{"id":20319,"date":"2024-02-02T15:04:54","date_gmt":"2024-02-02T15:04:54","guid":{"rendered":"https:\/\/takenoquarter.com\/?p=20319"},"modified":"2024-02-02T15:06:51","modified_gmt":"2024-02-02T15:06:51","slug":"3-tips-to-protect-your-donors-data","status":"publish","type":"post","link":"https:\/\/takenoquarter.com\/3-tips-to-protect-your-donors-data\/","title":{"rendered":"3 Tips to Protect Your Donors’ Data"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Each time someone signs up for an email newsletter, donates to your organization, or registers for an event, they are entrusting you with their personal data. Outside of the regulations you legally need to follow when handling data, there are many ways that you can further protect your donors’ personal information and build trust. Some, in fact, might be required by law in your jurisdiction. Check with your legal advisor to be sure.<\/p>

Here are three tips to help you improve data protection at your nonprofit \u2014 all while giving donors more agency over how you use their information.<\/p>

1. Establish a Data Protection Policy<\/h2>

If you don’t already have one, be sure to\u00a0create a policy that outlines how you will use the personal information<\/strong>\u00a0people give you when they donate to your organization. Depending on where you operate, you may be legally required to publish a privacy policy and conform to certain data privacy standards.<\/p>

Your privacy policy should clearly explain why you need a person’s information, what you’ll do with it, who you share it with, and how long you’ll store it. This document should answer any questions and concerns your donors might have, explaining your reasons at every step, and it should be easy to understand.<\/p>

If you need to comply with a regulation like\u00a0GDPR<\/a>, your privacy policy may need to contain some specific details, like your “legal basis” for retaining and processing personal information. We’re not lawyers, so be sure to consult with competent legal counsel on how various privacy laws apply to your organization.<\/p>

2. Consider the Information You Store \u2014 and Where You Store It<\/h2>

When building your policy,\u00a0think about what data you’re storing and why you’re retaining it<\/strong>. In order to build trust with your donors, it can be helpful to mark any nonessential information as optional.<\/p>

You can also limit how long you store donors’ information and who has access to it. As part of your policy, you might include a clause saying that you’ll delete donor information after a certain period of time.<\/p>

In addition,\u00a0try to limit who has access to donor data<\/strong>. Provide access only to those who need it to do their job and review access privileges regularly. The fewer people who have access to sensitive data, the less likely it is to be stolen in the event of a cyberattack.<\/p>

Finally,\u00a0think about\u00a0where<\/em>\u00a0you’re storing donor information<\/strong>. If you have the budget to do so, consider moving away from storing member information in spreadsheets and adopt a customer relationship manager. Spreadsheets are not secure. They’re also challenging to manage and make it difficult to track who has access to what information.<\/p>

Spreadsheets may also present compliance headaches. If you need to comply with GDPR, for instance, you need to be able to\u00a0delete a donor’s data upon request<\/a>\u00a0\u2014 a difficult task if you have a donor’s information stored in multiple spreadsheets. If you’re storing it in a central database like a\u00a0donor management database<\/a>, you’ll have a much easier time managing your donor data and tracking who has access to it.<\/p>

If you must use spreadsheets, store them in a secure place and control who can access them. An encrypted cloud storage solution like\u00a0Box<\/a>\u00a0can be useful for this sort of purpose.<\/p>

GET BOX<\/a><\/span><\/span><\/p>

3. Evaluate Staff Account Security<\/h2>

In order to further secure your donors’ personal information, take a look at your protocols around staff and volunteer user accounts.<\/p>

Start with strong passwords<\/strong>: Use longer passwords and mix in uppercase and lowercase letters, as well as numbers and symbols. Each of your accounts should have a different password, especially those that hold sensitive data. If you have strong passwords, you don’t need to change them regularly, but\u00a0security experts say<\/a>\u00a0to change them if you ever suspect that they’ve been stolen.<\/p>

To keep track of your passwords, use a password manager like\u00a0Dashlane<\/a>. This creates and updates complex passwords for you while enabling autofill so you don’t have to reenter them each time.<\/p>

But there are things you can do beyond good passwords. To start,\u00a0use multi-factor authentication wherever possible<\/strong>. This requires your staff to verify their identity when they log in to your systems, usually by entering an alphanumeric code that they received via text message or authenticator app. This makes it more difficult for a cybercriminal to access your systems, even if they get hold of an employee’s login name and password. Most popular online apps and services support some form of multi-factor authentication.<\/p>

Second,\u00a0look into using single sign-on<\/strong>. With single sign-on, your staff and volunteers get one username and password that they can use to log in to many different systems. This means fewer usernames and passwords for your team to remember. It also means easier account administration and enhanced security: If a staff member’s account gets hacked, you can revoke access to all your systems that use single sign-on, all at once.<\/p>

Eligible TechSoup member organizations can get 50 free licenses for\u00a0Okta’s single sign-on and user management solutions<\/a>.<\/p>

GET OKTA<\/a><\/span><\/span><\/p>

Prioritizing Data Protection<\/h2>

Learning about and implementing robust data protection measures at your nonprofit is one of the best ways to build trust and reduce the risk of data loss in the event of a cyberattack. Consider how you store your donors’ information and how you protect it, and ensure that you have a clear policy detailing how their data will be used.<\/p>

Additional Resources<\/h2>