Data Privacy and Security—Classifying Data for Advancement

 

Data is a significant asset to your organization. It can provide a wealth of information about donors. A growing number of organizations are using data analytics to determine which supporters are most likely to make a significant gift or donate in response to their campaigns.

 

Data privacy is more important than ever before—especially in today’s digital economy—and organizations should review their data, privacy policies, and procedures. Here are different types of data privacy and security and how to classify data for advancement.

 

What is Confidential Data?

 

Any data or information that is protected by laws, regulations, or industry standards is considered confidential. Confidentiality is the need to strictly limit access to data to protect organizations and individuals from loss. Confidential data can also be defined as information that could cause harm to an individual or an organization if it is inappropriately accessed.

 

Data Privacy

 

Data privacy (information privacy) is a data security division that deals with the proper handling of data—more specifically, consent, notice, and regulatory obligations. Practical data privacy concerns are affected by several factors.

 

  • whether (or how) data is shared with third parties;
  • how information is legally collected or stored; and
  • regulatory restrictions

 

One important aspect of data privacy is transparency. Organizations must disclose how they request consent, abide by their privacy policies, and manage the data they’ve collected. Ask questions to understand your organization’s stance on data privacy.

 

  • What data is to be collected?
  • How long will it be kept, and does that comply with the laws?
  • Is there limited data access that is monitored, or is that data openly available?
  • What measures will be taken to protect data?
  • Is the planned use of the data aligned with why it was collected?

 

Data Security vs. Data Privacy

 

Simply keeping sensitive data secure may not be enough to comply with data privacy regulations. Data Security protects data from compromise, whereas data privacy governs how data is collected, shared, and used.

 

If you’ve worked to secure data—implementing encryption, restricting access, and overlapping monitoring systems—but your organization collected the data without proper consent, you could be violating data privacy regulations.

 

You can have data security without data privacy, but you cannot have data privacy without data security. Train employees to understand the difference. Include processes and procedures necessary to ensure the proper collection, sharing, and use of sensitive data as part of a data security portfolio.

 

Sensitive Data

 

Sensitive data is any information that needs to be protected—often dependent on the nature of the business conducted by an organization and, even more so, the responsible governing body.

 

What is Considered Sensitive Data?

 

The categories of sensitive data vary based on the privacy laws that apply to an organization.

 

For example, a healthcare organization will need to adhere to Health Insurance Portability and Accountability Act (HIPAA) privacy rules. In contrast, an educational institution will have to adhere to regulations such as the Family Educational Rights and Privacy Act (FERPA).

 

Sensitive data includes any information such as:

 

  • personal data, or data that can be used to identify an individual—including customer and employee data;
  • financial data such as bank account or credit card information; and
  • intellectual property or proprietary information such as software code.

 

Personal Data

 

Personal data, also known as Personally Identifiable Information (PII), is any information used to identify a specific individual. The protection of personal data has become increasingly important due to regulations that aim to protect individuals concerning their personal data processing. This has only become more prevalent as cyberattacks continue to evolve.

 

More frequently, organizations are being held responsible for how they process and secure sensitive data to prevent exposure and risk.

 

Cybersecurity Risk

 

Cybersecurity threats and data breaches have become the rule rather than an exception for organizations. Do you have data protection policies and the necessary procedures in place to guard against this threat?

 

Your organization must carefully handle sensitive data to avoid disclosure or data breach. The potential damage from a data breach goes beyond tarnishing your organization’s reputation. Your organization can be legally liable if you fail to comply with data privacy laws—which can come with exorbitant fines and penalties.

 

Protect sensitive data with cybersecurity best practices.

 

  1. Establish a data protection policy.
  2. Create a comprehensive and up-to-date inventory of sensitive data.
  3. Develop guidelines for assessing and maintaining privacy and confidentiality of data on all systems.
  4. Communicate your organization’s data security policies to staff members.

 

Go a step further and implement basic strategies for preventing data theft.

 

  1. Don’t open unsolicited email attachments or unknown files.
  2. Educate staff to identify and prevent phishing.
  3. Require strong passwords for each employee, and insist they are changed regularly.
  4. Establish processes to monitor your network for suspicious behavior.

 

Using Data for Advancement

 

Collected data is only valuable if it’s used for a purpose. One of the most popular uses of organizational data is for development. You can’t control people’s ability to give—but you can control how you use data to make decisions regarding your advancement.

 

Revamp your advancement strategy to focus on assessing your most connected donors and how you have engaged them.

 

Gauge donor giving capacity. Analyze alumni data and external sources, such as tax filings, home values, and other assets—then assign “wealth scores.” Once you’ve assembled data or scores on wealth and involvement, have staff members work on your top and bottom groups separately.

 

Look for differences. Organizations should record more than just donations in their fundraising databases. Review data to see which events your supporters attend, whether they volunteer or serve on committees, and how they give to other charities.

 

Identify loyal donors. The traits and behaviors that predict who is most likely to give a significant gift vary. Use data to identify loyal donors, even if their contributions aren’t substantial gifts.