Privacy Risk is Real

Highlights from recent media coverage of privacy-related incidents and trends shows increased risk for the nonprofit sector related to privacy. Many nonprofit leaders aren’t prepared to deal with this issue and that could mean dire consequences should the proper safeguards not be in place and a breach or theft occur.

from NTEN, the Nonprofit Technology Network:

Calling All Nonprofits: Its Time for a Privacy Upgrade

More and more, nonprofits rely on technology to fulfill our missions. We connect with members using e-mail and social networking, carry out research on search engines and Web sites, and use online services to purchase supplies and produce and store documents. And our members also rely on technology to take part, booking reminders in online calendars or using GPS-enabled cell phones to get to events.

But everything we do online leaves a digital trail behind about our activities and our members. And once member lists, actions and events, emails and documents are collected and stored by an online service, outdated electronic privacy law is failing to keep this information safe from inappropriate access and potential misuse.

The Electronic Communications Privacy Act (ECPA) is the federal law that is supposed to protect the privacy of electronic communications and personal information from inappropriate disclosure to government or third parties. But ECPA was enacted in 1986, when Ronald Reagan was President, cell phones were as big as your head, and the Web did not even exist. Technology has changed dramatically since then, allowing us to easily move our activities and information online – but since electronic privacy law hasn’t kept up, the privacy protections for that information may not transition as smoothly.

Cloud computing is a prime example. If you produce documents or keep records and store them in a filing cabinet, a work computer, or an in-house server, your information cannot be seized without a judge’s approval, you know when the government or a third party demands access to your information, and you often have the opportunity to fight that disclosure. But if you use a software-based service or electronic storage company, depending on the terms of the cloud computing provider and the type of demand, your information might be handed over without judicial oversight and without you even knowing.