In 1999, the CEO of Sun Microsystems said, “You have zero privacy… Get over it”. In 2010, Mark Zuckerberg stated that privacy was dead. I think Zuckerberg must feel a sense of irony with what he’s experienced this year over privacy and the transfer of Facebook users’ information to Cambridge Analytica. I think it’s fair to say that this year, privacy has been a hot-button topic.

I’m not sure where things will ultimately end-up, and there’s a good chance that, in fact, privacy as we knew it is finished. In fact, I think that may already be the case, but there is a distinct tension between privacy and sharing. We continue to share, willingly, our information on social networking platforms and browsers, such as Google, continue to track us all over the internet.

And, despite the General Data Protection Regulation, which was set into law in Europe, but affects American companies and nonprofits as well, you’ve probably noticed by now that corporate lawyers have already figured out how to get around it. Mostly, you agree to tracking, or whatever else they have explained in their Terms of Service, or you won’t be able to use the platforms that will provide you the news, allow you to shop or entertain yourself. That went well.

Donor Privacy

The dirty little secret in the nonprofit sector is that many nonprofits have donor information, including that of volunteers and supporters, but they have not taken the necessary steps to ensure that information is not stolen. They also do not take the time to inform people about how their data is used, which is something that everyone with a site on the internet should do. Nonprofits have information such as names, addresses, emails, birthdates, credit cards, social security numbers (especially those organizations that have volunteers who go through background checks), telephone numbers, etc. It doesn’t take a genius to see how this information can be used in ways that are not appropriate.

In fact, a colleague of mine who worked in the nonprofit sector as a fundraising consultant told me not too long ago that when she’s raised the issue of privacy, many nonprofit leaders have said to her they were unaware that donor privacy is such a priority to donors. They’ve expressed their support for transparent public privacy policies but have had no idea that they should have terms of service or donor privacy policies that are easily accessible on their websites, for instance, that explain what they do with data. Candidly, I don’t know how that can even be a credible thought in today’s world.

Data and Nonprofits

Most donors should know or understand that when they’re giving their information to a nonprofit, there is a likelihood that their name and information is sold. Some nonprofits do this as a matter or revenue because they earn money for the names and data that they sell to brokers. If you work at one of the many organizations that sell donor data to brokers, as a point of integrity and ethics, you should clearly state that information for donors in your donor policy information.

Additionally, in recent years, criminals have picked up on the fact that nonprofits can be a wealth of information and it can be reasonably easy for them to crack the “safe” open. And, to make matters even more concerning for nonprofit donors is that there have been instances when donor information has been criminally compromised, and it’s been decided not to make the information public for fear of causing donations to dry up.

Protecting Data

Nonprofits occupy a unique position in our society, and it often comes with tax-exempt status, mostly, because of the work they do in improving the lives of people in a community. Because of this, nonprofits should provide a few minimum standards of information to make sure they are operating with integrity and ethics when they accept donor and volunteer information.

  • They can remind people who input their identifying information into their websites to remember to delete the web “cookies,” which are files stored on a person’s computer, which link back to the site visited. Clearing this information will remove any remnants of names, addresses, credit card information, etc. from the web.
  • Nonprofits should create and publish a “Donor Privacy Policy,” which tells donors how donor and supporter information will be used. A simple example is provided by Charity Navigator.
  • Publish “Terms of Service.” Take a look at samples from leading nonprofit organizations. You can also look at an example from National Council of Nonprofits or TopNonprofits.

The reality is that every nonprofit–regardless of size–should have a donor privacy policy and terms of service that can be quickly reviewed on their website. If your organization doesn’t have the basics done, there’s no reason you should expect people to support your group. There are likely plenty of charities that do demonstrate transparency and should be rewarded with fundraising dollars.