Charities owe it to their supporters to think very carefully about what personal information they collect from donors, how long they keep the data, and how best to protect it,

from NTEN, The Nonprofit Technology Network:

The Questions Every Nonprofit Should Ask About Sensitive Data

Charitable business transactions aren’t about buying or receiving, they’re about “giving“. There is no tangible need compelling donors to give to nonprofits. Additionally, donors tend to make personal investments – whether that be in time or money – into a charity’s mission, so the relationship between the donor and charity is a far more personal one that the consumer/vendor relationship.

It is for these reasons that nonprofits need to make a special effort to ensure sensitive donor data is protected from unauthorized disclosure. According to a study conducted by Javelin Strategy and Research, 55% of participants said that they would trust an organization less with their personal information after a breach, and almost 30% of those polled said they would stop donating or sponsoring the institution altogether. It’s hard enough keeping your existing donors engaged. How damaging would it be to your bottom line if 30% of your donors simply went elsewhere?

So, how do nonprofits address data security and privacy concerns with limited technical resources?

While technical solutions such as firewalls, intrusion detection systems, anti-virus and encryption can be employed, the easiest and most cost effective way to approach these issues is by evaluating your “CAUSE” (Collection/Communication, Access, Use, Storage, and Eradication/Education) with respect to donor data.