Today’s nonprofit donors have come to expect total transparency when it comes to their gifts. They want to know how their donations are being used and ensure they are being used properly. Donors also presume that their data will remain safe and confidential when they contribute to your nonprofit. Balancing these two elements is crucial in maintaining donor confidence and trust.
Because donors have justifiably high expectations for data privacy and transparency, your nonprofit must determine how best to describe your impact without exposing sensitive information. Donors are more likely to maintain or increase their loyalty to your organization if they understand that their information is secure and the outcomes of their financial support. retention. In this guide, we’ll review how your organization can both secure donor trust and further stewardship efforts by balancing your approaches to both of these best practices.
1. Understand & Abide by Data Privacy Regulations
It’s hard to comply with regulations that affect your nonprofit’s donor management operations if you don’t know about or understand their ins and outs. Staying abreast of current rules and proposed new regulations is critical, and ensuring your team has a solid understanding of them will help inform any necessary updates to policies and procedures.
You’re likely already aware of the main data private regulations that are relevant to nonprofits: General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Payment Card Industry (PCI) Data Security Standards. These rules have been on the books for a few years, and your nonprofit should have processes in place to ensure compliance. That being said, it’s a good idea to review your processes on a regular basis. 360MatchPro suggests these practices for adhering to data regulations:
- Collect the minimum amount of data necessary for reporting on impact
- Be transparent when informing donors of how their data will be used
- Obtain donors’ consent before collecting information
- Implement strong security measures by using PCI-compliant donation processors
When communicating with donors, ensure you validate their desire for and right to data privacy. And perhaps more importantly, honor their wishes if they choose to remove unnecessary data from your system.
2. Institute a Clear Privacy Policy
Putting a privacy policy in place allows your nonprofit to standardize how your organization approaches data privacy and underscore your commitment to donor data security. The policy should be clear, direct, and accessible to donors.
Here are suggestions for creating an privacy policy for your nonprofit that still allows you to report on fundraising impact:
- Thoroughly explain the data you need to collect from donors and why it’s crucial for fundraising success
- Describe how donors can access their individual data your organization has on file for them and how they can make changes, if necessary or desired
- Outline how donors can give or revoke consent to collect data (opt-in and opt-out options)
- Provide data sharing options so each donor can choose the data they want and don’t want made public (for example, if a donor wants their donations to be anonymous)
- Explain the data regulations your nonprofit is complying with and how donors can learn more
Ultimately, your privacy policy should support the idea that your nonprofit will responsibly share fundraising data, redacting personal information when requested. For instance, let’s say you just hosted a charity golf event and several individuals made large donations and wish not to be identified. Your event impact report can describe the fundraising and mission fulfillment outcomes of the tournament without including any identifying donor information.
3. Use Secure Fundraising Management Software
Using fundraising software that prioritizes security is key to preserving donor data from breaches or security risks, particularly if you use the software platform to process payments. Why? Because financial information is the most sensitive data provided by donors, and is most often targeted by hackers.
As your nonprofit chooses a software solution, use these tips for gauging the platform’s commitment to data privacy and reporting fundraising impact:
- Understand how the platform generates fundraising reports and if they can be customized in order to not display redacted donor data
- Check for data encryption standards and compliance with the aforementioned regulations
- Read and evaluate the software company’s internal privacy policy
- Evaluate the software’s access and security controls, such as two-factor authentication
- Analyze how it maintains data quality and hygiene standards the data reflected in the reports is as accurate as possible
If you use a standalone event management platform for your fundraising events, it’s a good idea to hold it to the same standards as outlined above. Continuing with the charity golf tournament example from above, the management platform you choose should be compliant with PCI standards for processing golfer registration and sponsorship payments, and have the ability to customize event reports to adhere to privacy standards.
Next Steps
Whether you’re hosting a year-end donation drive, Giving Tuesday campaign, or your annual charity golf tournament, donors need to understand how their support contributes to your organization’s wellbeing and mission fulfillment. The tips outlined in this guide will help you gain the trust of your donors to be responsible stewards of their donations without compromising data privacy and disclosing donor information. As you roll out changes designed to balance data privacy with fundraising transparency, be sure you ask for donor feedback about your approach. Listening to their concerns demonstrates a commitment to their needs now and in the future.
Comments
Questions or comments? Join the conversation!