Vendors collaborate to build a central database to help victims of the Sept. 11 attack.
Even before Sept. 11, it was shaping up to be a bad year for Leslie Hunt. The CIO of the American Red Cross in Greater New York had her budget cut, costing her three positions and leaving her with an IT staff of 12 to support 430 employees. She faced further cuts as the economy continued to slow and charitable donations fell.
The staff at the New York chapter of the Red Cross is burning out due to a lack of resources, Hunt says.
Then came the terrorist attacks, and Hunt's agency suddenly found itself with 23,000 new clients needing assistance, a flood of donations, thousands of volunteers-and computer systems and applications that weren't designed to handle such a crisis. On top of that, many donors were outraged when they learned that their contributions might not go directly to victims and their families.
Not surprisingly, Hunt is feeling overwhelmed. "My people are burning out. They're putting their heart and soul into the work, but we can't do it all," she says. "We're struggling to keep up without enough resources. I don't remember our job application asking for superhumans."
Believe it or not, the Red Cross is lucky. Many charities' IT systems have even more limited functionality, and some of the smaller charities have no IT systems at all. As a result, these organizations are woefully unprepared to handle the flood of requests for help from people who lost family members in the attacks-or the $1.2 billion donated to help them. That's raised concerns that some families will get more aid than they need if they collect benefits from multiple charities, while others won't get anything because they can't navigate the bureaucracy.
To prevent that, New York Attorney General Elliot Spitzer shortly after the attacks proposed the creation of a central database to be used by dozens of charities involved in helping victims. The database could simplify and consolidate the assistance-application process, track who's getting assistance, cut down on fraud, and monitor the charities to ensure that the money they collect is being distributed properly.
"It's a phenomenal idea to better facilitate the laborious process to request aid," says Michael Hirschfeld, chairman of the 9/11 Tax Task Force of the American Bar Association. "No one wants to feel like a beggar filling out the plethora of forms required today."
Several IT vendors have rallied around the cause, promising to donate millions of dollars in hardware, software, personnel, and time. The vendors are waiting for the go-ahead from the attorney general, who's waiting for the charities to decide on a set of standards for how data will be collected and used. A dozen of the most prominent charities met last week with the vendors-IBM, KPMG LLP, McKinsey and Co., Qwest Communications, and SilverStream Software-to brainstorm proposed specs for the database and the attendant privacy and security protocols.
SilverStream has an emotional tie to the project, regional customer service director Mark Weislow says. The company had several clients in the World Trade Center and, until late August, had 40 people on a project in one of the towers. "We're so close to what happened," he says. "We donated money. This gives us a chance to donate our brains and our hands."
The vendors plan to build the centralized data repository during the next three weeks using an IBM DB2 database. Monique McKeon, an associate principal at IBM Global Services, will head a team of six to 10 people to do the first iteration. IBM's Warehouse Manager, a data-warehousing tool, will extract data from the IT systems at the Red Cross, Salvation Army, and Safe Horizon, a New York victims' assistance group. It will transform the data into one consistent format and load it into the database.
Qwest will provide the network and host the system. SilverStream's XML integration server, eXtend Composer, will let the database accept aid applications and grants, search the database for matches, and transfer information among the databases involved. "Since the database interface is neutral, we can plug into legacy, transitional, and Web-based systems," says James Jensen, regional business development manager for Qwest.
One problem: The nonprofit organizations don't collect data in a consistent fashion, yet all the relief charities must be able to use the database. The development committee decided to use a phased approach, starting with major charities such as the Red Cross that already have substantial benefits information stored electronically. The next step will be to roll out the database to smaller charities that have some online data and then to figure out a way to connect to those organizations that have no IT systems at all.
The charities have identified several pieces of data they need, including a claimant's address and telephone number, occupation, first language, type of loss, and benefits received. "It's important to ensure that people get the services they need, identify gaps in the service, make sure they're filled, and monitor how things are going," Hunt says.
