How Nonprofits Can Take Better Care of Donors' Personal Information

By Jori Hamilton, Guest Author


When donors decide to make gifts to a nonprofit organization, they need to feel safe and secure. They’re making an investment in your cause, but they’re also putting their personal information in your hands.

Even major corporations have had struggles in the past with data loss and cybersecurity issues. So, what can your nonprofit do to protect that information and take care of donors’ personal data?

Let’s cover a few steps you can take to mitigate these privacy concerns. By prioritizing this type of safety, you’ll give your donors a sense of security and safeguard your charity from cybercrimes that could end up causing a lot of damage.

1. Establish a Privacy Policy

Almost every business that asks for customer information has some type of privacy policy in place. Your nonprofit should be no different. When you’re able to be transparent with your donors about what their information is being used for and why you won’t share it, they’re more likely to feel comfortable offering up personal data.

Your privacy policy will look different depending on the type of information you ask for and how it’s used. However, it gives donors the choice to decide whether you can use their data in the future or not. They might not want to be included in email blasts or future events, and they might not want the public to know they’ve made a donation. A good policy covers all of it.

Not sure what your donor policy should include? Again, it will contain a lot of specifics about your organization, but there are a few key components to keep in mind as you develop a data collection policy, including:

  • Explaining how the data will be used
  • Explaining who will see it
  • Describing how your organization collects and why
  • Giving donors an “opt-out” option

Finally, your policy should describe any security measures you have in place to keep your donors’ information safe. By sharing these measures in your policy, it will give your donors more comfort in signing, knowing you’re doing everything you can to safeguard their data. Personalization is important when you’re trying to establish a relationship with donors. However, there’s a fine line between personalization and privacy, and it’s essential not to cross it. Giving your donors control over how their data is used is a good place to start.

2. Decide Which Data to Keep

Sometimes, you might not end up needing all of the data you collect. Or, it might be “outdated” quickly. Not all data is relevant forever, and cleaning out your collection from time to time will not only keep everyone safer, but it will help you to stay more organized.

When you’re trying to decide which data to keep, identify the purposes it could fill. If you’re holding onto information that will no longer help your organization, let it go and make sure you get rid of it safely and securely.

From there, consider what data needs to be kept. What has potential reuse purposes? Which pieces of information have long-term value? By breaking down your data into “need/want” categories, you’ll be able to hang onto important information that could benefit your organization later on.

As you do get rid of data, make sure it’s wiped out completely. For hard copies of things, invest in a shredder and have a strict policy about shredding any documents that identify donor information after a certain period of time.

If you’re dealing with digital data, make sure to delete everything from your computers and hard drives, including backup files that could be accessed by cybercriminals.

3. Protect Yourself From Data Breaches

Unfortunately, thanks to changing technology and cyber criminals doing whatever they can to “break in” to different databases, it’s nearly impossible to completely protect yourself from data breaches. However, there are plenty of things you can do to put more safeguards in place and reduce the likelihood of a breach.

When your donors know you have these measures in place, they’re more likely to feel secure making donations and providing information.

To protect personal information online, use some of the following strategies:

  • Stay updated with the latest in cyber security programming
  • Encrypt user data
  • Test for any weak spots or vulnerabilities
  • Minimize data availability

It’s also important to have a plan in place if a breach ever does occur. While you might not like to think about it, it’s better to be able to take action right away, and it’s important that your donors understand that plan of action so they know what to expect if their data is leaked. Transparency is essential. One of the best ways to create that kind of recovery strategy is by using a problem-solving flowchart.

Creating a flowchart will let you easily identify the problem, brainstorm solutions, and implement them as necessary.


As a nonprofit, you have a lot on your plate when it comes to collecting donor information. The last thing you want is for it to become compromised in any way. Keep these ideas in mind to take better care of donors’ personal information, and establish trusting relationships so you can count on repeat donations for years to come.

{link_name} handles all validations and customer service for TechSoup Canada customers. Visit {link_name}arrow