How often do you read about a data breach, identity theft or other types of computer hacks where personal information has been compromised? What would happen if your nonprofit data was breached and what information would be potentially stolen? As a nonprofit organization, you collect a lot of data on donors, clients, staff and other supporters and having all that data places a lot of responsibility on the organization to secure and manage it well. Having nonprofit accounting policies in place is a necessity to safeguard everyone’s interests.
How Much Data Do You Collect?
At first glance, you may think you don’t collect all that much data. Sure, you’ve got a mailing list on file of people interested in your nonprofit’s work, and email addresses for that monthly newsletter to send out, but doesn’t everyone?
Consider how people donate to your nonprofit. If you accept credit card donations over the internet, website security becomes critical to prevent criminals from stealing data from your donors. Passwords may also be important if you have a members-only area on your site where you host forums. When you really sit down to analyze your organization’s data collection methods, you’ll quickly realize that you’ve got more data than you initially thought.
Keeping Data Safe: Creating a Data Ethics Policy
Many organizations are creating nonprofit accounting policies for data security and ethics to help safeguard customer privacy and maintain the high level of trust they’ve worked so hard to build with their constituents.
To create your own organizational data ethics policy, follow these five tips:
1. Establish data-use goals: Knowing exactly why your organization collects data, and the use to which you will put it in the future, is the starting point for a data ethics policy. You have to know the reason why you’re collecting the data in the first place to establish guidelines about its use. Some common reasons for collecting customer data include future marketing, such as requesting that interested people sign up for your email list so that you can send them donation solicitations later.
2. Create a privacy policy: Privacy policies exist everywhere on websites but an important part of your data security and ethics work. You can create a privacy policy in several ways. There are privacy policy generators online that help you build a simple boilerplate privacy policy for your website. You can also ask your legal counsel for a recommendation. Once you create your privacy policy, post it online.
3. Assess the risks: Take a data inventory to understand exactly what data you have stored and what the risks are of maintaining it. Know what you have to work with, how and where it is stored, and who has access to it. Lastly, determine who controls access to the data and the steps your organization has taken to safeguard it.
4. Add safeguards: Every day it seems that hackers have found new ways to break into websites and steal personal information from customers. It may be worthwhile to consult with an internet security expert to make sure that your website and network have the latest security safeguards in place. Updating software and plugins for websites, adding a virus protector to WordPress-based sites to screen for virus-filled spam, and using other simple measures may go a long way in preventing theft and security breaches.
5. Conduct due diligence: If third parties have access to your data, such as mailing house or email service providers, do you conduct due diligence to ensure that their safety procedures match or exceed your own? Few organizations give much thought to who in other companies may use or
access their data. Make sure that you have steps in place to screen companies and understand their data security policies. Common third-party vendors who may access your data include marketing agencies, mailing list companies, list brokers, email service providers, and fundraising organizations.
Nonprofit Accounting Policies for Data Security
Once you have the basic information about your current data collection and use, formulate a general ethics policy and procedure document that can be shared throughout your organization. A little work now will come in handy later if the unthinkable happens and you have a data breach on your hands. Your constituents will thank you for taking extra steps to safeguard your data.
At Welter Consulting we are committed to keeping your information secure and finding you the most affordable technology, the most powerful solution, and providing expert support. We are dedicated to assist you in achieving your mission by leveraging technology and superior reporting. We are passionate professionals who choose to work in the nonprofit sector for the same reason you do – helping others. Click here to see a complete listing of upcoming training and webinars, including the Free NonProfit
Recent Comments