Nonprofit Privacy: What You Should Know
Just like for-profit companies, nonprofits have access to a lot of private information. From IP addresses to personal phone numbers, there’s a lot of data floating around, and people are more aware of it than ever. While collecting data can be expected, your supporters want to know that you’re serious about protecting their information.
You want to be seen as trustworthy and secure by donors, volunteers, and employees alike, which means giving some real thought and attention to your privacy measures.
Before you write or design privacy procedures, it is important to identify what sensitive information you may actually collect. Think about what data you get, how exactly you acquire it, how you use it, how you store it, who has access to it, and how long you keep it. Answering these questions will provide the groundwork for the policymaking to follow.
Your privacy policies will likely see a few rounds of revision as well as consultation with a lawyer, so at some point (now), you’ve just got to start writing. Focus on keeping your language clear and avoid industry jargon where you can. Write for your average reader. Be clear--tell your users what information you’re collecting from them, and, if this changes, don’t forget to update your policy. Don’t just copy and paste from another organization--write a policy that is specific to you and your supporters.
Make sure you provide all necessary information, including what kind of data you’re collecting, why you’re collecting it, how you’re collecting it, and what you’ll do with it. Let people know if the data identifies them or keeps them anonymous, and if you’ll be sharing it.
Consider allowing users to opt-out of less critical data collection if you can, and make it easy for people to unsubscribe to your newsletter. These things reassure users that you’re looking out for them and offer a level of service they’ll likely appreciate.
Check with legal
In addition to running your policy by a nonprofit lawyer, you may want to consult a legal professional regarding any laws specific to your industry or location. If you deal with medical records, things like HIPAA can set regulations regarding policy that you’ll have to abide by.
Make sure your privacy and legal notices are public--many companies do this by placing a link in the bottom of their webpage. Consider linking it from high trafficked areas like your homepage or your donations page so that everyone who is interested can find it. Be as transparent as possible.