Privacy concerns are all over the news lately, with breaches in Equifax, Cambridge Analytica misusing data, and Facebook’s Mark Zuckerberg being questioned by Congress. But how does all this privacy talk affect nonprofits? Many nonprofits store valuable user information, including e-mails, credit card info, addresses, and even more nuanced data such as birthdays, interests, and volunteer activity. So how can nonprofits keep their donor’s data protected and, most importantly, private? Let’s take a look at the Data.

Here are the three things every nonprofit should keep in mind when it comes to their donors’ private data.

1.) Consider what data you actually need
We’ve all been there. You’re in the process of making a donor survey and questions start coming in from the staff and board and want to know age, race, hobbies, spouse’s name, hometown, and pretty much everything down to the respondent’s favorite ice cream flavor. So then you’re stuck with a 38-page survey that you know no one is going to fill out, and is likely to feel onerous and invasive to many people.

The best way to trim that down is to thoughtfully consider what data you need versus what data you will use. It may be nice to know someone’s hobbies, but how will you use that data? Will you be sending targeted e-mails based on that? Mailing them targeted appeals?
A 2014 study by Accenture found that while 87% of consumers studied said that they didn’t believe adequate safeguards were in place to protect their data, 49% said they would not object to having their buying behavior tracked if it would result in relevant offers from brands and suppliers. This means that while there are deep concerns with privacy, consumers (or donors) are willing to sacrifice some of their private information for specific offers or information related to their interests.

This means that while a board member may want to know donors’ hobbies, it may not support your fundraising goals. When you build a survey, pare down the information gathered to make sure your donors are only giving you the information that will absolutely improve their experience with your organization. If it’s information for information’s sake, scrap it. For some more information on great e-mail sign-up forms, check out this article, “8 Sign Up Form Examples for Easy & Breezy Conversions.”

2.) Know the rules
When the CAN-SPAM Act passed, nonprofits were concerned about how it would affect their outreach to their donors and community. Did we need specific permission to e-mail our donors? What restrictions are there are on the sender? What happens if we’re not in compliance?

The upshot of the Act actually showed us that most nonprofits were already in compliance. One main reason is that you only need implied permission to e-mail people. That means that if they have donated, attended events, volunteered, or in some other way shown they are interested in your organization, you can e-mail them. However, make sure your subject lines are connected to the content and that the sender is affiliated with your organization. This just means no fundraising e-mails sent by “Beyonce” with the subject line “Free Tickets to My Concert” when really it’s your monthly newsletter.

Another major set of rules to follow is Facebook’s, with particular attention given to their restrictions on contests. Facebook’s guidelines are fairly clear on their site, but here is a general overview:

  • Make sure all the rules to enter are clear in your post or on your website
  • Explicitly say the contest is not endorsed by Facebook
  • The contest cannot include “share to your timeline,” or “tag a friend.” In short, nothing that would seem spammy to other users

3.) Keep up on changes
With technology changing so fast, companies are scrambling to find ways to adapt and address user concerns. The main data-monger, of course, is Google. Starting May 25th, Google Analytics will be making two big changes: a user deletion tool and improved data retention controls. What this means is that Google is making sure that you’re only keeping the data you’re using. This related to #1 where we talked about how important it is to only collect data you plan to use to add value for your community. If it’s unnecessary to your business goals, it’s unnecessary for you to keep around. Here’s a very helpful blog post by Search Engine Roundtable outlining the changes.

In addition, if your nonprofit is using retargeting (tracking who has visited your page before and targeting specific ads based on that information), you could be facing stricter guidelines soon. Make sure that your website has a privacy policy that states that your website uses cookies, and keep apprised of what changes are coming down the pike. A privacy policy may not protect you against new changes, but it provides some legal coverage.

But beyond Google Analytics, it’s likely changes will continue to roll out as long as we keep sharing more and more data. Keep following Williams Whittle and other nonprofit marketing experts who will keep you apprised of changes that may affect how your nonprofit communications with donors and other stakeholders!

Allison is a nonprofit communications consultant and friend of Williams Whittle who specializes in creating affordable communications strategies for small nonprofits. She has five years of nonprofit and association experience including developing communications strategies, conducting an organizational rebrand, and building a custom social network.