Bolivia Data

For the Quechua community in southwestern Bolivia, the reduction of the rainy season from five to two months and the flooding and erosion it brings result in a loss of crops and livestock.


This is a joint post with Maren Deepwell (cross-posted here). If you have missed our earlier posts we encourage you to revisit the beginning of the story of how we, as senior staff, lead our organisation to adopt virtual operations.


April


This month we reflect on the first 3 months operating as a virtual team, delivering our first few big milestones and look back at the OER18 conference.


Maren: It’s been three months now since we transitioned to operating as a virtual team. Looking at the bigger picture, I feel we are on the right track [cue celebratory sounds here]. A lot of what we had planned and prepared for is working and with some of this year’s key deliverables successfully achieved, we have evidence that we are achieving what we need to. As an organisation we changed more than the way we operate over the past three months as we started to employ staff directly at the same time. For me, that part of the transition had to take priority over everything else. Payroll, pensions, tax and HR had to be in steady state, putting staff welfare, support and recruitment first. Those were the things I really worried about. So it’s a relief to have managed some of the biggest risks successfully and for more and more of the way we operate as a new employer to happen in steady state. When I reviewed our progress recently I realised that whilst I was focused on the transition, we have also made a lot of strategic progress – including delivering one of the largest events in our calendar, the OER18 Conference. What’s your perspective now that the event is successfully behind us?


Martin: For me, I was interested in how the runup to OER18 conference would work out. This was our first big event where the entire team were distributed. With multi-day events I think it’s hard to appreciate just how much goes into them if you haven’t organised one yourself. Even in a digital age various things need to go to print, you’ve got material and equipment that needs to be delivered and there are some practical things like getting conference badges prepared. As part of our distributed organisation we now have distributed resources which needs some extra logistical planning to bring together at the venue. Overall this aspect went well but one of our couriers let us down and failed to pickup a next day delivery. As it happens the pickup was for some extra banners which in the end we could get away with not taking. Fortunately the bulk of material was handled by our regular courier who we have a long standing relationship with. The challenge now for us as a distributed organisation is we need to develop relationships with additional service providers, either out of doing things differently or because we are all not in the same place. This takes time and effort which I think should be factored in if you are thinking about moving your organisation to a distributed or virtual structure. Has OER18 highlighted anything for you we should take a new approach on?


Maren: Yes, I think it has and it feels timely. The work on the conference felt like a useful way for us to pull together as a team and work together virtually. It helped highlight which parts of our new virtual set up are working well and it also made me realise how much has changed in a short space of time. Because the change has been strategic and welcome, it’s felt inspiring and positive overall, but we mustn’t forget that change takes time. Our expectations of what we want to achieve are high and sometimes I have to remind myself that it takes a lot of doing to put in place new ways of doing things. Doing something once isn’t enough. In my mind the kinds of considerations you are talking about, like building new relationships with suppliers, adapting what we do and how we do it, are helpful to me now – and to us as a team, but they wouldn’t have been a few months ago because there was no capacity to handle any more novelty. Now, when we evaluate the OER conference, I feel we have the capacity to put what we’ve learnt to good use in the run up for the next event. Another aspect of running an event as a distributed team I am thinking about is meeting up beforehand. For example, we had an evening to get ready this time, but not many hours at the venue. I feel this is particularly important for members of the team who are new and haven’t been part of delivering an event with us. As we are recruiting at the moment, I am considering that with new members of staff joining soon, ahead of a bigger conference I might value more time. What are your thoughts on this?


Martin: Interesting point about time considerations. Knowing our Annual Conference is our next big event where we have at least 4 times more delegates it’s going to be important to factor in some of the practicality of badge stuffing and conference material gathering. Something that I only considered after OER18 was that we could do more to distribute our printing, both in terms of when and where it is done. For example, as part of our move to a distributed organisation we limited the purchase of printers to just getting one for our Finance Officer. I already use Google Cloud Print at home, which essentially lets you turn any printer into a network printer. Adding our printer to Google Cloud Print would allow us to share the printer with our team. There is still a logistic issue of getting materials we print to events but at least they would be in one location where we also have access to a reliable courier. The occasional printing we do is however only a small part of event delivery and in the bigger picture it would be useful to revisit our conference plan to see what we can prepare earlier to remove some of the end loading, like batching badge production. Whilst the Cloud Printing is a small example I think it reflects what you were saying about a wider change in the organisation. It feels like we have more agility in how we approach and solve problems.


