Governance Best Practices for Public-Facing Boards

Lena Eisenstein
7 min read

Public-facing boards face constant scrutiny. While private-sector counterparts might gain visibility only when they release quarterly reports, boards in the public eye open their meetings to critics, journalists and watchdogs who eagerly hold them accountable. Sound governance practices make this incessant visibility an opportunity to win public trust. Seven best practices tell constituents: 'We take care of business, we have nothing to hide and we welcome public participation.'

Best Practice #1: Take Security Seriously

A public-facing website puts a board's work where all can see it. Some states even require laggard public organizations to create websites to comply with open-meeting and open-records laws.It's a good move for transparency, but it also puts the entire organization within reach of hackers and phishers who want to steal sensitive information, corrupt data or disrupt operations ' often charging a ransom to restore order. Such an attack by the international ransomware outfit SamSam recently cost the city of Atlanta over $2 million. Responsible stewardship requires taking six steps to protect data:

1. Store documents out of harm's way. Choose a website host with full, robust 256-bit encryption. Many have only 128-bit encryption or no encryption at all. Also insist on a private server for storage. It may be cloud-based, but it is infinitely safer than storing information on 'the cloud,' which makes light work of a hacker's job. Popular file-sharing sites like Google Docs fail on both scores. A secure board portal that provides a platform for a public-facing website is your best bet.

2. Digitize board materials. A 2017 NSBA survey of 428 school board members showed a vast majority trusting paper copies over digital documents. Actually, the latter are far more secure; lost or stolen paper copies are wholly untraceable. If old-timers on the board resist making the transition, phase it in gradually, but do set a deadline for fully paperless meetings, document storage and board communications. Further, going paperless makes a statement that you are committed to protecting the environment.

3. Ban board emails. Board members may casually email each other to discuss board business because they have no idea how risky that medium actually is. Emails and their attachments are relatively simple to penetrate, and they offer hackers access to the entire network of which they're a part ' even the medical histories, credit card numbers and Social Security numbers that are stored offline. Additionally, serial group emails are outlawed in many states, as they can create a rolling quorum that violates open meeting laws.

4. Make emergency plans. In the minutes following a data breach, the public needs reassurance that things are under control, and they turn to the board for leadership. The board needs to have in place a workable crisis communication plan; the NSBA survey showed that most school board members had no idea whether their district had such a plan. Of those districts with such a plan, fewer than 10% included the board as primary participants.

5. Conduct a security audit. Board communications are especially vulnerable. Yet 51% of respondents in the NSBA survey replied 'I don't know' to the question, 'Has your board conducted a security audit of communications?' Another 31% knew that they had not had such an audit. The audit should be conducted by a high-ranking technology officer from IS or IT ' or someone from the Audit Committee or Risk Committee.

6. Train the board. As the saying goes, 'A chain is only as strong as its weakest link.' If board members don't know the risks of standard practices ' or they don't know how to use the technology that protects their data ' no amount of investment can prevent sloppy mistakes. Cybersecurity training by experts should take place at four board meetings a year, with quick tabletop exercises at all meetings to reinforce those teachings.

Best Practice #2: Try Unconventional Communications

An online presence facilitates a cornucopia of public communication strategies. The International Association for Public Participation recommends such novel experiments as walkshops, charrettes and meetings in a box. When Vancouver launched a city-wide conversation on greening efforts by teaching in the 'PechaKucha' style, it got the highest attendance of any civic engagement event in its history, drawing in many demographic groups traditionally uninterested in city projects.

Best Practice #3: Maximize Transparency

It's one thing to be told: 'Information is available upon request.' It's quite another to see quickly accessible records when you weren't even looking for them. Putting materials online with advanced software lets you freely offer them to every constituent:

1. Meeting notices and agendas. Posting the board meeting agenda (with links to attachments) on the public-facing website makes it far more visible than does taping posters to a public building. Younger constituents are more likely to find online notices, as are handicapped citizens who can't get out. A website on good board portal software makes it easy to add links to reading materials for the meeting.

2. Meeting minutes and footage. Traditionally, public-facing boards store meeting minutes in dusty binders, and journalists must ask permission to film meeting proceedings. The best board portal software makes it easy to post minutes on the same site with each meeting's agenda. It even seamlessly integrates multiple formats, so you can film your own board's meetings and post a link to the footage right alongside the minutes.

3. Historical records. Send the message: 'We have nothing to hide.' Good board portals make it easy for anyone to search the documents required by open-meeting and open-records laws. A meta-search by keyword finds relevant materials stored in an online archive. Such a search scans all files at once, regardless of format.

Best Practice #4: Manage Meetings Responsibly

Meetings that are open to the public welcome suspicious, volatile and domineering personalities. When they derail a meeting with their own agendas, it tells the rest of the attendees: 'I don't respect your time' and 'I don't know how to get business accomplished.' To plan for an efficient, focused meeting, create structures. Using Robert's Rules of Order creates the expectation that one person at a time 'has the floor' and that the chair can intervene at any time. Instituting protocols for speakers to register in advance of the meeting on one topic for a specified amount of time also makes it clear that nobody gets to hijack the meeting.

Best Practice #5: Monitor Progress

To publicize all the work that is getting done to advance goals, post a dashboard on the public-facing website of the board portal. It can show the exact degree to which the board is approaching the completion of its objectives. A sophisticated board portal can convert time logs into measured steps taken in pursuit of a goal, even mapping the results onto aspeedometer or other graphical scoreboard.

Best Practice #6: Balance Confidentiality With Openness

In your eagerness to make agendas, minutes, readings and historical records exceedingly easy to find, are you jeopardizing the confidentiality of highly sensitive documents that are meant for the board only? If you leave distribution of board materials to techniques prone to human error, you are doing just that. Say you cut and paste lists of email recipients, or you trust a tired assistant's memory of the names on a list. One mistake could violate confidentiality laws.

The solution is a board portal with role-based authorizations. Different audiences are filed according to their role in the organization (e.g., 'board' or 'public'). When you post a highly sensitive document for board members to read, you can specify that it appear only when they log onto the portal; when others log on, they will see a scrubbed version of the same document ' or no document at all.

Best Practice #7: Cater to Constituents With Special Needs

Traditionally, anyone interested in attending a meeting must stroll by a poster on a building to get the date and location of the meeting and then appear in person to voice their views. This time-honored custom inadvertently excludes nonambulatory citizens, the disfigured and anyone with agoraphobia. Online feedback mechanisms, meeting notices accessible from home and posted meeting video make meetings fully inclusive for the first time.

An online presence is not enough; your public-facing website should comply fully with Section 508 of the Americans with Disabilities Act (ADA), which requires accommodations for a vast array of manual, sensory and cognitive deficits. Unwitting non-compliance is the norm, as the regulations call for extensive adaptations for handicaps beyond deafness and blindness. In 2017, federal investigations of negligent entities surged (Ryan). Diligent portals lead the industry in this respect. Their executives work closely with the Office of Civil Rights as it creates each successive generation of compliance requirements.

Follow these best practices, and you'll see citizen engagement shoot through the roof. These simple governance protocols instill trust, welcome every constituent and invite communication. Your board will appear not only supremely competent, but deeply committed to the people it serves.