A year ago I wrote:

“ I don’t know exactly when it will happen.  In the not-too-distant future your organization will receive a letter from a donor that goes something like this:

Dear ABC Organization,

I’m growing increasingly concerned over the widespread use and abuse of my private and personal information by organizations like Facebook, Google and some of the nonprofits I donate to.

I’ve been a donor to ABC over the past 3 years. Ever since I made my first gift to you, I’ve been receiving an increased number of appeals from other charities to which I’ve never contributed. It’s annoying.

With this letter I hereby request that ABC provide me with the following:

• A listing of all my personal data that you maintain in your database such as name, address, the history of my donations, notations of my advocacy actions with ABC, records of my use of your website, my likes and dislikes, my age, gender, and any other information you’ve placed on my record.
• In addition, please tell me the sources from which you received this information
• Finally, please provide a list of all organizations—for profit or nonprofit—with which you’ve shared my data along with a description of data you’ve shared and the use to which the third party put it.

Please send this information to me via email to Roger@theagitator.net.

Thank you, 

Roger Donor Craver”

Today, a year later, that imagined future, is now happening.  The EU’s General Data Protection Regulation (GDPR) has been in effect for a year, while here in the U.S. the public clamor over data privacy is increasing and some 21 states have data privacy laws working their way up the legislative ladder.

In 89 days, the California Consumer Protection Act (CCPA) will take effect. If you have only a single California donor this law may affect you.

Despite all this activity involving privacy, lots of folks in our sector either still don’t seem to get the message of public concern. Or, perhaps they’ve chosen to ignore the coming regulations and simply pay the fines and ignore their donors’ concerns.

Whatever the reason, it’s painfully clear that through ignorance or deliberate design too many organizations are doing nothing — or doing too little quite poorly — to prepare for the eventuality of the day they’ll receive various versions of may sample letter above.

Head in the sand is not a donor-centric strategy.

Truth be told, any organization that considers itself transparent, donor-centric, and sincerely concerned with its donors’ concerns and preferences regarding privacy will begin thinking—now– about how to be responsive

Too often, when new regulations like the GDPR or the CCPA, are proposed the inclination on the part of some is to go into the defensive crouch of denial, delay, avoidance.  Even more disturbing are those who resort to lawyers to figure out work-arounds.

Disgusting?  I sure think so. If you’re doing something with your donors’ data that you’d prefer not to tell them, you probably shouldn’t be doing it.

What amazes me about this mindset is the failure to realize the enormous opportunity this rising public concern presents to the thinking,  forward-looking, donor-centered organization.

Seizing Opportunity

Never has the climate been more ripe for an organization to demonstrate its transparency and build trust with its donors.  Trust being the central pillar of any lasting relationship.

With or without the GDPR or CCPA now’s the time to connect with your donors and find out how they want you to communicate with them…how frequently…on what channels…while thanking them for their support.  The answers to these questions come in the form of data –first party data in the jargon of the trade—that your organization owns. The most valuable data there is.

Fortunately, we all can learn from the experiences of nonprofits who are now one year into the GDPR.  Yesterday Nick noted the danger (loss of £28.6 million in a year) of simply “guessing” how best to deal with issue of privacy and seeking donors’ opt0in permission.

On the other hand, there are powerful and positive results when the process is thought through and tested.   In the DonorVoice Symposium earlier this week, Derek Roberts, Senior Marketing Executive at Crisis, the UK charity working to end homelessness, explains how that organization seized the opportunity presented by GDPR.

Not only did Crisis learn a great deal about donor preferences and how to communicate the need for donor data, you’ll find a rich array of testing and communications techniques in this video that helped them substantially increase their opt-ins.  It’s 14 minutes long and well worth your time and your colleague’s time.

“Best Practices” Planning Tips for U.S. Charities

In Wednesday’s webinar on the CCPA Shannon McCracken and Britt Vante outlined the key areas organizations should be thinking through.  This is not only good advice for preparing for the CCPA but for getting your organization in shape to meet your donors’ expectations about privacy and to build trust

1. Clear Disclosure. On your website or other easily found location let your donors know what you’re doing with their data.
2. Contact Information. Make it easy for donors to get in touch with you –by email, by phone, by post. And put that information where it’s easily found.
3. Opt–Out Button or Form. Make it simple for the donor to opt-out of any data sharing.
4. Internal Audit. Conduct an internal inventory of where you collect data from your donors (donations, website, F2F, events, etc. and where you sell or exchange data to other organizations.  Understand where you buy data from third parties, how it is used and work with these companies to ensure they are CCPA compliant.
5. Develop Talk Tracks around donor communications. Donors will likely not be aware of the ins and outs of regulations, so prepare to explain what you do with their data in clear, transparent manner.

The rising furor over privacy abuses by Facebook, Google and other Big Tech firms plus growing concerns over machine learning and artificial intelligence assure you’re going to be asked by your donors about your organization’s practices.

Now’s the time to prepare.  Don’t look for excuses (“OMG”…”Our CRM can’t do this.”… “It will suppress giving.”…”This is an enormous burden.”). Start thinking.  And acting.

Either you believe in transparency or you should simply announce to your donors, “Frankly, we don’t give a damn about your privacy concerns.”

Roger