Do you know what web 2.0 sites are doing with your identity?

There have been a number of conversations around the organisation where I work, as to the issues around using Web 2.0 sites, specifically in relation to intellectual property rights (IPR), privacy and the Data Protection Act (DPA). We are keen to encourage innovative ways in which these technologies can be used, but have the responsibility to point out how this makes people liable for ensuring any data entered is kept secure, used appropriately and that in using some sites you are signing over IPR, which you may not own or be legally aloud to hand over.

What also doesn't help is that the majority of these services are run from America, which falls foul of this part of the DPA...

"Data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data."

I've been reading up on this and I think the only time you are covered in America is if the company is signed up to the Safe Harbor Agreement. Since the Web 2.o sites are often created by enthusiasts off the back of a good idea drafted on a beer mat in a bar (a great place to be creative); I can't find many web 2.0 services that are signed up to the Safe Harbor Agreement. I'm no legal expert, so if anyone wants to put me straight on this, please feel free. I'm aware a little knowledge can be a dangerous thing!

So where does the leave the individual? I guess it leaves us with a personal decision on how much we care about our privacy versus the benefits of using web 2.0 technologies to collaborate with our friends and peers. However, when you're asking students and colleagues to use these sites as part of their work or studies, then it leaves you open to prosecution under the Data Protection Act.

So far the options we've explored as an organisation are:

• Contact each web 2.0 service provider and agree to some sort of contract that meets the Data Protection Act and any privacy requirements we want.
• Only use web 2.0 services from the European Economic Area
• Host our own web 2.0 services (using open source solutions) and therefore control the storage and processing of the data.

The first option we tried with Ning, but for a number of reasons it hasn't progressed, but I can't see it being workable as a model. What web 2.0 service will jump through a contractual hoop to provide a service for one small organisation in the UK?

The second option is also difficult, as there aren't European equivalents to all web 2.0 services; plus you're not always in a position to decide - it is the 'masses' that decide which web 2.0 service they want to use. Also not all alternative services will offer the same ease of use or functionality.

The third option is fine if you've got a large target audience that justifies the expense of hosting your own service and that you're lucky in finding, or have the resources to develop, the functionality required. So far this the option we've been pursuing in our organisation, but I'm still not sure it is the best option.

Unfortunately none of the conversations I have been involved in have come to any conclusion, apart from us all agreeing we need to do something about this. So if anyone has similar experiences or any solutions to this problem, I'd love to hear from you.

Drupal versus Joomla - more questions

Well, it appeared that my ramblings on Joomla and Drupal helped but raised a number of follow up questions. Again these are listed in case they are useful to anyone else.

Q: If the existing skillset of the development team is HTML/ASP with SQL databases, would it be a disadvantage to choosing an open source product that uses PHP and MySQL?

A: When I started as manager of my team, we were in exactly the same position as all our hand-coded pages were in ASP. There is an obvious learning curve for the developers. The principles between PHP and ASP are the same, but the syntax is different. I see absolutely no reason that having an ASP skill set would prevent a development team from using an open source CMS based on PHP and MySQL.

To help the team with the learning curve, I got someone in to deliver a training course for all the developers. I negotiated a bespoke course, which was an introduction to PHP for ASP developers. I felt that buying an introductory PHP training course 'off-the-shelf' would be too basic for them, they knew the theory, it was the differences between the two technologies they needed to get their head around. I think the trainer was in for 5 days, but trained a class of 10 at a time.

I've also since then trained a couple of developers in the more advanced aspects of the CMS, so that we can build templates and write modules if we need to. Initially that wasn't necessary but as we started to push the functionality of the site, it was necessary to have 'experts' trained up. As part of the condition of spending my training budget on them, these experts were required to help train and support the rest of the developers.

Q: How much work do your team put into the training for the CMS users?

