Safeguarding Your Nonprofit’s Donor Data Pays Off

June 19, 2020
10 minutes

There it is—the dreaded online query asking for your full name, email address, phone number, and your first-born child’s social security number. Okay, maybe not that last one, but you get the gist. We all run into this scenario every day, whether we’re being solicited for our personal details, or we're the ones asking for the info.

In September of 2017, when a major credit reporting agency announced a massive, widespread security breach, the personal information of millions of consumers was compromised. More than just a minor “oops,” this massive security breach left these consumers vulnerable to identity theft. The crowning blow? These same individuals (143 million of them) had, for the most part, not even voluntarily surrendered this information.

As a nonprofit, you’re not just asking for donations—you’re asking for information to understand who your donors are, where they live, why they care about your mission, and the likelihood that they'll continue supporting your cause over the long term.

Recognizing donation patterns is key to the longevity of your organization. So, how do you create the trust necessary for your supporters to share their information?

Transparency is key

For starters, be upfront with your donors about why you need their data and how it’s being used. Transparency is key when it comes to the sort of information you’re soliciting from your supporters. How to accomplish this? Simple: add a privacy policy that is clearly outlined in plain language on your donation page. You can write your own or use a nifty online tool like Shopify to generate a privacy policy for you. And, because we don’t want to engage our supporters in an online scavenger hunt (as fun as that might be), the privacy policy should be easy to spot on your organization’s website.

Your donors aren't commodities

Next, we know nonprofits are in the same boat as they work together to achieve great things, but trading or selling donor information to other organizations is a surefire way to lose donors’ trust. If your supporters feel their information is being passed around like ninety-nine bottles of beer on the wall, it might lead them to believe their passion for your cause—the very same passion that prompted them to take action—has been cheapened and commodified. This is why keeping your nonprofit’s donor data not-for-profit actually pays off, because you’re preserving trust in the relationship. If you really want to connect your donors with other like-minded organizations you think they might care about, just ask for permission first—simple as that!

The one time it's cool to keep it complex

And while transparency with your donors is vital, the security of your own internal systems is equally paramount. In an age of unanticipated Google data breaches and scores of websites urging you to change your password at every turn, having robust donor data protection is more important than ever. Some measures you can take include:

  • Securing your systems. Having strong internal security policies like requiring your team to have those intricate numbers-and-symbols-and-“Oh dear, was that a capital T?” passwords that are nearly impossible to remember is key. The easiest, safest, and best way to ensure internal credential security is a password vault like LastPass. P.S. LastPass has an amazing tool for generating really, really complex passwords.
  • Utilizing multi-factor authentication to protect those newly-complex passwords at all costs. Want to ensure the person logging into your system is who they say they are? Google Authenticator is a quick app that generates a random code that gets sent to your device and voila—you’re in!
  • Masking your donors’ identities (if applicable). Does your organization have a sensitive mission with a high number of donors who prefer anonymity? You might want to give those supporters the option to mask their identities... and then make sure to uphold that anonymity when storing their data.

We know some of these tips might seem pretty basic, but you wouldn't allow someone to simply walk into your office and start using your systems. So don't make it easy to stroll into your digital environment. Likewise, don’t write down passwords, turn your computer off when you leave the office, and if you have to share computers amongst colleagues or volunteers, set up individual user accounts for each team member.

While it’s true there are many painstaking measures we can take to secure our data, privacy is a progressively eroding notion… a bygone thing of the past, if you will. Your phone might as well be a you-shaped pinpoint on a map, while your up-to-the-minute social media accounts are chronicling the latest in “What I did at 3:57 PM on Tuesday the 3rd.” Because we live in a world where technology is constantly advancing and our personal data is always up for grabs, one very massive entity has officially put its foot down on a much larger, more legal scale.

Choose Funraise

No, seriously. While no one is immune to online transaction fraud, Funraise offers several strategies to mitigate the risk.

  • Rate Limiting and IP Banning
  • Machine Learning Fraud Prevention
  • Google reCaptcha
  • Gateway-level Fraud Prevention
  • Human Monitoring

This may sound like a list of nonsense words, but it represents a small army of people and tools protecting your organization from fraudulent transactions—when you choose Funraise, that's the kind of support you can expect. Learn more about how your fundraising technology can protect you against transaction fraud.

One small step for privacy, one giant leap for humankind

...or at least the 50% of the population with internet access, which is still about 3.2 billion people.

In May of 2018, the European Union implemented the GDPR—short for General Data Protection Regulation—a groundbreaking law that requires protection of all EU citizens’ personal data. This regulation brings together data privacy regulations across Europe and requires all companies within the EU, as well as companies outside of the EU that handle the data of individuals located within the EU, to comply, protecting sensitive details like an individual’s name, home address, health records, income data, and more.

While many U.S. companies with EU customers (meaning almost any company that operates online!) are now required to follow suit and comply with this regulation, the million-dollar question is: Will this pave the way for U.S. regulations protecting our personal information? And, will this simply breed new and more advanced ways to seize our precious user data? Only time will tell… meanwhile, keep your data under metaphorical lock and key.

Start For Free