Is Your Nonprofit at Risk? Donor Data Protection Is a Global Priority
Protecting Data
If you’re a nonprofit leader, you’re probably familiar with the 990 IRS tax form, where you list major donors to your organization on Schedule B. It is considered confidential information, and disclosure of their private data can bring your organization substantial penalties by the IRS. However, states like New York and California have tried to force nonprofits to have an obligation to report the private information of major donors on Schedule B to regulators in those respective states. However, there has been significant push-back with lawsuits seeking to ensure that donor information can remain private.
Everyone knows the big five technology companies, which are Facebook, Apple, Google, Amazon and Microsoft. If you’ve been keeping an eye on the news, you’re familiar with the global discussions about privacy as these companies harvest every possible piece of data on everyone using their platforms (or just surfing the Internet), so they can then make a profit. Facebook and Google are the most infamous because together they had 63 percent of advertising spends in 2017 from the U.S., which is significant market share.
The public, and by extension, governments and regulators are having an ongoing debate about how, or even if, to develop laws that will protect information—including that of donors to nonprofits—in the years ahead. I suspect there will come a time when it will be done because these businesses have no competitors within their respective industries and immense amounts of data, which is money and power.
In closing, let’s circle back to the GDPR. As I mentioned, the world is having a discussion and enacting laws to try to reign in some of the power of the big tech companies and also the information that is harvested by all businesses and, yes, even charitable organizations. A few things that your organization can do to not fall out of compliance with not only the U.S. regulators, but also global governing bodies, is to:
1. Familiarize yourself with the most prominent data protection law on the planet, the GDPR.
2. Ensure if your forms and website gathers information from non-U.S. residents to remain compliant.
3. Ensure that data security is a significant priority for your organization.
4.Create data and information policies that ensure donor information is given the priority and high-level security that it deserves.
Paul D’Alessandro, J.D., CFRE, is a vice president at Innovest Portfolio Solutions. He is also the founder of High Impact Nonprofit Advisors (HNA), and D’Alessandro Inc. (DAI), which is a fundraising and strategic management consulting company. With more than 30 years of experience in the philanthropic sector, he’s the author of “The Future of Fundraising: How Philanthropy’s Future is Here with Donors Dictating the Terms.”
He has worked with hundreds of nonprofits to raise more than $1 billion dollars for his clients in the U.S. and abroad. In addition, as a nonprofit and business expert — who is also a practicing attorney — Paul has worked with high-level global philanthropists, vetting and negotiating their strategic gifts to charitable causes. Paul understands that today’s environment requires innovation and fresh thinking, which is why he launched HNA to train and coach leaders who want to make a difference in the world.