• A: After we brought in our CMSs and started expanding them to editors across the organisation it became clear we needed to spend a lot of time training them, but it was also clear that any time spent training them was less than the time it took for the web team to clean up the site after them. So we have a very comprehensive training programme including:All CMS users attend a course on how to write for the web run by the marketing team. It has lots of practical exercises where they practice the house writing style and proof reading. It talks about branding, tone of voice, but also about the differences between writing for the web and print. For example web readers skim read so you need to be brief and break up the page with headings. All these points support the house style but are also based on best practice in accessibility and usability.
• A one hour 1-to-1 training session on how to technically use the CMS - any more than an hour is too much for them to take in. We like to train the CMS users on their site, not in a separate training site, so it gets them used to working in their site structure. The technical training is supported by simple 'how to' guides from how to add a page, to uploading an image or document. The team wrote the guides specifically for our site and were really useful in helping them to decide what they should be training the CMS users in the hour session and what should be covered later. At this stage the CMS users can access the CMS, create content, but they can't publish it. Publishing is either undertaken by the web team or another approved editor for that site. All content is checked for technical errors and against the house style.
• If the CMS users want to publish their content we have a simple test as well as having used the CMS regularly for a number of months. The test has the most common errors (spelling mistakes, poor house style, broken links, incorrectly scaled images etc) and the CMS users have to find the majority of them. We have two levels of errors, some they must find and fix to pass, others we just point out what they missed. This may seem harsh, but in giving publishing rights we are trusting the CMS users with the reputation of the organisation. To accompany all this we run monthly workshops on different topics for any CMS user to book on. The topics of these range from accessibility, usability through to specific functionality in the CMS. We share the presentation between 5 people, so its not to onerous on our time. We have also offered drop in sessions as workshops so the CMS users can bring anything they want our help with.
• We also have a help and support site for the CMS users, with the quick guides, handouts from the workshops etc

This may seem like a lot of training, but since the website is the public face of the organisation the quality of the site does have an impact on our reputation.

We also have some external software that runs compliance and readability tests on the site. It's not perfect but it helps the team monitor the site and go into to fix any major issues. We then approach the CMS users and tell them what we've fixed and why.

So far all this training has been well received by the CMS users and successful from our point of view.

Drupal versus Joomla

Now I'm no expert on Drupal or Joomla, so these are just my thoughts on a number of questions I was asked via a contact at the Public Sector Forums. They were looking for a content management system for a project and were considering open source systems to keep the cost down - it seems a common reason for turning to the open source community. They contacted me as I'd contributed to a post on the forums talking about how the team I manage had been using Joomla and lately experimenting with Drupal for some of our web development projects at work.

They are listed below with my responses, in the hope that anyone else asking similar questions might find them useful.

Q: How are you finding the products (Joomla / Drupal)?

A: The web team have used Joomla more than Drupal and they each have their own benefits. I would say Joomla is better for information sites and Drupal for what I would call 'social sites' - where the functionality of the website has elements of social networking.

Initially all our sites were built in Joomla 1 and we hit an issue where our website structures tended to have 4 levels and Joomla 1 was built with 3 (section, category, item). I understand 1.5 is less restrictive but it did cause problems for us in the past.

So for out larger more complicated sites we've started experimenting with Drupal 6. It has more flexibility in its number of categories and also has more flexible user permissions, which are features we find particularly important. Although we develop websites, the content is contributed by web editors who have little or no prior experience of web development. So this flexibility means we can give them a site structure that makes sense to them and at the same time closely manage permissions only allowing them access to what they actually need.

The functionality of Drupal and Joomla appear to be pretty similar - so far there hasn't been anything we've not been able to do by installing extra modules - most of which are free, some of which we've bought at a small cost. We've not needed to develop any modules ourselves as yet.

Q: How easy is it to set up a new site using Joomla and Drupal?

A:  Joomla is slightly easier to set up if this is your first foray into web content management systems; Drupal takes a bit more getting your head around, but once you do, it seems to be a more powerful system. They both use MySQL and PHP so the underlying technologies and the site administration skills required are the same.