Maren: I agree with that. The first few months we had our preparations to build on and then the event to focus on, now we are moving on to the next phase: doing things differently, expanding (admin) support for virtual operations and updating our plans. The conference was a good catalyst to highlight the kind of questions you raise and also our skills and competencies and the gaps in them. One of the problems in Learning Technology I come across again and again is how to build a successful organisational culture when tech, expectations, milestones etc keep shifting. I relate to that in a different way now, because as you point out, we have a lot more scope now to be flexible, to solve problems creatively rather than having to work around them. We’ve committed to being more agile and I’m discovering what that means in practice for me as an individual, for us as a team and as an organisation all over again.


Martin: Noted computer pioneer Alan Kay uses a quote from ice-hockey player Wayne Gretzky “[a] good hockey player goes to where the puck is, [a] great hockey player goes to where the puck is going to be”. If a system is in steady state everything is predictable, removing this means as an organisation we have more control about deciding where we want to be. By creating an organisational culture where there is scope for not following the puck we become more comfortable in not being in steady state, as a result more confident in finding solutions to problems as they emerge. Something I think required to make this successful is an existing confidence within the team … success breeds success.

To begin with a disclaimer. This post has information related to the new EU GDPR regulations that comes into effect on the 25 May 2018 which might be of interest to Google Apps Script and Add-on developers. I’m not a Google employee, lawyer, or a data protection expert and I’m only sharing my interpretation of information I’ve gathered for your consideration and is not legal advice. As this is a complex area the post is in two parts. This part looks at key definitions to help you find out if your G Suite Add-on or Google Apps Script project needs to consider personal data protection. The second part identifies 12 steps you can take if your add-on processes personal data.


This post was also written with Steve Webster G Suite Senior Solutions Architect and Developer at SW gApps (also not a Google employee, lawyer, or a data protection expert)



Definitions


The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. – Wikipedia


GDPR compliance isn’t just required by EU based organisations. Any ‘enterprise’ processing ‘personal data’ from EU citizens needs to be GDPR compliant or they can face “penalties of up to 4% of worldwide turnover or €20 million, whichever is higher”. This means if your add-on or Apps Script project has EU citizens using it you might need to comply with the GDPR.


Personal data


Before going further let’s look at the definition of ‘personal data’ which is covered in Article 4(1):


‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;


So the first question you might want to ask yourself is does your add-on use any personal data. It is important to remember here that the definition of personal data is broad and can include data that has been hashed:


Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual. – UK ICO Key Definitions


For example, within Google Apps Script you can use .getTemporaryActiveUserKey(), which is a temporary key that is unique to the active user but does not reveal the user identity. Using this by itself would probably not fall within the GDPR as it is pseudonymised, but if this is combined with other data like location you could argue that it is indirectly identifying a person and if this person was an EU citizen you would need to be GDPR compliant.


Data controller/Data processor


Within the context of add-ons depending on how personal data is being used you might also be a ‘data processor’ and/or ‘data controller’. The UK ICO defines controllers and processors as:


A controller determines the purposes and means of processing personal data.


A processor is responsible for processing personal data on behalf of a controller.


The Irish Data Protection Commissioner provides further guidance on how to identify if you are a data controller:


In essence, you are a data controller if you can answer YES to the following question:


Do you keep or process any information about living people? – IE DPC



For example, if your add-on or Apps Script project in some way lets you collect and store user email addresses you would be a data controller.


Let’s consider another example where you as a developer created a Google Sheets add-on which allows email addresses entered by the user to be used to send emails from their Gmail account. In this scenario the add-on only uses Google services available in Google Apps Script to programmatically read data from the user’s Google Sheet and send emails from the user’s Gmail account. At no point in this process would the developer have direct access to the user’s Google Sheet or Gmail account and this functionality would be entirely executed within Google services and servers. Is the developer the ‘data processor’?


