10 Ways Nonprofits Can Protect Digital Privacy

Presently, many nonprofit organizations are still navigating what the overturning of Roe v. Wade means for them on multiple levels. While laws may vary from state to state, the role of activism, volunteering, and offering financial support to institutions that continue to fight for bodily autonomy will be more crucial than ever.

With that in mind, here are 10 ways organizations can protect sensitive personal data for donors, volunteers, and the people they service:

Whether you’re a CEO, manager, or volunteer with an organization, everyone uses email. For nonprofits, a well-thought email campaign is a powerful tool for reaching donors and prospective volunteers.

However, with great power comes great responsibility. You’ll want to make sure that subscribers (and those that have unsubscribed) have their email addresses protected, and also be sure that donor information (including names, home or business addresses, emails, IP addresses, and credit card info) isn’t leaked online.

To preserve confidentiality and PII when using email:

If you plan to use an email client, look into their policies around data security and privacy.

Truly sensitive information (such as credit card info or other forms of PII) should never be shared in an email in the first place. Rather, it should be submitted via an encrypted form.

Safeguarding PII isn’t just an issue for your organization’s IT department. It’s the responsibility of everyone involved – from the front office to the front lines. Establish clear policies to help safeguard information and convey this during any onboarding process.

To ensure administrative best practices for handling access to data:

If someone doesn’t need access to relevant data, don’t give it to them. That includes the CEO.

PII and pertinent data should only be shared with those who are directly involved on a need-to-know basis to prevent leaks.

Make sure that person understands the technology used by your organization and is responsible for change management. This could be multiple people, if you have a large team.

6 – Don’t store passwords or API keys on your computer. Use a password management app instead.

If you’re sharing passwords to access online resources across a large organization, you may leave yourself vulnerable to that information falling into the wrong hands.

Additionally, if your budget allows, consider issuing secure laptops for company use only and leverage remote management of team computers. This will allow computers and permissions to be turned off when a person leaves as well as releasing security patches as needed to the whole fleet of laptops.

Making sure email communications are encrypted and free from sensitive, confidential information is crucial to keeping donor and/or volunteer information safe. Additionally, you’ll want to work with your IT team or computer network administrator to inform those within your administration to enforce best practices coupled with installing protocols for data usage at an administrative level.

To safeguard sensitive PII from accidentally getting leaked online:

It may be tempting to want to keep old donor information languishing in your database in case you may want to reach back out at a later date to gauge interest. However, avoid storing personally identifiable information and only store it when absolutely necessary.

Work with your administrative and/or IT team to develop policies around a reasonable timeframe to purge old donor and volunteer information, and what constitutes proper PII usage.

Make it a policy to protect information of these individuals, as well as anyone who may have unsubscribed to your organization’s communications.

Chat with your IT or web team to be sure this is not happening and to stay on top of scrubbing PII from URLs to protect donor and/or volunteer data.

For pro-bono and nonprofit organizations, having a team of individuals with a background in Analytics and proper data storage will be mission-critical in staying up-to-date on the protocols and legalities associated with keeping donor data safe.

There are a few ways to help fill that void.