Data Security

Having a donor privacy policy on your site is a must for nonprofit organizations collecting donor information online. But having a privacy policy doesn’t necessarily mean you’ve got the whole privacy issue taken care of. The Cleveland Museum of Natural History has a donor privacy policy and bill of rights posted on its Web site. But Bill Lynerd, chief development officer of the museum, says one thing that’s recently come up for the institution is the question of whether or not it’s a privacy issue to post its annual report — along with the names of donors who contribute $15,00 or more a year

Knowing personal information about constituents in the online sphere allows organizations to provide visitors with more personalized and meaningful communications and services. But with this benefit comes the danger that the personal data you collect could be misused or its security breached. Donors know the dangers inherent in providing an organization personal information and will be reluctant to do it unless the organization can ensure them of its safety and intended use. In the whitepaper “The Growing Concern for Privacy Online” for the National Association of Colleges and Employers Technology Committee, authors Judy Applebaum, Shirley Marciniak and Paula Quenoy recommend that all “Web

Whether you’re dealing with customers, members, donors or clients, keeping their personal information private, especially in the seemingly insecure environment of the Web, is a key concern. One way to reassure donors that their personal information is secure is to include a privacy policy on your Web site that lets them know things like what information you collect, how that information is used, what happens with cookies, the opt-out process and who to contact with questions about privacy issues. The No. 1 tip offered by the Direct Marketing Association when it comes to constructing a privacy policy is to keep it simple. The

 OK, OK, I’ll admit it … my mother was right — but, please, don’t tell her!! Turns out that some of the lessons she taught me can apply to the ethical collection and use of personally identifiable data, and other privacy issues. Here’s how: Lesson ONE Don’t talk to a person about something affecting them if they did not personally tell you. Always make sure that you collect information from constituents in an opt-in manner and give donors ample opportunities to help you collect this data. A good example of this is using check-off boxes on event-registration forms,

Through a program called Free is Free, e-mail security software is free for the taking for nonprofit organizations small and large that provide things such as food, medicine, shelter, emergency services and education to children in need.

The program is being offered by Newburyport, Mass.-based e-mail security company Declude. It was inspired by an encounter that Declude CEO Rich Person had with Pennye Nixon-West, founder of ETTA Projects, a Seattle-based organization that provides education, economic opportunities, food and health care to help Bolivian mothers feed their families and escape poverty.

Individuals in today’s workplace, whether nonprofit or for-profit, often make two common errors when thinking about privacy and information security. First, people tend to think of information security as a technology problem — making it all about firewalls and encryption. Designing a truly secure information-handling system instead requires a holistic approach that uses technology components but that first must address business processes, policies and, most importantly, people. Many serious and successful hacking attempts begin with what hackers refer to as “social engineering” — they compromise the human components of the information system rather than the electronic ones. Second, people often think of information

The white paper “Striking a Balance: Privacy and Data Protection Strategies for Higher Education” by Trusted Network Technologies and made available by Knowledgestorm looks at the challenges universities face in protecting the privacy of their faculty, staff, students, alumni and donors while making their information available to those who need it. From February 2005 to June 2006, there were 68 breaches of personal digital information at U.S. universities and colleges, the paper reports. In the face of this negative publicity, colleges and universities are faced with the challenge of maintaining the trust of alumni and donors, as well as students, parents and faculty. Trusted

“Collection of personal information is at the very foundation of a nonprofit’s success, for sure, but they also have the duty to protect that information.” This according to Katrin Verclas, executive director of the Nonprofit Technology Enterprise Network, a San Francisco-based professional community that connects people involved in nonprofit technology. Nonprofits collect all sorts of private information about their constituents, such as their home addresses; home phone numbers; work phone numbers; e-mail addresses; and details about their interests and family status, etc. Having that information is extremely important for any kind of nonprofit success and effectiveness, Verclas says. The more you know

Every day we hear about the lack of trust between nations, between citizens and their governments, between employees and customers, customers and corporations, and between individuals. Advances in technology have aggravated the problem by making it easy for individuals and organizations to steal or misuse sensitive information.

More than 50 million consumers have had their personal data compromised this year, a statistic grim enough to elicit spasms of paranoia in donors’ hearts about identity theft, data security and privacy. But, in reality, there have been few cases of privacy infringement reported in the nonprofit world — not enough to spawn a skittish donor pool.

It does, however, raise two important questions for nonprofit fundraisers. First, with the explosive growth in data collection and compilation, to what extent is it moral, ethical or legal to mine data on potential donors? And secondly, what proactive measures can be taken to safeguard donor privacy?