I would argue that if at no point the developer accesses personal data entered by the user that they are not a ‘data processor’. The distinction is important because:


If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach – (UK ICO – Key definitions)


If your add-on interacts with the users data in a way that it’s accessible to you e.g. temporarily storing personal data like an email address in a Firebase Realtime Database, I would argue this does make you a ‘data processor’ and for data from EU citizens places GDPR requirements on you. But as mentioned I’m not a lawyer and you might want to seek further advice on that.


Enterprise and economic activity


You might argue that you provide your add-on for free or you are not incorporated as a legal entity so regardless of whether you are a data controller or processor you are exempt from the GDPR. Article 4(18) provides a definition of ‘enterprise’ which is:


a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity


Your next question might be what is defined as “economic activity”. Robert Madge writes on MyData:


economic activity is ‘offering goods or services’ (even if no payment occurs). The case law shows a broad interpretation of ‘offering goods or services’ to cover sales, supply and even purchasing.


So even if your add-on is free you are offering goods or services and therefore, with EU citizens, you need to be GDPR compliant. An exception to this is if processing is carried out by individuals purely for personal/household activities as covered in Recital 18, however, even if your add-on purely personal or household activity the GDPR still applies “to controllers or processors which provide the means for processing personal data for such personal or household activities”


Coverage from Google Privacy Policy


I had a look at the updated Google Privacy Policy which covers services like Google Drive so see if this provided any cover for third party developers. For example, Google uses Google Analytics in it’s services covered in it’s privacy policy and I wondered if you used Google Analytics in your add-on you would be covered by the same policy. Google’s privacy policy however states that:


This Privacy Policy doesn’t apply to … services offered by other companies or individuals, including products or sites that may include Google services


Next steps…


If you’ve concluded from the information provided that your add-on is processing personal data from EU citizens you can find out 12 steps to take now.


As noted at the start I’m not a lawyer or a data protection expert so if you have any corrections or additional information please share in the comments or get in touch.


 

To begin with a disclaimer. This post contains information related to the new EU GDPR regulations that comes into effect on the 25 May 2018 which might be of interest to Google Apps Script and Add-on developers. I’m not a Google employee, lawyer, or a data protection expert and I’m only sharing my interpretation of information I’ve gathered for your consideration and is not legal advice. As this is a complex area the post is in two parts. This part is the second in the series. In part one I looked at key definitions to help you identify if your G Suite Add-on or Google Apps Script project needs to consider personal data protection. If from that post you concluded your add-on or Apps Script project needs to add personal data protection this post identifies 12 steps you can take now.


This post was also written with Steve Webster G Suite Senior Solutions Architect and Developer at SW gApps (also not a Google employee, lawyer, or a data protection expert).



Limiting access


In the previous post I looked how GDPR provides “data protection and privacy for all individuals within the European Union” including data from EU citizens even if it is used outside the EU. One option is to avoid the GDPR by preventing EU citizens using it. You could do this by selecting the regions when you publish your add-on. One issue with this is not all EU countries are individually listed (Croatia, Republic of Cyprus, Latvia, Luxembourg, Malta and Slovenia are not listed). I’m not sure if for example you just selected ‘United States’ this would prevent all EU citizens accessing your add-on. Another consideration is if you are updating publication settings for an existing add-on, does this prevent existing users from the EU from continuing to use your add-on?



Embracing GDPR


Another option if you use personal data in your add-on is to use the GDPR as an opportunity to improve your data handling and transparency. A number of services based outside the EU have incorporated aspects of the GDPR in their privacy policies and working practices.


A good starting point is the UK ICO Preparing for the GDPR – 12 steps to take now (.pdf). The document contains more details on each of these steps and an annotated extract is contained below:


Preparing your add-on for GDPR – 12 steps


Awareness


You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.


Hopefully this post is proving a useful starting point.


Information you hold


You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.


For the majority of add-ons I’d imagine the personal data is limited so this should take too long. For EU based developers this is something you should consider doing for your entire company.


Lawful basis for processing personal data


You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.


The GDPR defines six lawful bases for processing personal data of which at least one has to be used when processing personal data from EU citizens:



  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

  • Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

  • Vital interests: the processing is necessary to protect someone’s life.

  • Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

  • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.