Then there are other concerns-chief among them security and privacy. "We don't want anyone to be able to get in and deface Web pages or access data and corrupt it," SilverStream's Weislow says. "We'll put in levels of safeguards to maintain integrity." The attorney general's office plans to conduct a security review before the database goes live.
To complicate matters, charities are worried that other nonprofits might poach their marketing and fund-raising data, such as donor lists. "No one would want to share mailing lists of donors," says the Bar Association's Hirschfeld. That's why the database will contain only information about those eligible for assistance and disbursements.
"The key issue here is whether the personal information about the recipients is used fairly," says Jason Catlett, president of privacy consulting firm Junkbusters Corp. "If the charities want to check a recipient's information for eligibility, that's reasonable, but they must treat that information with respect and maintain its confidentiality."
One of the biggest obstacles is that most charitable agencies have IT systems that are generally much less sophisticated than those of for-profit businesses of equivalent size and scope. The challenges the Greater New York chapter of the Red Cross faces are typical. The flood of donations, volunteers, and requests for help has added up to a staggering amount of data that the agency needs to collect and organize using IT systems that can't communicate with one another. "We don't know if John Smith in health and safety is the same John Smith in the financial-services volunteer list," Hunt says.
But the Red Cross, like most non-profit agencies and charitable organizations, doesn't have a lot of spare change for IT systems, and few contributors want their money spent on computers and networks. The national Red Cross faced a public outcry when it said it planned to spend some of the money donated for Sept. 11 victims on operations, including new IT systems, and to set up a reserve fund for future disasters. After a storm of criticism, it canceled that plan last week.
Now Hunt doesn't know whether she'll get money to update her operations. Qwest's Jensen hopes the centralized database program will help to spur greater spending on IT. "I hope this will give momentum to IT projects already under way by nonprofits," he says.
The charities could use the help. For example, the Salvation Army relies on financial and donor-management systems that are about eight years old. They include J.D. Edwards financial software and BlackBaud donor-management database applications that run on an AS/400 server at the agency's eastern U.S. headquarters in West Nyack, N.Y. Field offices download the information via dumb terminals. An IT staff of four supports the agency's New York City operations, which include nearly 100 remote sites and offices, plus 300 workers in the New York division headquarters, Maj. Richard Gulley says. "These IT people are grossly overworked," he says.
The divisional headquarters, which is located not far from Ground Zero, lost its AT&T communication links on Sept. 11 and was unable to send data to West Nyack for several days. "This disaster pushed us into using the Internet," Gulley says. The agency plans to continue to use the Web to send data to West Nyack.
At the opposite end of the spectrum is Michele Weaver, Webmaster for the Twin Towers Orphans Fund, created by a volunteer group of about 40 public-relations professionals. Webmaster doesn't begin to describe Weaver's responsibilities-she's the entire IT department for the fund. The owner of a small Web-development firm in Bakersfield, Calif., Weaver has been working full time since Sept. 11 as an unpaid volunteer to set up and support the fund's efforts. She created a database using X-base software and a Pentium III PC, and a Web site that includes an online registry that contains the names of families and individuals who need help.
Meanwhile, many of the issues surrounding the Sept. 11 database are still unresolved. For example, once the database is operational, who will be in charge and how will it be maintained? The vendors and charities involved have already determined that staffing and maintenance will revert to the charities at some point. "We're building it to be as self-sufficient as possible," IBM's McKeon says. "We still have to figure out where it will live and who will maintain it." IBM will host the system until the group figures out those details.
"I see this as a 10- or 20-year effort," Hunt says, adding that there are still no firm estimates on the long-term cost of operating and maintaining the database.
Still, the centralized database is absolutely essential, says Art Taylor, president of the Better Business Bureau's Wise Giving Alliance, a national watchdog group that monitors charities for fraud and misrepresentation. "There's a host of needs these folks require, and organizations need to know what resources are going where," he says. "Everyone needs to be treated fairly. My hope is that the aggregated data will provide enough information to make wise decisions."
-- with Elisabeth Goodridge, Marianne Kolbasuk McGee, John Rendleman, and Rick Whiting
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.