[Editor’s note: This article was provided by Blackbaud, a maker of fundraising software. Blackbaud is a PJ business partner.]
Bucky Wall and Jake Marcinko
Data security issues have garnered a great deal of press lately.
So far in 2009, at least three credit-card processors, a major airline carrier and several government agencies have been involved in the compromise of sensitive personal information.
Over 100 million records containing Social Security numbers, bank accounts, health-care details, and age, gender and other information on individuals has been lost.
However, while there will likely be a great deal of fallout from these incidents, the fact remains they will have little impact on these organizations’ bottom line.
The reasoning for this has to do with the nature of the relationship the organizations have with the individuals they serve.
Rarely do government institutions and business-to-business companies have personal relationships with customers.
However, the relationship between most nonprofit organizations and their donors is different.
Charitable business transactions aren’t about buying, they’re about giving.
Donors are making a personal investment – in time and money – into a charity’s mission.
Therefore, to ensure revenue streams remain intact, nonprofits must go the extra mile to make sure their donors’ information is protected.
Here are some ideas every nonprofit should consider:
* Know what information your organization collects and why.
* Only collect information you need.
* Make sure you can justify why you collect certain data.
* Make sure that any third-party collecting data on your behalf complies with mutually acceptable policies and procedures for securing such information.
* Only use the information for the purpose for which it was collected.
* Put yourself in your donor’s shoes: Donors who gave once probably wouldn’t expect you to keep information about them.
* Limit the number of people who have access to sensitive data.
* Remove parts of the data that are not needed.
* Don’t allow sensitive data to be in view of all staff or publically on your website.
* Be aware of laws that might provide access to information that you or your donor didn’t intend on sharing.
* Only store the data you need for the reason you collected it. If you don’t need it, get rid of it.
* Limit the number of places you store sensitive data.
* Only store sensitive data where it can be secured, physically and technically.
A big part of this is the creation of policies and procedures around sensitive data.
Having these policies not only protects your donors, but protects your organization as well.
This means developing a plan should any sensitive data become breached, including information that is free and open to all, and information you would not want out there for public consumption.
Bucky Wall is director of corporate readiness and Jake Marcinko is manager of information security and monitoring at Blackbaud.