In an add-on you may discover you need to handle lawful basis for the different types of personal data you use. For example, if you include Google Analytics or another tracking service to monitor your add-on usage you will probably require consent from the user, but if you have premium options in your add-on you may use a contract as lawful basis.


Within the context of add-ons and Apps Script projects in terms of lawful basis other than consent and contract you might want to spend time looking at ‘legitimate interest’. The UK ICO guidance on ‘legitimate interest’ states:


Legitimate interests is most likely to be an appropriate basis where you use data in ways that people would reasonably expect and that have a minimal privacy impact. Where there is an impact on individuals, it may still apply if you can show there is an even more compelling benefit to the processing and the impact is justified.


‘Legitimate interests’ can be conveyed in your user privacy notice and might be well suited to add-ons as you could argue that by installing and using the add-on there is reasonable expectation and compelling benefits. Using ‘legitimate interests’ comes with extra responsibilities including conducting and recording a legitimate interests assessment (LIA).


Consent


You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.


If using consent as a lawful basis for processing personal data you need to keep a record on an individual basis. The UK ICO note that “consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent”.


Communicating privacy information


You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.


To be GDPR compliant there are a number of things you need to do regarding the data you collect, it’s handling and recording action. Google already requires all new add-ons to have a privacy policy which is an opportunity to state if you are using personal data how it is “processed lawfully, fairly and in a transparent manner”.


For existing add-ons you might want to use ‘legitimate interests’ as a lawful basis if you are processing personal data of existing users. The UK ICO’s guidance states:


If for example you have been processing on the basis of consent but you find that your existing consents do not meet the GDPR standard, and you do not wish to seek fresh GDPR-compliant consent, you may be able to consider legitimate interests instead. However you must be confident that you want to take responsibility for demonstrating that your processing is in line with people’s reasonable expectations and that it wouldn’t have an unjustified impact on them.


You must still ensure that your processing is fair. If you wish to move from consent under the 1998 Act to legitimate interests under the GDPR, you need to ensure that you clearly inform individuals of the change in your privacy notice. To ensure there is no unjustified impact on their rights, you should consider giving them a clear chance to opt out, and retaining any preference controls that were in place.


Individuals’ rights


You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.


The GDPR gives the following rights to EU citizens regarding personal data:



  • The right to be informed

  • The right of access

  • The right to rectification

  • The right to erasure

  • The right to restrict processing

  • The right to data portability

  • The right to object

  • Rights in relation to automated decision making and profiling


An important consideration is the lawful basis you choose for processing personal data affects the rights the user has to erasure, portability and objection summarized in the table below:




Image source – ICO Lawful basis for processing


Subject access requests


You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.


The new timescale for subject access requests is one month. As noted in the UK ICO’s 12 steps:


the right to data portability is new. It only applies: to personal data an individual has provided to a controller; where the processing is based on the individual’s consent or for the performance of a contract; and when processing is carried out by automated means.


Children


You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.


This might be particularly important if you are developing add-ons for education.


Data breaches


You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.


With data breaches the UK ICO highlight that:


the GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.


It appears breaches should be reported to the appropriate authority in your jurisdiction. As knowing who this is isn’t always straightforward to find out you should have this documented. For US based developers here is a Summary of U.S. State Data Breach Notification Statutes (the 72 hour window applies to EU citizens data, you may discover your jurisdiction has additional requirements).


Additionally for add-on breaches you might want to contact Google directly. A contact address list on Google’s Privacy Shield is data-protection-office@google.com.


Data Protection by Design and Data Protection Impact Assessments


You should familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.


At the heart of this is having in place the appropriate workflows and policies. Having documented workflows is useful as doing Data Protection Impact Assessments are not always required.


Data Protection Officers


You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. You should consider whether you are required to formally designate a Data Protection Officer.


If you are the sole developer this will be easy… Depending on the circumstances, including the country you are based in, you might have to formally register a data protection officer. In the case of the UK the ICO has a self-assessment tool.


International


If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.


A common myth with the GDPR is data about EU citizens can’t leave the EU. This is not true. The UK ICO guidance on the GDPR Chapter V requirements is:


Transfers may be made where the Commission has decided that a third country, a territory or one or more specific sectors in the third country, or an international organisation ensures an adequate level of protection.


