They might not be National Security Agency spies, but prospect researchers have more and easier access to data than ever. Researchers can find where you live, where you work, what you do, frequency and recency of donations, and your propensity to give, all without secret court orders or the complicity of data carriers.
“The events of (early June) make abundantly clear the need to have carefully crafted rules around the collection, use, security and disclosure of people’s personal information,” said Lisa Sotto, partner and head of the privacy and cybersecurity practice at New York City law firm Hunton & Williams. Sotto is also a board member of the International Association of Privacy Professionals (IAPP), based in Portsmouth, N.H.
Sotto is referencing revelations made public in June that the National Security Agency (NSA) obtained secret court orders to comb through millions of Americans’ phone records. While prospect research might not be a matter of national security, the implications for privacy the events bring up have certain parallels to donor prospect research.
“Pulling in broad swathes of information when only a small portion is needed for prospecting is a risky proposition,” said Sotto. “It is important to limit the data you obtain to that which you need to perform the relevant activity. It is also critical to restrict the uses and disclosures of the data that has been entrusted to you. And keeping that data secure and maintaining its confidentiality is critical.”
Donor prospect research has changed since Melissa Fulton entered the business in 1999. Internet research was in its infancy. Offline directories and conversations with development officers were the way researchers did their jobs. “We do seem to find that we have access to information that may seem personal that we didn’t have previously,” said Fulton, director of prospect management and research for the Indiana University Foundation in Bloomington, Ind.
Now, LinkedIn has replaced Who’s Who, and researchers spend more time in front of a computer and less on the phone. It wasn’t always like that, said Fulton. “In those days, maybe it was more about talking to development officers and current donors, digging in with conversations with current partners to find relationships,” she said.
Some privacy advocates are troubled by the amount of information available to researchers, whether they’re for-profit groups targeting customers or nonprofits targeting donors. “We’re as concerned about corporate advertisers as we are if you’re targeted by a do-gooding nonprofit that’s gone out and bought information you,” said John M. Simpson of Consumer Watchdog in Santa Monica, Calif.
“We’re a nonprofit, we fundraise,” said Simpson, director of Consumer Watchdog’s Privacy Project. “If someone has a long-term relationship with an organization and the organization would like to get their email to talk about what’s going on, I don’t see anything fundamentally wrong with that. Some things are fine as long as there’s informed consent.”
The problem, said Simpson, is if a nonprofit then takes the information they’ve collected and sells or rents it to a third party. “As long as you keep your relationship with individuals and don’t take a list you’ve gathered and sell that list to someone else,” said Simpson, a nonprofit probably won’t run into any ethical trouble.
Donor privacy and inappropriate access to databases continue to be a concern for researchers. One change that Fulton’s team must contend with is the lack of social security numbers in their databases. “That’s a privacy issue. We wouldn’t want that information to ever be accessed,” she said.
The IU Foundation got rid of social security numbers about 15 years ago, according to Fulton. Instead, the foundation’s database provides each donor with an ID number, and Fulton can cross-reference those with university ID numbers if the prospect is or has been a student at the school.
The lack of a social security number makes some research more difficult, and as a result some prospects fall through the cracks. “We struggle with keeping up with maiden name changes,” said Fulton. “When someone gets married, we might lose track of them.” In the past, a social security number was useful in confirming the identity of a prospect who’s changed her name, but that option is no longer available, said Fulton.