Four Tips to Prioritize Donor and Volunteer Data Security

Data breaches and cyber attacks are on the rise. 2023 saw a 78% increase in data compromises, and the average cost of a breach is an astounding $4.45 million. In addition to being financially costly, these breaches can cost organizations their customers and reputations.

While these statistics can sound scary, remember that there are measures your nonprofit can take to prevent supporters’ data from falling into the wrong hands. For example, choosing secure solutions to collect and store data supporters enter into your donation page, digital waivers, and volunteer applications is a great first step.

In this guide, we’ll explore some of the ways your nonprofit can go the extra mile to ensure stringent data protection for its loyal supporters. Getting serious about their privacy can show that you value your supporters, prevent feelings of apathy or burnout, and boost retention. Let’s begin!

1. Replace paper with secure, digital forms

There are many reasons you may need to collect information from your donors and volunteers. For example, you might have to:

• Get payment and contact information when they donate.
• Ask them to sign a waiver before participating in a fundraising event or volunteer opportunity.
• Gather contact details, work experience, special interests, and more through volunteer application forms.
• Share feedback surveys to gauge how satisfied supporters are with your programs.
• Collect demographic and behavioral information to measure your impact, segment supporters, and personalize your communications.

In each of these scenarios, your nonprofit needs supporter data to complete its work or create better, more personalized experiences. Protect this data and foster trust with your members by switching to digital forms rather than paper ones.

For example, let’s say a volunteer is signing a digital waiver. They’ll complete the form on their mobile device or computer and submit it. From there, the waiver is automatically stored in a secure database, and all their sensitive information is encrypted. With paper documents, on the other hand, forms may be stored in unlocked file cabinets and could be mishandled at any time after submission. 

Making this technological leap is the first step to better data security—the next is choosing reputable software to steward and protect your data.

2. Use quality, specialized software

To effectively run your nonprofit, you’ll need a variety of tools and software, such as:

• A donor database or CRM
• Fundraising software
• Volunteer management software
• Data analytics solutions
• Communication platforms and marketing automation tools

Each of these systems stores data about your supporters, beneficiaries, and operations. To avoid potential leaks or attacks, make sure the software:

• Is tailored to your sector and needs. Different industries and organizations have varying security standards. For example, healthcare data is heavily regulated and protected by federal laws like HIPAA. Veterinary data, on the other hand, tends to have more relaxed standards. Choosing software designed for your field’s security needs will offer the level of protection you need.
• Encrypts data. Data encryption scrambles your data into code that can only be unlocked by those with the right access tools (e.g., a digital key or password). There are many types of encryption standards and protocols, but some are the most common to look for are the Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA).
• Has two-factor authentication. Two-factor authentication (2FA) requires users to enter two forms of identification. For example, they may enter their username and password as well as a code sent to their email or phone number.
• Offers access control. Access control limits who can access certain data. This means you can restrict access to sensitive information to only the staff members who need it to complete their roles.
• Regularly addresses vulnerabilities. Your software provider should regularly check for and patch any vulnerabilities in the system. This proactive approach will help prevent attacks from happening in the first place.

Additionally, be wary of solutions that claim to be free. As Smartwaiver’s guide to free software indicates, these solutions can be more vulnerable to security risks, have hidden costs, offer limited capabilities, and be unreliable. In the end, these issues could end up costing more than a higher quality, paid solution.

3. Train employees on data security best practices

Once you have a solid foundation of secure software, it’s time to ensure everyone who will handle your data understands data security best practices. You’ll need to train staff members on these best practices, just as you would instruct them on how to implement volunteer appreciation ideas or reach out to potential donors.

Identify the staff members who interact with supporter data and hold sessions to go over:

• Password management. Emphasize that staff should use strong, complex passwords that are difficult to guess. Set standards for choosing passwords (e.g., they must include a symbol, mix of capital and lowercase letters, etc.). Warn against password sharing and improperly storing passwords.
• Awareness of phishing scams. Educate staff on what phishing is and show them a few common scams. Consider having them practice responding to a phishing scam using your organization’s procedure.
• Device security. Walk through how employees should store and secure their devices, especially if you have a hybrid or remote work format. For example, have them set their laptop to automatically enter sleep mode after 30 minutes of no activity.
• How to handle and dispose of data. Explain how and when to properly share or encrypt data. Additionally, walk through the appropriate steps they’ll need to take to delete digital files and dispose of any physical data.
• Reporting and documentation. Establish clear procedures for reporting possible security incidents. Additionally, train them to follow relevant security standards (e.g., HIPAA) and accurately document their work.

As we’ve mentioned, data is extremely important to your nonprofit—it allows you to measure and communicate your impact, create tailored experiences, enhance your programs, and much more. But handling this data is a big responsibility. Arm your staff with the skills and knowledge they need to succeed.

4. Establish plans for possible incidents

Even if you take the proper preventative measures, there is still a chance that a data breach or attack could happen. It’s best to be prepared for this possibility so you can react quickly and calmly, limiting the damage of the incident. 

To do so, create an incident response plan that details:

• How to prepare against incidents.
• How to monitor for, detect, and analyze possible weaknesses or incidents.
• Instructions for containing and eradicating the threat.
• Ways to recover lost data, restore down or damaged systems, and communicate with impacted parties.
• The components required in a post-incident review and how to improve future policies to better prevent attacks.

Additionally, you’ll want to collaborate with a lawyer to discuss any legal implications. While every situation is different, you may want to add some guidance to the plan about communicating with your community of supporters about data security. For example, you might require staff to get any messages about incidents approved by leadership or a legal professional before sending them.

As Double the Donation indicates, one-third of the nonprofit workforce is comprised of volunteers—yet 62% of nonprofits struggle to recruit volunteers. This, coupled with declining revenue from donors, is all the more reason to steward and appreciate your existing supporters. 

Data breaches are a significant concern for consumers, and showing that you value your supporters’ privacy and financial security demonstrates a deep gratitude for their continued dedication to your cause.

About the Author

Logan Lewis
Content Coordinator
Smartwaiver

Logan Lewis is the Content Coordinator at Smartwaiver, the leading digital waiver service trusted by thousands of organizations around the world. At Smartwaiver, Logan helps educate clients on digital waivers and the technology that powers them. This empowers small businesses, nonprofits, and more to steward their organization and strengthen customer relationships.