Build Donor Trust With Donor Privacy Security

By Robin Fisk

One thing you learn in management school is that trust, like respect, is given — not taken. It has to be earned over a long period of time and can be easily eroded by a single mishap.

That is equally true of the relationship between fundraiser and donor. The fundraiser communicates the need, and the donor trusts the fundraiser as a representative of the cause to be a responsible steward of the donated money. One slip and the donor’s confidence in the cause’s ability to use the gift wisely may be damaged.

Another barrier to building trust is the experience of buying something in the first place. I once tried to purchase some tickets online for a sporting event, but the website made it impossible to get the mix of tickets I needed. If it’s that hard to buy something, imagine what the after-sales service will be like. Could that be what a prospective donor to your organization might experience when visiting your website?

As a fundraiser, you need to be confident in your organization’s ability to fulfill the promises you make on its behalf. One of those promises is that you will take care of the donor’s personal data. That’s not as easy as you might think.

A natural response is to make sure that the IT department locks down the technology, such as restricting access to the donor database, or adds to your infrastructure. But there is another threat that is much harder to manage than installing a decent firewall or adopting strong passwords. That threat is you. And me. Human beings, who despite written data security procedures — all of which are important — are prone to making mistakes like leaving a USB memory stick or a laptop on the train or in a car.

No amount of technology will prevent human error, but you can and should make sure that you close all of the technology gaps so you don’t make the headlines for the wrong reasons. And, perhaps paradoxically, your website also must be inviting enough to make it easy to give online without too many barriers, while reassuring donors that their data is secure. Here are two technology tips to help you build trust with your donors.

1. Make sure your donor database is PCI-compliant. The Payment Card Industry (PCI) data security standard applies to all organizations that process card payments so as to prevent fraud by increasing the controls around card data. By using PCI-compliant donor software, it means that, in that respect at least, you comply with the PCI data security standard. Noncompliance means losing the ability to take card payments in the future and possibly the risk of a fine. Some donor database software gets around this by removing the need to store card details altogether; the payment gateway (e.g., WorldPay) stores the card details, while your database just stores a token reference number relating to that card on the payment gateway’s database. The token number on its own is meaningless to a data thief. Others do that but also give the option to store encrypted card details.

2. Avoid barriers. Taking donations online is now a given, so avoid barriers such as asking donors to fill in a form, then print it and mail it to you. If it’s that hard to give, how do I know you’ll spend it wisely? Build trust by allowing online donors to discover how to give easily, and don’t put unnecessary barriers, such as a lengthy registration process, in their way. If your database is PCI-compliant, you can build more trust by adding explanatory logos and text accordingly.

Robin Fisk is a senior charity technology specialist at Alexandria, Va.-based nonprofit software provider Advanced Solutions International.