Q: Did you have previous experience of implementing a CMS before starting the projects?

A: I took over managing a web team 3 years ago and when I came in the website (or more accurately a collection of mini sites) were mainly hard coded with a database and an administration site behind them. However, each developer programmed the sites in a different way and there was no consistency in how the administration sites worked. At the same time a new Marketing Director wanted to develop the website and we just didn't have the resources to meet the demand without bringing in a CMS.

Despite having the skills internally to complete the project, we brought in an external agency for the 'new broom effect'. The internal web team worked with the external agency to pass on as much knowledge of the idiosyncracies of our organisation as possible. I don't think any external agency can provide that knowledge - no matter how much experience they say they have in the sector.

However, the 'bought-in' CMS wasn't appropriate for all our sites as we couldn't tie all our clients into a proprietary CMS, so we brought in Joomla as an open source solution. That meant if they ever wanted to move their site elsewhere they could do.

Q: What implementation method did you use?

A: As I mentioned above we went different routes for different reasons. For the main site we bought in services and a CMS. For the open source solution I didn't feel the need to go externally. I have a great site administrator who downloaded Joomla; installed it on a test server and learnt as they went along. There's lots of information on the web and I probably bought a book or two to help them, but otherwise there was little expense.

Q: What sort of timescale did you work within for the implementation?

A: Joomla and Drupal are really quick to set up; you can easily set up the bare bones of a site in a day. Since the team learnt on the job this added a bit of time as there was a learning curve with the software and some research time finding the best modules to get the correct functionality. We also subscribed to an external site (Joomla Art) so that we could install pre-built themes and amend them as required rather than starting from scratch. However, not all the themes are WCAG compliant which was a consideration for us when selecting templates.

I think we had our first site live in a couple of months, but most of that time was spent getting the information architecture right - getting that right meant the site build itself was done in a couple of weeks.

Q:  Did you pay for any extra elements such as an ongoing licence to support extended features / updates?

A: Not really, some of the better modules are the ones with a one-off cost associated, but they have never been a large amount of money. I haven't paid for any formal support contracts, although I'm sure there are companies offering them. The scale of the Joomla / Drupal sites hasn't justified the cost. I guess if I was to run the main website on an open source CMS, I might consider it.

I would say that the decision is ultimately a question of risk versus budget - since you're relying on the resources of an open source community, there is a risk that any issues aren't solved quickly. A support contract would mitigate that risk and provide a 'safety net' that might make key stakeholders less nervous. Though I can honestly say, so far our sites have never been down to issues with the open source content management system itself; we have more problems with power failures, server hardware and dodgy air conditioning in the server rooms.

Q: What are the main differences between the two products and which one of the two would you favour?

A: As I've mentioned before we use the two products for different purposes. Although in the longer term I would like to move to Drupal. The team are still learning about the software, but since it seems to be more flexible but still provides the same functionality, it seems the sensible way to go eventually. There is a cost to the team providing training and support for two open source CMSs (on top of the proprietary one), so in just using one open source CMS, I can minimise these costs.

General Advice

As a close to the questions I added the following general advice:

• The ease of use of the CMS back end for the everyday web editor is important. Whatever system you bring in, if it is not intuitive to use the work will come back to the web team and that defeats the object of having a CMS.
• I've found the actual site functionality differs little between any CMS, open source or proprietary, so I wouldn't worry about that too much in the first instance.
• Bear in mind, coding standards, database standards and interoperability - it is fine adding masses of information to a CMS, but what happens when you want to migrate that data to another CMS - how easy is that?
• Also since web accessibility is a hot topic for the public sector, please bear in mind that not all developers are equally switched onto the issue. So the accessibility of the software and the modules available, would be one of the criteria I would use in the selection process for any CMS, or when sourcing additional functionality for a CMS.