Using software designed for the management of non-profit donor data is one of the best ways to ensure that donor data remains secure says Denise Johnson, President of NPO Software. She recommends all non-profits invest in donor management software. Too often non-profits use an Access or Excel database to store donor information, While these particular programs are excellent for managing data, they aren’t necessarily as secure as a software program geared towards managing donor information.
“The data is worth protecting”, says Denise, she goes on to explain that donor software doesn’t have to be expensive and that there are several affordable donor management programs available.
Another way to keep data secure is to limit who has access to the data, both, as Courtney Baird, Development Manager with Med-Share, in a physical sense and an electronic sense. According to Courtney, “best practices include limiting staff access to information”. She goes on to further say, “It is really a need to know basis“. This helps eliminate accidental deletions or inappropriate use of donor data.
Electronically, donor management software allows users to customize security, granting rights to areas specific to user’s task. A perfect example is granting a supervisor all rights, but the person in charge of entering gifts can only enter gifts. In the physical sense, it is important that any hard copies of donor information are stored in locked file cabinets and key staff members should lock their offices when they are not in them.
Both Courtney and Denise agree that one staff member should be dedicated to opening the mail and that the checks should be logged and distributed immediately, never left in an unlocked drawer. There should also be a clear chain of succession, if the person responsible for opening the checks is absent there should be one staff member designated as the replacement.
Since many non profits have lots of visitors, volunteers and other guests it is important to store all hard copy records in locked file rooms and it is important to limit foot traffic to key areas.
Courtney believes it is a good idea to have a clearly defined process for receiving checks and other donor information. In the case of checks, they should be stamped and logged before being hand delivered to accounting. In addition, it is important to properly vett all employees and any outside companies such as web hosts that may come in contact with donor information. Shred or file in locked drawer any copies of checks made for development or accounting.
Another thing to consider is where the data is stored electronically. If it is stored on an in house server, the server should be well protected electronically with firewalls and frequent backups of data. It is important to limit the physical access to the server. If the server is offsite, make sure that the host is highly recommend, has a good security record and a set of policies and procedures in place for handling hack attempts. Don’t be afraid to ask hard questions of your host provider, ask about their encryption, and their liability if the database is hacked or breached.
Denise and Courtney both feel strongly that donor information is safest when it never leaves the non-profit, they believe selling or sharing the information with a third party puts the data at great risk. It is important, Denise explains, for the non-profit to have a clear policy about list sharing. All members of the organization should follow the policy. A few common sense steps can go a long way to keeping donor data secure.