1. Developing A Policy On
Emails and Spam
If nothing
else, recent debates about privacy and donor rights should cause organizations
to develop their own privacy policy.
It's vital that
everyone within an organization, from the secretary to the chief
executive, be able to articulate the organization's privacy policy,
according to Neal Denton, executive director of the Alliance of Nonprofit
Mailers in Washington, D.C.
Of course, the
Internet is a driving force in the battle for privacy. There are
guidelines. The Direct Marketing Association (DMA) released an e-Mail
Preference Service, that allows people to register and not receive
emails from DMA members.
- The DMA doesn't
support the bulk use of untargeted email solicitations.
- Unsolicited
email messages should include these opt-out choices: Consumers
can opt-out of receiving email from a specific marketer, according
to DMA guidelines at www.e-mps.org;
- Consumers can
opt-out of having their e-mail address rented or shared with other
marketers, according to DMA guidelines at www.e-mps.org.
- Under its "Privacy
Promise to American Consumers," the DMA requires members to
follow several privacy protection measures, including an opt-out
choice for consumers who don't want to receive solicitations.
- The DMA also
offers a Telephone Preference Service and Mail Preference Service
that allows consumers to opt-out of receiving unsolicited appeals.
 2. Data
Mining and Privacy
How deep
is to deep when it comes to so-called data mining. Direct response
guru Jerry Huntsinger spoke with several folks, such as the editor
of the Privacy Journal, and nonprofit officials who are attuned to
privacy issues to find some answers.
Following are tips
and suggestions for developing guidelines at your organization:
- Before any
nonprofit collects information from individuals, they should tell
them the intended uses;
- Mail pieces
should include a disclaimer that asks the donors whether the organization
can or cannot rent that person's name to others.
- If an organization
is gathering information about donors from other sources, they
should tell the donor;
- Consider as
an organization whether you gain or lose by renting lists, such
as whether donors would not appreciate if they got information
from another organization as a result of your renting or sharing
a list;
- Poll your membership
about such issues and determine whether they prefer confidentiality
or don't mind having their name shared with others;
- If you don't
as an organization offer an opt out on mail pieces, at the very
least offer donors an opt out once a year through some other avenue
such as a newsletter or telephone call, and honor those requests.
- If you do rent
or exchange your list with other nonprofits or for-profit companies,
screen them carefully.
- In all things
consider your donor relationship first, and making a buck second.
3. Protecting
Against Hackers
You may
not know it but hackers could be in your computer system right now,
placing software to gain access to other secure sites, according to
an expert on privacy issues.
Robert Parker, a
partner in the Deloitte and Touche LLP Toronto office, spoke at an
AICPA conference about this and other security breaches that could
impact potential donors’ willingness to visit your organization’s
Web site and donate online.
Parker suggested
organizations develop external and internal privacy policies to improve
donor trust. He gave the following tips:
- An external privacy
policy should provide donors confidence about the privacy of their
information;
- An external policy
should include legal compliance, follow fair information practices
and show concern for donors’ personal information;
- An organization’s
soliciting or canvassing, for example, that involves donor contact
must be designed with the organization’s privacy policies
in mind.
According to Parker,
internal privacy policies should:
- Provide board
members and others within the organization guidance in gathering,
using, disclosing and destroying personal information;
- Include legal
compliance, adhere to fair information practices, and show concern
for privacy of donor information;
- Treat personal
information according to the donor’s choices and consent
obtained;
- Establish the
basis for the policy and key elements such as contract legislation,
industry standards and industry guidelines when creating privacy
policies;
- Give policy statements
that read ... "We will only, ... We will not...";
- Make privacy an
integral part of an organization's processes and systems.
4. Protect
your donor's information
To ensure that an organization is doing its utmost to protect
the privacy of its constituent data, it needs to ask itself seven questions.
The questions are:
- Are staff in
your organization thoroughly familiar with your privacy and information
usage policies? Are they familiar with privacy laws, regulations
and ethical business guidelines?
- Do you hold
regular training sessions to review policies and new laws and regulations
so staff throughout the organization are familiar with them and
your expectations for responsible stewardship of data?
- Are staff aware
of the implications of security breaches, including penalties?
- Do you train
new staff and temporary staff if they have access to data on privacy
and security rules?
- Do you have
different levels of employee access to data based on the sensitivity
of information stored?
- Do you regularly
test your systems to ensure reliability? Do you have a documented
plan to handle security incidents and complaints from constituents
should a breach occur?
- Do you have
technology that appropriately handles your security needs, including
firewall and encryption software to protect personally identifiable
information?
Once these questions
have been asked, it is a good idea to put the organization to the
test by checking its policies, systems and processes for possible
infractions.
|
