Nonprofits Must Protect Donors’ Information
Simply put, data security is essential for maintaining donors’ trust. If a data breach results in donors’ personal or payment information being compromised, it could take a nonprofit years to recover from the hit to its reputation.
There are a number of steps that nonprofits should take to protect donor data. Charities can restrict access to only those within the organization who need it, and use password managers and multifactor authentication from providers like Azure and RSA. They should also ensure that third-party payment processors comply with security best practices.
Nonprofit websites must have SSL certificates and should adopt a defense-in-depth strategy that incorporates tools like anti-virus, anti-malware, firewalls and intrusion prevention systems. Finally, global charities must comply with General Data Protection Regulation (GDPR) rules, and should take advantage of risk assessment tools and other solutions to do so.
When Can Donor Data Be Shared?
Nonprofits often have an opportunity to earn revenue or gain access to new donor lists by selling or sharing their own donors’ information with others, but doing so can come at a steep price. Donors may feel turned off — or even downright betrayed — if an organization shares their information with other charities. The nonprofit fundraising site Raise-Funds bluntly calls it “bad practice” for nonprofits to give away their donor lists, and says it’s “even worse” to sell them.
CharityWatch reports on nonprofits’ donor privacy policies, sorting them into one of the following three categories: those with a no-sharing policy, which never exchange donors’ information for third-party fundraising or marketing; those with an opt-in policy, which do not share information unless donors explicitly grant permission to do so; and those with an opt-out policy, which reserve the right to share information unless donors ask them not to.