“FRANKLY WE DON’T GIVE A DAMN ABOUT YOUR PRIVACY”
I don’t know exactly when it will happen.
But, some day in the not too distant future your organization will receive a letter from a donor that goes something like this:
Dear ABC Organization,
I’m growing increasingly concerned over the widespread use and abuse of my private and personal information by organizations like Facebook, Google and some of the nonprofits I donate to.
I’ve been a donor to ABC over the past 3 years. Ever since I made my first gift to you, I’ve been receiving an increased number of appeals from other charities to which I’ve never contributed. It’s annoying.
With this letter I hereby request that ABC provide me with the following:
- A listing of all my personal data that you maintain in your database such as name, address, the history of my donations, notations of my advocacy actions with ABC, records of my use of your website, my likes and dislikes, my age, gender, and any other information you’ve placed on my record.
- In addition, please tell me the sources from which you received this information
- Finally, please provide a list of all organizations—for profit or nonprofit—with which you’ve shared my data along with a description of data you’ve shared and the use to which the third party put it.
Please send this information to me via email to Roger@theagitator.net.
Thank you,
Roger Donor Craver
I really have no idea when organizations will begin receiving these sorts of requests. It may be months, or years, but I’m sure they’re coming. The rising furor over privacy abuses by Facebook, Google and other Big Tech firms plus growing concerns over machine learning and artificial intelligence assures this inevitability.
And, truth be told, any organization that considers itself transparent, donor-centric, and sincerely concerned with its donors’ privacy will begin thinking—now– about how to be responsive.
I’m also sure the initial reaction to what I’ve written above will range from denial.. to OMG!…to a thousand excuses of why this can’t or shouldn’t be done. (“Our CRM can’t do this”…”It will suppress giving.”…”This is an enormous burden.” Etc., Etc.)
Well, regardless of excuses, either our sector believes in transparency and privacy, or it doesn’t. Besides, “technical” excuses are unlikely prove credible to donors. For the past 25 years the credit reporting services have been producing free reports to consumers that track which organizations made use of the individual’s personal and financial data.
Failure to take this eventuality seriously is the equivalent of saying, “FRANKLY, WE DON’T GIVE A DAMN ABOUT YOUR PRIVACY.” So much for that boiler plate language on nonprofit websites assuring folks, “We care about your privacy.” ( Kinda like that recording on the donor service lines that assure donors, “Your call is important to us – please hold.”)
I’m raising this issue not because nonprofits devote hours figuring out how to abuse their donors’ privacy. It’s just that too many nonprofits treat donor data simply as grist for their fundraising mills. The donor as data; data to be sold or exchanged.
This is particularly true for nonprofits that rely on direct response for acquisition with its heavy use of list exchanges and cooperative data banks. This is one of the reasons that for some time the lead sentence of The Agitator’s Privacy Policy has read, “We realize that it’s rich in irony to be providing a privacy policy for readers in an industry that routinely rents and exchanges its donors’ names and addresses to other nonprofits with little or no notice or permission whatsoever in order to create what many donors consider a nuisance.”
Currently, the controversy over privacy and the demand that consumers be given access to their own data is focused mainly on the big tech and social media companies.
But, it won’t be long before all this spills over to the nonprofit sector as politicians, regulators and the sector itself begins to raise questions and seek solutions.
So, let’s start the conversation about data transparency and privacy…and begin preparing.
Forewarned is forearmed.
Roger
Europe, today. This is what a GDPR subject data request looks like – and organisations have a legal obligation to be able to provide this information, free of charge within a reasonable time frame.
Many organisations are finding this a big challenge. Others are finding that when they look at the data they hold and where it comes from, they are rather uncomfortable with what they find, and are using it to amend their data practices.
It’s coming, get ready.
Thanks Martin. If you see or hear of any donors requesting an inventory of their data held by UK charities we’d sure appreciate your alerting us to it. (See Jay Love’s comment below)
AND…your warning– get ready…it’s coming– is apt.
When the FCC announced the do-not-call (DNC) regulations, commercial and non-profit organizations insisted “this will never happen because too many jobs depend on it” and “there’s no real way to regulate it”. And although the DNC was an epic failure in both compliance and enforcement, there were a lot of lessons learned. With GDPR, now there is a proven way to solve an even more difficult problem – and more importantly to the government, an enforcement method and companies who can afford to pay the penalties. It’s definitely coming, the question will be “In what form?”. Honestly, organizations shouldn’t be waiting for the inevitable, but instead create the processes and procedures for their constituents, alumni, activists, volunteers, and patients because it’s the right thing to do regardless of legislation.
The most important piece of implementing such a policy is to show the people in your database you are a good steward of their data. This means implementing aggressive privacy controls, while also providing complete data transparency.
Thanks Roger, Martin and Tim for this eye opening post and comments! I am betting the requests you allude are already coming in somewhere.
Jay, I suspect you’re absolutely right. I know they’re coming into the social media companies and some consumer companies, but as yet haven’t seen any for the nonprofit sector here in the U.S. I do suspect our friends in the U.K. have seen some given the GDPR and I’ll check with our correspondents there.
This is a big reason we at DonorTrends have stayed away from using personal identifiable information to build our models. This should be illegal, but I wonder whether we will ever see our politicians protect us from this, given that it is now built into business models of so many for-profits and non-profits alike. Money seems to usually win out in our political landscape.
Interesting and not something that I suspect many nonprofits have in mind. Does addressing this issue begin, in part, when one chooses a CRM? Are some CRMS better equipped than others to help with data management and privacy?
FYI I ask because in working with those reviewing CRM contracts one learns that they differ greatly in some key areas. I’m not casting aspersions or saying anyone is not doing their due diligence, simply stating what I have observed.
As you’ve noted, Sophie, the fundamental issues of data stewardship and transparency are little understood and usually ignored by the nonprofit sector. I’ve been continually mystified that while many CRMs tout the fact that their technology glows in the dark, sings, or offers additional bells and whistles, but few currently do much about data stewardship and transparency.
The continual updating and identifiable sourcing of donor data is at the heart of good stewardship. And making the types and sources of data available to donors themselves goes to the heart of transparency.
No CRMs in the nonprofit space that I’m familiar currently do this. Fortunately, some of the more forward thinking CRMs are actively working on it and I expect we’ll see significant progress.
Your comment serves as needed motivation to get an accurate list drawn up to share. I’ve reached out to some data stewardship experts and will hopefully have a list by the first of the year.
Great comments everyone. I suspect that some of this is nonprofit naivety… And also a sense of entitlement…”We’re nonprofits so we’re good and do good and …”
I think this will “bite us in the proverbial ‘ass'” here in the US. The US is far behind the European Union – and where else.