Run a community risk analysis

Business benefits

Identify, evaluate, and mitigate the most common legal, reputational, and personal risks of launching a community.

Create a spreadsheet to track your community risk analysis, including columns for Type of risk, Category, Specific risk, Harm, Likelihood, Impact, Mitigation, and Owner.

Risk types include:

  • Legal
  • Reputation
  • Risk to members
  • Risk to staff

Categories include:

  • Superusers
  • Data privacy
  • Ideation
  • Illegal content
  • Competitions
  • Minors
  • Bad Publicity
  • Angry customers
  • Leak of confidential information
  • Conflict
  • Harassment
  • False information
  • Burnout
  • Victim of personal attacks or harassment from members

List legal risks you might face, including those caused by superuser programs, data privacy, intellectual property, illegal content, promotions, and participation from minors. Fill out the Type of risk, Category, Specific risk, and Harm columns.

Consult with a lawyer for any specific legal risks and implications.

  • Whether your superusers should be considered employees.
  • Member data and privacy.
  • Community idea ownership: Ideas generated through community conversation may lead to intellectual property claims from the members involved in the process.
  • Illegal or illicit content: Members sharing copyrighted material, plagiarize someone else’s work, or share illicit material can be a legal liability for your organization, as the host of that content.
  • Competitions and challenges: Sweepstakes, contests, and lotteries all present different legal obligations. Some can be considered forms of gambling, while tangible rewards may be subject to taxes and regulations.
  • Protecting minors: Most countries have laws in place to protect children in online environments. Communities targeting minors have strict data privacy obligations, while those not targeting minors need measures to prevent them from joining the community.

Document reputational risks associated with your community, such as bad publicity, negative comments, and disappointed members. Fill out the Type of risk, Category, Specific risk, and Harm columns.

Common reputational risks for communities include:

  • Bad publicity due to leaked information about interactions within your community.
  • Negative comments from angry customers that disrupt the community.
  • Disappointed members who spread the word about the community’s lack of engagement or activity.

Discuss risks to members of your community with your team, including member harassment, conflicts between members, and members posting false information. Fill out the Type of risk, Category, Specific risk, and Harm columns.

Note any specific implications your industry has on these risks, as well as the specific harm you anticipate should that risk occur.

Common risks to community members include:

  • Member harassment, especially sexual harassment
  • Conflicts turning into personal insults and attacks
  • False information, especially in the finance and healthcare sectors

Identify potential risks to the staff managing your community, including burnout from content reviewed or responsiveness required and personal attacks. Fill out the Type of risk, Category, Specific risk, and Harm columns.

Potential community staffing risks include:

  • Burnout, especially for staff managing the community on weekends or after regular business hours.
  • Personal attacks from members.

Evaluate the probability of each legal, reputational, member, and staff risk actually happening. Use a scale of low, medium, or high and enter it into the Likelihood column.

For example, the more you treat your superusers like employees, the higher the likelihood of legal risk. Common dangers include replacing the work of employees, instructing superusers what to work on, rewarding superusers with tangible goods, firing superusers, and signing superusers to contracts.

Estimate the impact of each risk as low, medium, or high based on any operational concerns, data, and historical information you have. Enter it in the Impact column.

For example, information such as the lifetime value of a lost customer or the effort involved for a small team to monitor and moderate negative comments may help quantify the potential impact of these risks.

Consult with your legal and PR teams on the legal and reputational severity associated with each risk type.

Discuss with your team if and how each risk could be mitigated and who would be directly responsible for that risk and mitigation plan. Fill out the Mitigation and Owner columns.

Mitigation plans for common legal risks
  • Evaluating how much data you collect about members.
  • Creating a plan to remove data you don’t need.
  • Blocking access to specific regions due to data privacy laws like GDPR.
  • Carefully perusing your terms and conditions with a lawyer to ensure members aren’t entitled to royalties resulting from community ideas.
  • Creating a process for copyright theft and removing content quickly once notified of it to avoid any legal liabilities.
Mitigation plans for common reputational risks
  • Creating a PR contingency plan to anticipate potential bad publicity.
  • Actively responding to negative comments and creating a clear policy of managing negative comments that you can communicate to members.
  • Responding quickly to member concerns and actively soliciting feedback from users.
Mitigation plans for common membership risks
  • Creating a clear policy to prevent member harassment, including a simple mechanism to report harassment cases that’s easy for members to find.
  • Resolving conflicts quickly and before they escalate to personal insults.
  • Creating a policy to prevent members from spreading false information and take action when false information is shared.
Mitigation plans for common community management staff risks
  • Establishing clear guidelines for your staff to take time for themselves or delegate tasks when needed.
  • Advising your staff to protect themselves against personal attacks through steps like:
    • Avoiding the use of a full name or photo in the community profile.
    • Not engaging members outside of the community.
    • Turning the privacy setting on social media accounts to full.
    • Avoiding any reveal of location information on social media.
    • Using anonymous domain registrars.
    • Multi-factor authentication on all email and social media accounts.

Communicate their role to anyone assigned to be directly responsible for each risk and mitigation plan.

Update your list of potential risks at least once a month, including an updated evaluation of its likelihood within your community.

Last edited by @hesh_fekry 2023-11-14T09:24:05Z