Whether a country provides an adequate level of protection is decided by the European Commision:


The European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework) as providing adequate protection. Adequacy talks are ongoing with Japan and South Korea.


In the case of transfers to the US this is on a company rather than country basis under the EU-US and Swiss-US Privacy Shield framework. Google is certified under the Privacy Shield so personal data on Google’s infrastructure should have the adequate level of protection. A consideration for developers is if your add-on sends personal data to other non-Google services is whether those services are in recognised countries or have been certified under the Privacy Shield.


Summary


Hopefully this post has highlighted some actionable steps you can take now. In writing this post both myself and Steve contacted Google asking for clarification for add-on developers. Unfortunately there has been no comment from Google, but you can learn more about how Google is committed to GDPR compliance across G Suite and Google Cloud Platform services.


As noted at the start I’m not a lawyer or a data protection expert so if you have any corrections or additional information please share in the comments or get in touch.


Additional Resources


The GDPR is a big topic but sites like the UK’s Information Commissioner’s Office (ICO) have lots of useful resources to help with the GDPR.

Opportunity knocks: Using GDPR to strengthen virtual teams


This is a joint post with Maren Deepwell (cross-posted here). If you have missed our earlier posts we encourage you to revisit the beginning of the story of how we, as senior staff, lead our organisation to adopt virtual operations.


May


This month we discuss our approach to GDPR, evolving virtual working practices and the importance of explaining the reasons for new procedures as part of implementing them.


Maren: We at the end of a super busy month and part of what’s been keeping us busy is GDPR… (thanks for writing handy blog posts for us to reference here). We’ve worked hard on the contractual, technical & legal aspects, but it’s also been an opportunity to review our relatively new virtual working practices. One issue I have been thinking about is finding the right balance between providing guidance and support whilst ensuring individuals also take appropriate responsibility. For example, we have policies about how to secure laptops or delete temporary files and we regularly review these as a team and share updates on how we are implementing them. Yet even though you can monitor and review processes regularly there is a large element of trust in our virtual working culture. To some extent we have to rely on everyone taking responsibility and making it part of their day to day working habits to follow new procedures. Explaining the reasons why we mandate certain things should help ensure that everyone understands their importance. In the GDPR training we did as a team, talking about how the new legislation relates to our values as an organisation (e.g. how that is reflected in ALT’s Privacy Policy) and why it affects us as staff on an individual basis was a really important moment for me. What’s your view on this?


Martin: GDPR has been a great opportunity to think about how as a team we store and process data. As a data controller one of the things we have implemented is documenting our data processing activities which includes how and where data is stored. Another critical aspect is how data is transferred. For our team this is greatly simplified by predominately being a Chromebook based organisation with centrally managed devices. This means we can mitigate a number of risks through device security policies and the build-in security features of Chrome OS. Another key aspect is we have a ‘home working’ rather than ‘remote working’ policy. This removes risks associated with regularly using open wifi networks in places like coffee shops, but does however leave open two questions: how do we ensure the security of home networks; and given a number of our team also travel maintaining security on the road. The process of preparing for GDPR has highlighted that there is more we can do to secure data transfer, the solution being investigating VPN options. Besides the technical solutions it’s also been useful to reflect on how the team is responding to personal responsibilities mentioned. In the case of GDPR it’s been great to see our team respond to the training we’ve provided and being proactive in both highlighting areas where our procedures can be improved and also suggesting or making the changes required themselves. Not being co-located removes some of the opportunities to get an idea of how someone is doing, for example, body language is largely filtered out in Google Hangouts. It was only when I reflected on this that I realised I’ve started relying on other indicators.  Has our work around GDPR highlighted anything like this for you?


