It happened recently to a prestigious private school.
New York’s Dalton School inappropriately released private alumni information to its volunteer fundraisers. The New York Times reported the blunder that sent a shockwave through the School’s community and may have a chilling effect on fundraising.
Do not let this happen to your organization.
While volunteer and professional fundraisers must have useful information to effectively perform, organizations must protect sensitive items and keep them confidential. I’m going to provide you with eight tips that will help you keep your organization safe and your prospects and donors happy.
But first, let me tell you what went wrong at Dalton. Here’s what The New York Times reported this month:
But recently, one of the top Manhattan private schools, the Dalton School, might have been a little too open with the data it had about some graduates. The school said [February 7] that it had given out to some alumni who had volunteered to raise money for Dalton information about several other alumni whose own children had applied to the school. The information included whether those children had been admitted, information that most parents prefer not to be shared, especially in cases where the answer is no.”
It is common and acceptable practice for nonprofit organizations to share prospect and donor information with both volunteer and professional fundraisers. Such information often includes contact information, spouse or partner data, affiliation, giving history, volunteer involvement, event participation, and interests.
Dalton ran into trouble when it disseminated information about whether the children of prospects applied for admission and were rejected by the School.
The Times article quoted an upset alumna:
’It’s horrible,’ said one alumna who has been financially supportive of the school, and like nearly everyone interviewed about what happened, declined to be identified for fear of upsetting school leaders. ‘Why should anyone know how much I have given and whether my kid got in or didn’t get in or even applied?’”
Prospects and donors care about their privacy. They do not want to feel that they are being spied on. They do not want private information about themselves or, especially, their children disseminated to friends and acquaintances. Dalton overstepped by releasing admissions information about alumni children, something acknowledged by the School:
’We apologize for and deeply regret the release of this information,’ said the letter, written by Ellen Stein, the head of school. ‘We are reviewing our protocols to ensure that information about the admissions status of all Dalton families and applicants is protected and remains confidential. We have reached out to apologize personally to those 11 alumni whose names were listed.’”
While I applaud Dalton for reviewing its data protocols after the inappropriate release of private information, it would have been far better if it had had this review before a problem occurred. You now have that opportunity.
Before a crisis happens at your organization, take the time to review your organization’s own prospect research and information sharing protocols.
Here are some tips to guide you during your review:
1. Be donor-centered. Your entire development program should be donor-centered. This includes prospect research and information sharing. Consider how your donors would feel if they looked at their own prospect record in your system. Would they think you overstepped? Would they think you invaded their privacy? Would they think the information you have is appropriate?
3. Obey the law. Know what the laws are governing the gathering and use of information. This varies greatly by country. For example, in the US, The Health Insurance Portability and Accountability Act contains significant rules for how hospitals can and cannot use patient data for fundraising purposes. It’s your responsibility to know and obey the law.
4. Maintain written policies. Your organization should have written policies concerning how information will be gathered, what information will be stored, what information will be disseminated, and who has access to the information.
5. Limit access. Only a select group of people should be permitted to review, add or delete prospect or donor information. This will protect the integrity of the database and make it easier to ensure the organization’s policies are observed. In short, access should be on a need-to-know basis.
6. Train staff and key volunteers. Do not assume that everyone will read and remember the policy handbook. Everyone on staff and key volunteers should be trained on what the policies are concerning prospect and donor data. You should also explain the rationale behind the policies.
7. Consider what information is needed. Avoid “information pollution” or “paralysis by analysis.” It is simply not necessary to know everything about a prospect or donor. Think about what information a fundraiser really needs to be effective. Sticking to essential information will make it less likely that you will end up invading someone’s privacy.
8. Prepare to explain yourself. No matter how careful you are, at some point, you are likely to run across a prospect or donor who may object to the information you have gathered. Be prepared to explain how you gathered the information, how you protect it, and how you use it. If the concerned individual recognizes that you are being donor-centered, he or she will be far less likely to be upset.
Sometimes, even with good preparation, mistakes will be made. At Dalton, officials did the right thing by responding quickly and apologizing. The key is to minimize risk. You can do this by taking the time to carefully examine your own organization’s protocols.
If you develop sound protocols now and train your fundraising team, you’ll be able to live the Dalton motto: “Go forth unafraid.” Your prospects and donors will be happier, and you’ll be more successful.
If you think you don’t need to do this, consider how complicated the issue really is. For example, remember that your volunteer fundraisers are also your donors. How will they feel about the organization after they see first-hand how you research and handle donor data?
Also, consider how complex the prospect research effort can be, especially in the information age. For example, divorce records are often public information and contain a treasure trove of details about an individual’s income and assets. Should you use such records to research your prospects and donors? How would your prospects and donors feel if they found out you were looking through their divorce records? Have you ever considered the potential unintended consequences of researching these records? Some organizations refuse to access divorce records while others are fine with the practice. Does your organization look into divorce records? Why or why not?
Does your development process protect your organization’s integrity while protecting the privacy of your prospects and donors? Don’t do what Dalton did and simply assume it does. Instead, be proactive. Review your protocols now. Failure to do so could harm your fundraising efforts tomorrow.
That’s what Michael Rosen says… What do you say?