Privacy and the Nonprofit
Nonprofits very often serve vulnerable populations within the community, which means they’re consistently handling private data. They’re also finding new ways to utilize technology to help increase efficiency of sometimes very small staffs, which puts data at an additional risk. Often, for profit companies prioritize profit over privacy, though increasingly stringent privacy laws can mandate their compliance.
But what about nonprofits?
A cultural shift
For nonprofits, the shift toward data protection is more cultural than anything, and because of this, it is more possible in smaller organizations--i.e., nonprofits. To help protect data and privacy of all sorts, it is important to develop a culture that values it. Nonprofit employees should understand the implications better than most, because they’re not cogs in a corporate machine. Instead, they’re dedicated individuals driven to serve populations that need their help the most.
Protecting data isn’t as simply as securely storing social security numbers, so it is important that organizations continue to interrogate their practices. Sharing email addresses, especially for profit, can be a violation of privacy. Donor lists that characterize donors in specific ways can violate privacy. Storing unnecessary information on clients or donors can violate privacy. When organizations continue to reflect on their own processes, they ensure a more ethical way of conducting business.
Consider getting formal
Many nonprofits, especially when they’re on the small side, feel like formal policies and procedures are over the top and unnecessary. Increasingly, this is not the case. Just as you have a policy for paid time off, you should have a policy for protecting the private data of employees, donors, and the people you serve. You can research and write the policy yourself or meet with an expert who can help you draft a policy that gives you credibility in your community. They’ll be able to ensure that you’re adhering to any state or federal privacy standards, as well as draft a document that meets your specific needs and goals.
The bottom line
Your organization is going to collect data, and that isn’t necessarily a bad thing. What you choose to do with it after is where you establish yourself as an ethical, privacy-friendly company or one that carelessly (and needlessly) handles the data of people who support you and those you serve. By setting and abiding by your own rules, you ensure the longevity of your organization, and protect yourself against potential pitfalls. In a society in which privacy is becoming increasingly important, being aware of such things isn’t a luxury--it is a necessity.