Chief Operating Officer
National Council of Nonprofits
This week is Data Privacy Week. At a time when so much information is floating around the internet, data privacy has become a critical concern for nonprofits for many reasons. Your organization regularly collects and processes information related to donors, beneficiaries, staff, and internal operations. Maintaining the privacy of this data is crucial for building and retaining trust. Your constituents need to feel confident that their personal information is handled responsibly. Moreover, regulatory bodies (both in the U.S. and other countries) are increasingly tightening data protection laws, making compliance a priority.
The bottom line is to treat information shared by the people your nonprofit engages the same way you’d want your own information to be treated. How would you want your information protected by another nonprofit? What information would you be comfortable with them having? What would you be okay with them doing with that information? Let the answers to those questions guide your nonprofit’s data privacy journey.
Practical steps for data privacy
- Collect only what you need
Start by thinking about what information you need to collect to effectively serve your various constituents. Some information is helpful, so your organization can make data-driven decisions on your programs and target your fundraising efforts. Collecting more information than needed may make people less likely to share—and can make your nonprofit a target for those seeking to gain access to that information. - Adopt – and honor – privacy policies
Document and then clearly articulate and communicate privacy policies to all stakeholders. Be sure that your policies comply with all applicable laws – and review the policies annually to ensure continued compliance. Be sure to inform employees, donors, volunteers, and beneficiaries about how their data will be used, stored, and protected. This includes if/how that data may be used with artificial intelligence platforms. Transparency builds trust and helps the organization demonstrate its commitment to data privacy. But trust ends if the policies are not followed. - Educate staff, volunteers, and outside service providers
Even the best privacy policies on the planet are useless unless everyone with access to the data both know and follow the policies. Prioritize educating staff and volunteers who have access to information about the importance of data privacy. Remind them regularly so everyone remains sensitive and vigilant to protecting data. Training programs can cover topics such as secure data handling, recognizing phishing attempts, and understanding the organization's data protection policies. But always start with why it’s so important to protect the information your nonprofit collects. - Use a secure donation platform
Nonprofits heavily rely on donations, so securing online donations is paramount. Utilize trusted and secure payment gateways, encrypt donor information, and implement multi-factor authentication for access to financial data. - Don’t buy or sell lists
One of the most common complaints we hear at NCN is about how someone donates to one nonprofit and are suddenly inundated with appeals from a dozen more. Buying or selling contact information is one of the fastest ways to have someone declare that they’ll never donate another dollar to your organization again.
As your nonprofit navigates the evolving digital landscape, the importance of data privacy cannot be overstated. By centering those whose data you collect and protect, your nonprofit can earn and maintain the trust necessary to effectively serve your community.
Resources
- Online Privacy for Nonprofits: A Guide to Better Practices (Electronic Frontier Foundation)
- Is Our Data Ours Anymore? (TechSoup)
- What Nonprofits Need to Know About State Data Privacy Laws (Nolo)
- Respect Privacy (National Cybersecurity Alliance)