-day world of IT is filled with ethical challenges and thorny moral dilemmas, and given the pace of change in technology and the rate at which tricky new questions are being raised, it’s all the more important to put ethics back on the table for frank discussion.

There’s no magic solution to ensure that the people with whom you entrust the keys to your valuable and sensitive data are inherently trustworthy, but making it an issue is an essential part of the process.

Make sure you know where your IT staff or support company stand on important issues such as those concerning privacy, security, personal property and copyright, and protection of the environment. The next time your organisation tenders for an IT-related project, ask for a statement of values alongside capability and cost, and don’t be afraid to get genuine character references not just a list of previous experience.

So much of the good work of charities and social enterprises is driven by people with deeply-held values: we shouldn’t compromise this work by ransoming our critical information systems to people who don’t share these same principles.

Information lies at the heart of most third sector organisations. Data.

Endless amounts of data, really, about everything from service delivery, end users and an organisation’s interactions with them, through funders, donors and promotional campaigns, to core business documents covering organisational strategy and operations.

In most organisations this information is completely decentralised, split across reams of spreadsheets and small database applications like Access, not to mention paper-based records.

The result is highly inefficient with much of the data being duplicated in various places and, with little or no connection between the various data ‘silos’, it becomes extremely costly and time consuming to manage the information and generate useful reports. Truth be told, reporting ends up being avoided except when strictly necessary, usually at a funder’s behest: timely ‘dashboard’ style updates for managers and staff are out of the question!

The enterprise solution to such a mess is of course the management information system (MIS), a centralised database application that is specifically tailored to meet an organisation’s unique needs.

A good MIS ensures that all information is stored in one place only and that the data is properly organised so that all meaningful relationships between the information can be reflected in useful and easy-to-generate reports and dashboards.

Traditionally, the deployment of such an MIS meant calling in a specialised database developer over the course of many months and the outlay of tens of thousands of pounds.

That’s all changed now, however, as one of the most successful areas of the new ‘cloud computing’ (online software as a service) era is specifically the provision of easily customised and affordable online management information systems.

There are plenty of options to choose from, but two of the leading solutions are Salesforce CRM and Microsoft Dynamics CRM. Salesforce is the leading cloud computing provider which has revolutionised the business application marketplace over the last decade, while Dynamics 2011 is the first version of Microsoft’s popular CRM product to be available as a hosted software solution.

In addition to bringing all the benefits of centralised information system, these online MIS systems have these advantages over their on-premise cousins:

• there is no costly hardware or software to purchase, only a monthly subscription fee per user, with the option of cancelling at any time
• they can be used on any internet connected device (PC or Mac, desktop, laptop, tablet or smartphone)
• they can be used by staff outside the office, either working from home or from remote offices (such as points of service delivery, rather than the organisational HQ)
  ongoing upgrades are deployed automatically without fuss

Gone too are the expensive development fees and longterm tie-in associated with a proprietary database application project. In their place the much more affordable cost of customising and configuring the application to suit the data and workflow of a given organisation: some of this configuration work and ongoing system maintenance can even be done by any IT savvy staff, savings thousands in support costs over time.

Online providers like Salesforce and Microsoft Dynamics not only offer enterprise-class customer relationship management (CRM) and service delivery solutions built into their products, but they also function as a complete development platform, allowing you to build and deploy completely customised applications to suit your needs. These new applications can be shared with other users through active ‘app exchange’ maketplaces for the respective products.

Both options are attractive to third sector organisations. Through the Salesforce Foundation, 10 enterprise-level accounts are provided free of charge to qualifying not-for-profit organisations (that’s a value in excess of £12K per year), with additional accounts heavily discounted. Microsoft also offers substantial discounts on Dynamics CRM to not-for-profit organisations as it does across the range of its business products.

With such a low cost of entry, there should be no obstacle to any not-for-profit organisation upgrading to and reaping the many benefits of an online management information system.

Avec offers cloud computing-based management information system development on the Salesforce platform through its Avec Online division.