When Security is not the Priority
The number of data breaches, whether it's a letter you receive at home or seeing it posted on your favorite news website, is so consistent that we're almost immune to the effect….or implications.
A recent story in the Chronicle of Philanthropy highlighted the lack of preparedness by most fundraising personnel regarding data security. This is on top of the massive breach from Blackbaud several years ago. Whether it's a ransomware attack or hacking into a database, the consequences of any legal intrusion into a nonprofit’s donor database can be consequential, to say the least.
First, there are the legal issues. There is a sense of responsibility, both ethically and legally, that you protect critical information. Nonprofits are now being sued for breach of donors’ data. In fact, since the Blackbaud breach, even though the nonprofits were not responsible for security, they've been sued for the loss of information.
And while the legal issues are bad enough, the trust and reputational effects are even more consequential. Donors lose trust and faith in nonprofits that can't take care of their own business, particularly if it's the donors’ data that ends up in nefarious hands. And philanthropy lives on and with trust for every donation.
How do you increase the sense of urgency with this issue?
In the story, they talk about one nonprofit that took this issue to the Board and had them imagine that their information was taken. Pretty soon, from a governance structure, the Board began to ask some questions. There are also several states, led by California and New York, that are tackling this issue through legislation in the State House.
At the end of the day, doing what's right, even if hard, is still correct. We have a responsibility to ensure we're doing everything possible to secure not only the data of our donors, but more importantly, their trust.