Data Privacy Week 2023: What Can You Do as a Nonprofit Leader?
Data Privacy Week is an international effort to create awareness about digital data privacy. Millions of people are unaware of how their digital activity and personal data is being collected and used. Data Privacy Week is an opportunity for a transparent review of
- How we as organizations steward our constituent data
- How we protect our own personal data privacy
“Microsoft is delighted to be the lead sponsor of Data Privacy Week 2023, a pivotal year for privacy around the globe. To realize the profound benefits of technology we believe organizations and governments need to use data responsibly and recognize privacy as a fundamental human right. With rapidly advancing technology, protecting privacy has never been more important for the long-term success of any organization, including Microsoft.” – Julie Brill, Chief Privacy Officer and Corporate Vice President at Microsoft.
What is Digital Data Privacy?
Data privacy takes the form of a policy that determines how personal data can be used by the organization that is collecting it, as well whether and how it can be shared with third parties.
Different countries and some states have enacted legislation that governs elements of digital data privacy compliance that organizations must meet.
Nonprofits are not exempt from the need to carefully steward donor, volunteer, and client data.
What can you do as a nonprofit leader?
Respecting the privacy of your donors, volunteers and other constituents is critical for inspiring trust and enhancing reputation. And for nonprofits, reputation is critical for donations.
According to the Pew Research Center, 79% of U.S. adults are concerned about the way their data is being used by organizations. It’s critical to be open about how you use data and respect privacy.
- Consider adopting a Data Policy Framework. A privacy framework helps organizations manage risk and create a culture of privacy. It offers a way to build privacy into your organization’s foundation. To learn more, check out the National Institutes of Standards and Technology privacy framework toolkit.
- Data governance. Data governance is the process by which an organization ensures that its data is accurate, complete and compliant with all relevant laws and regulations. It includes the development of policies and procedures for managing data, ensuring that those policies and procedures are followed while periodically reviewing and updating them as needed. Take time to review your organization’s data governance policies. Where appropriate, refine your policies related to user access to data, data retention and residency, and data protection.
- Are you doing enough to protect the data of minors? Does your nonprofit collect information about children through your fundraising activities and events? Take time to learn about current regulations that protect children’s personal data, regulations that have recently passed and proposed legislation, and technologies for age assurance and verification. Learn more.
- Educate your team. Your staff and volunteers are the frontline in protecting the data your organization collects. Create a culture of privacy in your organization by educating your employees and volunteers of your organization’s obligations to protecting personal information, and their own personal responsibilities.
What can you do as an individual?
Data Privacy Week is a good time to review your own personal habits. It seems like every website today has a banner asking us to accept or reject cookies. In our haste, it’s easy to click accept to get the banner out of the way, but what are we accepting?
Here are some things you can do to have more control over your own data privacy.
- Change your passwords regularly. This might seem inconvenient but changing your passwords every few months is one of the most effective ways to secure your own personal data. Passwords are prone to appear in data leaks and changing them frequently reduces your risk of exposure.
- Don’t use the same password for multiple websites. It can feel overwhelming to have to use different passwords for all these different websites, but it is an important tool in your ability to protect your own data.
- Use a complex and unique password. You might be surprised to learn that the most commonly used password in a 2022 study was “password”. Check out the top 200 passwords used and review your passwords today.
- Manage your privacy. It’s common now to have accounts on dozens or even hundreds of websites. From simply signing up for an email list to making donations online, renewing your driver’s license to conducting our banking online, there are so many places we have digital data. Be aware of the websites that have access to your personal data and know what your options are in terms of privacy settings. Delete accounts you are no longer using.
- Enable 2-factor or multifactor authentication. Banks generally offer or require the option of multifactor authentication (MFA). Two-factor authentication (2FA) is the most common option – you need to provide a correct password and a one-time passcode that is sent to your device/smartphone (either sent via SMS or provided via an authentication app). Check the settings in your online accounts and enable multi-factor authentication when it’s available. Learn more about MFA.
“Cybersecurity is no longer a field that can simply be delegated. In a world where individuals, businesses and organizations of all types are increasingly relying on digital devices to conduct everyday activities, everyone has a role to play in safeguarding data and information. That is why it is so important to consistently evaluate where individuals stand on all issues involved in the cybersecurity landscape so that we can work together and build a stronger cybersecurity community that can stand up to bad actors.” – Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance
How Heller Consulting protects your nonprofit’s data
During a CRM implementation project, Heller might need to work with your data to perform a data migration to your new systems.
- Should this need arise during the project, Heller temporarily stores data through VPLS, Inc. Our VPLS provider maintains server facilities with documented protocols, audits, and physical security. They also maintain a process to ensure secure disposal of data.
- Heller maintains antivirus/anti-malware software on all systems that store, process or transmit data, and backups of these systems are routinely performed.
- A firewall separates internal and external environments, and we have a mechanism for encrypting sensitive information in transit.
- All team members sign an information security agreement upon hire, and we maintain a disciplinary process for non-compliance with these policies.
- All client data and information is considered confidential and will be treated as such. Any information or data provided over the course of the project will be adequately destroyed using Webroot Secure Delete Utility or comparable service unless specified otherwise at the end of the contract.
The National Cybersecurity Alliance (StaySafeOnline.org) is a nonprofit organization that focuses on data privacy awareness and hosts Data Privacy Week each year. The organization hosts regular virtual events and educational opportunities on cybersecurity and privacy topics and partners closely with several government, industry and civil organizations in efforts to protect data privacy across sectors.
Whether you’re an individual who wants to understand and secure your personal data or you’re a nonprofit leader who wants to commit your organization to better data privacy and governance practices, the National Cybersecurity Alliance has produced many digital resources that could be helpful. Be sure to check out their website for more information.
Subscribe to Heller Consulting