Does the amount of data your nonprofit collects from donors, members, and other supporters worry you? It should. If you have big data, you have big worries, as well as responsibilities. An important part of nonprofit financial management is securing and managing the data that your nonprofit collects so that you safeguard the interests of all.
You Collect More Data Than You Think
At first glance, you may think you don’t collect all that much data. Sure, you’ve got a mailing list on file of people interested in your nonprofit’s work, and email addresses for that monthly newsletter to send out, but doesn’t everyone?
Consider how people donate to your nonprofit. If you accept credit card donations over the internet, website security becomes critical to prevent criminals from stealing data from your donors. Passwords may also be important if you have a member-only area on your site where you host forums. When you really sit down to analyze your organization’s data collection methods, you’ll quickly realize that you’ve got more data than you initially thought.
Keeping Data Safe: Creating a Data Ethics Policy
Register for this Webinar Now: The New Roadmap for Nonprofit Finance
Many organizations are creating their own data use and security ethics policies to help safeguard customer privacy and maintain the high level of trust they’ve worked so hard to build with their constituents.
To create your own organizational data ethics policy, follow these five tips.
- Establish data-use goals: Knowing exactly why your organization collects data, and the use to which you will put it in the future, is the starting point for a data ethics policy. You’ve got to know the reason why you’re collecting the data in the first place to establish guidelines about its use. Some common reasons for collecting customer data include future marketing, such as requesting that interested people sign up for your email list so that you can send them donation solicitations later.
- Create a privacy policy: Privacy policies are ubiquitous on websites but an important part of your data security and ethics work. You can create a privacy policy in several ways. There are privacy policy generators online that help you build a simple boilerplate privacy policy for your website. You can also ask your legal counsel for a recommendation. Once you create your privacy policy, post it online.
- Assess the risks: Take a data inventory to understand exactly what data you have stored and what the risks are of maintaining it. Know what you have to work with, how and where it is stored, and who has access to it. Lastly, determine who controls access to the data and the steps your organization has taken to safeguard it.
- Add safeguards: Every day it seems that hackers have found new ways to break into websites and steal personal information from customers. It may be worthwhile to consult with an internet security expert to make sure that your website and network have the latest security safeguards in place. Updating software and plugins for websites, adding Akismet to WordPress-based sites to screen for virus-filled spam, and using other simple measures may go a long way in preventing theft and security breaches.
- Conduct due diligence: If third parties have access to your data, such as mailing house or email service providers, do you conduct due diligence to ensure that their safety procedures match or exceed your own? Few organizations give much thought to who in other companies may use or access their data. Make sure that you have steps in place to screen companies and understand their data security policies. Common third-party vendors who may access your data include marketing agencies, mailing list companies, list brokers, email service providers, and fundraising organizations.
Nonprofit Financial Management: Data Security Policy
Once you have the basic information about your current data collection and use, formulate a general ethics policy and procedure document that can be shared throughout your organization. A little work now will come in handy later if the unthinkable happens and you have a data breach on your hands. Your constituents will thank you for taking extra steps to safeguard your data.
Financial Advice and Assistance for Nonprofit Organizations
Beck & Company Certified Public Accounts and Business Advisors specializes in nonprofit financial management, nonprofit accounting audit services, and issues pertaining to the world of nonprofits. We have extensive experience helping nonprofits of all sizes achieve their mission without sacrificing margin. Contact us for more information.