Maren: You make an interesting point about tangible and less tangible indicators and how they can help inform our approach to supporting and leading the team. As you say, GDPR has created a lot of crossover between policies that apply to our organisation as a whole, publicly, like the privacy policy, as well as the workflows that support membership services, and reaching over to personal working practices at home and whilst travelling. Tangible examples of how all the new procedures and policies are being implemented, like seeing new forms, or workflows or questions being discussed, is important. Together with the reporting and monitoring processes we use, these kinds of indicators enable me to manage the operational side of things. The less tangible things you refer to are harder to pinpoint, but I am also finding them more important since we have become a virtual team. They could be things like a casual comment or an informal conversation or something I spot when screen-sharing or working on a shared document. The more time I spend collaborating, the more I get a sense of how things are going. We have mentioned before how we have a ‘Show & Tell’ element at each of our weekly team meetings and recently we had several weeks of sharing what we use to manage our to do lists and plan our work. For the next month or so we will include a GDPR element in each team meeting, with everyone bringing examples of how they are implementing the new policies. All of these opportunities to collaborate, hearing colleagues think out loud, are valuable for helping me understand how others think or see things, and that enables me to better explain/support new processes.


Martin: Another aspect of our GDPR implementation I’ve been reflecting on is the degree of visibility of our individual activity to each other. In the case of GDPR I put a lot of effort into researching what we were required to do as an organisation and understanding various aspects of the new regulations from a legal and practical perspective. Parts of this process left very few tangible outputs and in some cases some of the outputs were not suitable for circulation in the team. It was a reminder that it’s not always possible to share everything we do and a level of trust is required. It was also a reminder of why our weekly team meetings are so important and arguably more important than if we were working in a face-to-face setting. You mentioned that our ‘Show & Tell’ has recently focused on sharing how we each plan our work. It was interesting to see the diversity of approaches and the varying levels of detail that we each use. As my role is very diverse rather than having a single method I adapt my approach. For example, in the case of GDPR I’m using a mixture of our GDPR action plan in Google Documents and Sheets, Google Keep lists and managing my inbox with labels, stars/flags and snooze. For other projects like the Annual Conference we have a shared project plan we can all report our progress against. In the case of the Annual Conference this has changed little from when most of the team was office based. I think this still works well but wonder if we were creating this from scratch as a virtual team would you do something different, in particular, to increase the visibility of what we are all doing at a particular time?  


Maren: I’d like to do that – spend time thinking about what starting from scratch would look like. I imagine that (1) our values, (2) the importance of working together with volunteers, our Members, and (3) our overall policies for working would remain constant. But… there are other factors: the size of the team means necessarily that many tasks are more independent and only some a consistent team effort. With 5-6 staff you can’t easily create sub-teams for example that would work together ‘more visibly’. I’ve also considered tools like Trello or Slack, but I’m not sure how well they’d work for everyone, and I feel allowing everyone a choice in which methods to use for organising work, e.g. what we shared in our to do list show & tell sessions, can really contribute to productivity. We have our overall operational plan which all other plans/lists are related to and in my mind that provides the consistency required – although maybe we could make use of it more frequently. Overall the high level of our output and achievement is a good indicator that our current practice is effective, and that is reassuring. What I mean to say is that we have an opportunity rather than having to reimagine what this could look like. Hearing you reflect on your perspective and comparing it to my own has opened up the question what this looks like for each of us. With a team away day coming up in a couple of weeks we could take the opportunity to dedicate some time to reflect on this as a group

