How to Handle Your Donor Data

Today’s nonprofits are increasingly awash in sensitive information about their donors. This phenomenon provides opportunities and operating challenges that need to be addressed through world-class data management practices. Securely managing donor data provides the foundation for analyses that can reveal deeper insights into donor sentiment. 

This new-found knowledge can be a key differentiator for nonprofit organizations searching for new opportunities to enhance the depth of their donor relationships. However, if donor data is mismanaged or hacked, it can irreparably harm a donor’s trust and their long-term giving relationship with the nonprofit. 

Here are three steps that every nonprofit should take to ensure that their donor data is both private and secure.

1. Know What to Secure

Ideally, all donor data should be secured. However, it is also necessary to conduct a data inventory and determine if more data is being collected than necessary for any current or foreseeable analyses. If there is no rationale for a particular data field, then discontinue collecting and managing it. As a professional fundraiser, it is only necessary to collect enough data to:

• Establish relationships with donors through ongoing communications
• Understand donor preferences and expectations
• Improve prospecting for like-minded donors
• Process donations
• Issue tax receipts 
• Provide acknowledgements
• Meet legal compliance requirements imposed by state and federal law

It is also imperative that organizations ensure that existing privacy regulations permit you to have the data that you are currently storing. This involves both the type of data and the permissions under which it was collected. Determine if your organization fully comprehends — and is in complete compliance with — GDPR, CCPA and any other applicable data privacy regulations. Ethically sourced data is the first step toward ethically analyzing donors and advancing the mission of your nonprofit. 

2. Secure With Best Practices

Clean data is necessary, but not sufficient for protecting your donor relationships. It is also important to secure donor data by anonymizing it and deploying secure infrastructure to reduce the likelihood of a data breach and prevent any leaked data from compromising your donors. 

Anonymizing Your Data

The goal of data anonymization is to ensure that any unauthorized person who accesses donor data cannot trace it back to an individual donor. 

This is especially critical when working with external vendors. Analytics vendors do not need to know donor names or addresses to analyze the performance of your fundraising programs or make recommendations about whom to solicit when, which channel to use or how much to ask of each donor. 

Removing personally identifiable information (PII) and replacing it with unique, persistent identifiers is the first step to managing privacy through anonymization. Best practices are to replace a donor’s first and last name with a single “PeopleID” and their household name with a “HouseholdID.” Further, it is appropriate to remove address information above the ZIP code level. 

It is necessary for only a few select employees to access the mapping between the unique donor identifiers and the underlying donor records. 

Removing PII also enables more ethical donor analysis by eliminating implicit and explicit bias from any analysis to optimize the performance of fundraising operations. 

Managing a Secure Infrastructure

The keys to managing a secure infrastructure for your donor data include having a documented plan for how data is stored, moved and accessed.

Safeguarding Servers – Securely Storing Data

The most frequent source of data leakage is from an organization’s own servers. The most secure organizations use a Virtual Private Cloud (VPC) consisting of storage servers, such as Amazon Simple Storage Service (AWS S3), and production servers, like Amazon’s Elastic Compute Cloud (AWS EC2)

Each set of donor data should be secured and encrypted with 256-bit AES on its own instantiation of a storage server with industry standard security protocols, plus additional security fields to limit access even within your organization. Donor data should be only accessible from within the VPC and not directly accessible via the internet.

Production servers that can access donor data should not be activated until analysis starts, and they should be deactivated as soon as the analysis is completed. This will limit an attack vector while also reducing the carbon footprint of fundraising operations.

Transfer Rights – Securely Moving Data

At some point, your fundraising processes will require you to move donor data to an external vendor for services, such as data modeling and campaign execution. The first lines of defense in transferring data to third parties are to minimize the amount of data being transferred and to replace PII with unique, anonymized identifiers where possible.

Do not transfer files using email. Email servers can be hacked, messages can be intercepted or sent to the wrong person, and it is difficult to control where data goes once it is received through email. Best practices are to employ an Application Programming Interface (API) or a Secure File Transfer Protocol (SFTP) to transfer data outside of your organization. 

Ideally, APIs should always be developed securely, but this is not always the case. If you are using a third-party API to transfer data, it is important to verify that it is secure and employs an end-to-end encrypted connection.

There are many options for user-friendly SFTP services to secure your data in transit. Amazon Web Services (AWS) SFTP is easily accessible, and it provides an industry standard 2048-bit SSL certificate with a 256-bit AES key. Dropbox’s Commercial SFTP service is another option. SFTP services should only be used with temporary password protected access links. 

When vendors return information to your organization, we recommend that data is only accepted from whitelisted IP addresses, and this information should have a one way view, with custom ports that are only open for discrete time frames. Custom ports are less likely to be known by hackers and provide “security by obscurity.”

Transit security is required even if you are not moving data outside your organization. We recommend using encryption and SSL compliant links even when moving data between in-house storage and production servers. 

Access Rights – Securely Using Data

The most important aspect of access is assigning the least amount of access necessary to complete a task. While providing full access to all data is more transparent and inclusive, it increases an organization’s risk profile. Staff members should not have access to more data or systems than they absolutely need to successfully complete their work. 

A limited number of employees should be allowed to access your VPC, and this should only be permitted with their own unique login and key. These connections should always be encrypted and restricted to specific whitelisted IP addresses. At a local level, each employee should be required to use company-owned computers with full disk encryption, not their personal PCs. 

3. Monitor Continuously

It is not enough to set up best practices and then hope that donor data remains private and secure. It is also necessary to continuously monitor your operating environment for changing threats and attempted breaches. 

The reality is that not only do people, processes and technology change, but the threat environment is also dynamic and continuously evolving. A nonprofit must constantly audit its policies and practices, remain current with security and privacy trends, and always install needed software updates. 

It is important to have processes in place to continuously detect and respond to any attempted data breaches. There are services available to monitor your VPC and alert your team if malicious activity is detected. 

It is also necessary to develop a formal incident response plan that can be quickly activated if a data breach occurs. The plan should include notifying your senior leadership, authorities and all impacted parties, as well as remediating any system issues. Once fixed, reactivate the server instances that are needed to deliver services, validate performance and begin providing services again.

Ensuring that donor data is private and secure will not only protect your organization and donors, but it will also prepare your fundraising team for high quality, unbiased donor analyses and enable your organization to efficiently integrate new analytic techniques to optimize fundraising.

The preceding blog was provided by individuals unaffiliated with NonProfit PRO. The views expressed within do not directly reflect the thoughts or opinions of NonProfit PRO.