Dealing with infuriated members - when they forget that they have an account


I’d like to get your opinion on something that has happened recently in our community. I manage a platform with over 200 online communities for people living with rare diseases worldwide.

Our members are a very unique group of people. They tend to be depressed, sad and frustrated but they are also very motivated and generous. In some of the cases, the disease limits their quality of life and they find it difficult to navigate the site. Some members like to stay to get help but also want to help others but others sign up looking for answers and they usually never come back. This is a bit of context.

We keep creating communities every time there’s a need, about 2 new communities per month. So in some cases, those members that had joined years ago when there was no community for their disease, get one now. So if they mentioned their disease on their profile description or on any post, we manually join them to the community and email them informing that a new community for X disease has been created. We basically do it to make things easier for them. And because they haven’t logged in in a long time, we help them reset their password, explain how the community is structured, etc. People are always very cool and thankful with this but I guess that there are always exceptions.

This is a particular case that happened a few days ago:

  • We created a community for a rare disease and we emailed all the members that had mentioned living with this condition in the other communities. The usual.
  • One of them was a member with multiple rare diseases diagnosis that had joined another community and posted her story 5 years ago. Hadn’t logged in in the last 2 years.
  • This member replied to one of our automatic email alerts (a kind of welcome email) asking who we were and how we got her email address and that she wanted to “be removed from this group”
  • I sent her a reply using my email address asking whether she wanted to be removed from the recently created community or from the entire platform since she entered her account in years and that I could help with both things.
  • She was infuriated and came back to me saying that her email address was shared with someone and that we had infringed her HIPAA rights (illegal use of her identity, identity theft charges, etc) and that she was about to contact a lawyer
  • I deeply apologized and explained things in the most clear way I could find. I explained again who I was and what had happened and that her email address hadn’t been shared with anyone and that I just needed some information before removing her account completely because I wasn’t sure that’s what she wanted.
  • I’m still waiting for her reply.

I want her to see that her privacy was not violated at any time. It’s not the first time that people forget that they have an account or they even deny setting up one but when we explain it they usually understand.

I see now that even that some members appreciate when we facilitate things and join them to a new community, it can lead to situations like this one. We want to learn from this and we want to do things better. I also think we should be more strict and protect ourselves from future cases like this one.

Has this happened to any of you before? How did you handle it? How could we have manage it better?

Thanks for your input.

We just had something similar happen! Our was around GDPR - one of those, “How do you have any of my info? What info do you have? Delete all of it. You have 30 days to comply.” We ended up sending her an export of the content she had posted in our forums and then email confirmation of her deleted account and content. I normally hate to delete content, but this was from 2012 and just 2 questions, so we were okay to let it go. Had it been a prominent/active/helpful member, we probably would have kept the content, changed the user to “former member,” and deleted their account.

Can you do an explicit opt in for joining new communities in your registration? I assume you have check boxes for accepting T&C and/or being added to email notifications. I’d add one more that grants you permission to extend their membership to new communities.

Or instead of adding people, just use the email to invite them to join the new ones.

We experience this as well - we also have oncology communities where chemo really impacts their ability to remember (remember signing up, remembering username, etc.). One thing that might help - do you have a link in your automatic notifications that has info on “Why am I getting this email?”
I’ve seen Mailchimp offer that feature, as well as a few other communities.


So you signed them up for a community that they didn’t explicitly ask for. Does it have the exact same domain name as the one that they joined?

Maybe not automatically join people to a new community if they haven’t logged in within some reasonable time-frame (3 months? 6? 1 year?)


Do you use the Revoke Consent part of GDPR?
We do and people who are upset use it - we give them fair warning of what it means - then they don’t scream at us with the tips of their fingers so much!

If they calm down and want back in we have a form they have to fill out that we attach to their member profile.

We also have a lot of email opt out categories, so they can unsubscribe from emails for a certain group,

(You are doing amazing work!)

Right now, we have volunteers emailing all members of certain groups. and asking if they want to continue membership in the group. This was their idea and it’s been great so far.

1 Like

I run a community that involves sensitive content as well, and it’s always nerve wracking to get one of these emails. Just take a breath - it’s okay!

When members shout out things like HIPAA violations, they’re blindly flailing around. You’re not a hospital, or a doctor, or a healthcare provider so being aware of what applies and what doesn’t is important. (Even GDPR is overstated in many cases).

  1. I kind of agree with the above poster, who asked if you had informed consent of signing members up for another community? Thats a very slippery slope that your organization should revisit. The key is informed consent.
  2. It sounds like you’re able to target members for the new communities. Have you thought about a newsletter drip over many weeks that attempts to re-engage them on the prior community as well as to get them to easily transfer their account to the new community? This sounds like a missed opportunity, and one email is not as effective as many emails.
  3. You did the right thing by responding factually and professionally. The only thing I would add to a potential response (and you may already do this) is to bring up any engagement that may have occurred. You point out the positive of her prior engagement, refresh her on why she originally registered, and hopefully convert her back into a recurring member. I’ve saved many members just by asking in a very genuine manner why they wanted to leave when they’ve made such great contributions such as XYZ.

I agree with the others about the consent part. Moving the members into a group without their consent sounds a bit fishy.
Other than that, it probably just boils down to a misunderstanding. Not much else we can do, but to offer explanations to clear things up as best as possible.
I would advise, that if the account gets deleted, save some evidence for the slight chance there might be legal trouble. Being able to show which IP address registered the account at which time will be extremely useful in case there is dispute about who created that account.


@Jay_Pfaffman Yes, all the communities are under the same umbrella and she was already a member of another community for a different disease. Looking at this from a distance I can see why she was upset. After a few days, I found out that she also got an email alert when the moderator of the community started following her on the platform (kind of like twitter) and that freaked her out because the moderator had a strange profile pic.

Right after I joined her to the community I sent an email explaining the purpose of the community and why it was created and the basics about the community but she had already received an automatic welcome email that the action of joining her to the community triggered.

@Kathy We also offer many email opt out categories but after exchanging a few emails with her I could see that she didn’t have many computer skills or maybe it was a consequence of the disease.

@Kristen_Gastaldo, good idea about adding a permission to extend membership to new communities to the T&C accepting page. I’ll talk to the developers’ team to see how we can do that.

@rebeccabraglio We don’t use mailchimp but we’ll try to work on something similar

Anyway, we haven’t heard anything else from her but thank you all for your ideas and feedback!

1 Like