Tourism
Bolivia's National Museum of Archaeology has launched a project to reconstruct skulls from the pre-Columbian Tiahuanaco culture, in order to discover what the faces of people looked like who lived in the Bolivian Andes more than 3,000 years ago, the Culture and Tourism Ministry said. The museum ...
The project, which has become famous in other cities in Latin America like La Paz, Bolivia, will be a game-changing addition for a city in need of more public transport. But, as in cities like La Paz, the cable car system could also become a serious tourist attraction — a way to see the city from a very ...
The project, which uses 3D technology, is driven by the Ministry of Culture and Tourism of Bolivia. The Center of anthropological and archaeological research, administration of Tiwanaku provided these skulls for the investigation, together with other 150. Castedo explained that the procedure is carried ...
He explained that the reconstruction process, which done with the assistance from Bolivia's Ministry of Cultures and Tourism, begins with a chronometric study to take the measures of each skull and facial features. Next, liquid latex (rubber) is applied on the scalp to produce a replica in plaster ceramic ...
NAVARRE BEACH — Sweet Pea, the resident juvenile green sea turtle at the Navarre Beach Sea Turtle Conservation Center, met with some international visitors Thursday afternoon. A handful of people from Bolivia visited the center as part of the U.S. Department of State International Visitor ...
HOLT — A group of Bolivian citizens visited the Blackwater River State Park Friday morning as part of the U.S. Department of State International Visitor Leadership Program. On Thursday, the group visited Gulf Islands National Sea Shore in Navarre. The goal of their trip to the area is to gain insight into ...
Federal Tourism Secretary Enrique de la Madrid said yesterday that the greatest challenge for Mexico's tourist destinations is to reduce crime levels. Los Cabos, La Paz and Cancún have also seen significant spikes in violent crime. Astudillo also said that he was in favor of a proposal put forward by ...
The Bolivian Ministry of Culture and Tourism began today the second version of the ReivindicArte-Bolivia program, an initiative consisting of taking public and ... Alanoca explained that ReivindicArte-Bolivia was born of the need to make people exercise their cultural rights and acquire knowledge and ...
Bolivia's economic profile is more diversified than the Venezuela's oil and gas- centric model and includes mining, tourism, agriculture, and more alongside some of the world's leading commodities. The Bolivian economic structure would benefit greatly from the return of the land in question through the ...
NUEVA VALENCIA, GUIMARAS—The first thing you notice about the coastal village of La Paz here is its unusual cleanliness. Sacks hang from bamboo fences for passersby to drop plastics, cigarette butts and other trash. Soda bottles are but colorful plastics on display but not strewn around.
La Paz's council and residents are to hold a soft launch of their tourism initiative, Himal-us Tours, by the end of April. The tour will start at 4 p.m. with snacks and a visit to Sitio Sumirib, the community center of La Paz. Before dinner, visitors will have several activity choices—check out local craft, recharge ...
The Mexican government's National Commission of Protected Natural Areas (CONANP) outlines and promotes environmental standards for the area; the citizen-run La Paz Waterkeepers prevent illegal fishing and other illicit behaviors; and tour operators like RED are investing in research, promoting ...
Some tours that are featured include the following: Italy's Treasures, Exploring South Africa: Victoria Falls and Botswana, Machu Picchu & The Galapagos Islands, Mysteries of India, Cultures of Peru and Bolivia, Journey through Southern France, Treasures of Egypt, Wonders of China and the Yangtze ...
The Joint European Strategy is dedicated to improving the lives for the Bolivian people in eight priority sectors, including culture and tourism, rural development and food security, integral development with coca and the fight against drug trafficking, education, governance, environment and climate ...
Bolivia, who has taken part in the Rally every year since 2014 has experienced a rise in positive tourism due to the race, but La Razon explained that ...
He pointed out that the Tourism Security and Justice Bureau for La Paz and Los Cabos had specific goals, clear routes and addressed issues in a ...
However, violent crime has affected some of Mexico's most popular tourism hotspots, such as Los Cabos and La Paz in Baja California Sur and ...
The ceremony was attended by Bolivian President Evo Morales, who ... and hydrocarbons, as well as other complementary sectors such as tourism.
SERDANG: The Malaysian Association of Tour & Travel Agents (Matta) Fair ... spot with the same wonder in Bolivia," he said adding that such wonders needed more ... "In 2016, Tourism Malaysia recorded 66 million domestic tourists ...
Despite a surge of violent crimes in popular tourist areas such as Los ... Tourists take pictures on a pier in La Paz, Baja California Sur state, Mexico on ...
SAN BUENAVENTURA, Bolivia – The Tacana people, denizens of Madidi National Park, located in the heart of Bolivia's Amazon region, are betting ...
The project cost US$84 million to carry out and is of importance to Bolivia, as it will improve transport connections and improve trade and tourism in the ...
Skip Becker of the La Paz Economic Development Corporation and Mary Hamilton of the Parker Regional Chamber of Commerce & Tourism ...
Visitor numbers to La Paz and Loreto grew by 12% and 26% respectively last year but the number of hotel rooms only increased by 2% in the former ...
Interview: Bolivian president's China visit to spur bilateral ties: Chinese ... From last year, Bolivia began issuing visas to Chinese tourists on arrival, ...
China hopes to work with Bolivia to seize the new opportunities for the ... as economic and trade, tourism and culture, and increase imports of Bolivia's ...