Horror stories of data breaches and exposure of sensitive information get the attention of most people, including donors and potential donors to nonprofits. In addition to paving the way to lawsuits or financial liability, such breaches can cause irreparable damage to an organization’s reputation and thus its fundraising ability.
Erin Gloeckner and Melanie Lockwood Herman, project manager and executive director, respectively, of the Nonprofit Risk Management Center, caution that not all leaked information is the result of malign intentions. Sometimes things can go wrong even if people are acting benevolently, or through simple human error.
Regardless, the fallout can be catastrophic, including permanent loss of vital information. They warn that the following common business practices can leave an organization vulnerable:
Conducting e-commerce on the website, especially collecting credit card data and processing payments online.
Storing and transferring personal employee, client or donor data, for both virtual data and paper records (e.g., sending sensitive data vial email or storing sensitive data in the cloud; storing paper records in unprotected filing cabinets that anyone can access).
Storing personal information on laptops or smartphones.
Allowing partners or vendors to access personal information without proper safeguards.
Storing personal information on cloud systems or servers.