While nonprofits understand the importance of data privacy, they don’t necessarily have access to the same resources that enterprises and for-profit businesses do. Most people in the nonprofit field must wear multiple hats as opposed to having just one person dedicated to a data security role, and nonprofit budgets are often limited. So, how can nonprofit organizations keep their data secure? They must become educated about regulations and resources, and they must also take advantage of cybersecurity resources that provide guidance and best practices.
Stay Educated on Regulations and Resources
Though they may have limited resources and staff, it is still important for nonprofit organizations to stay educated on new and existing privacy laws and regulations, while making sure they are still under budget and in line with long-term strategies. Modernizing cybersecurity processes is one way to do this, as it is more efficient and cost-effective in the long run.
With the CCPA and other new regulations, more and more donors and consumers are becoming aware of what their rights are and taking advantage of this. This is especially true during COVID-19, as cybercriminals are becoming more active, resulting in the need for stricter data security overall. However, the survey previously mentioned showed that 57 percent of nonprofits do not have a documented process in place for allowing customers to access, delete, or rectify their information, and 53 percent have had requests in the last year by customers to do so. Therefore, it’s becoming more crucial for nonprofits to ensure they are prepared for these kinds of requests, as consumers are starting to take a more active role with their data.
Take Advantage of Cybersecurity Resources
If nonprofit organizations feel overwhelmed by regulations, there are plenty of resources to guide them. For example, my company, FormAssembly, follows the National Institute of Standards and Technology (NIST) cybersecurity framework. Nonprofits should take advantage of resources like this, and they should also talk with data partners or legal counsel to make sure they are taking the necessary steps to protect their data.
Because of these new regulations, nonprofit organizations must also understand that donors’ expectations will change as well. This is where transparency comes into play. As regulations are allowing customers to have more access to how their data is being used, nonprofits must be transparent with their donors and have clear disclosures and open conversations around data privacy. Being transparent not only leads to increased accountability, but it also helps ease donors' minds on how their data is being handled and makes them feel more comfortable throughout the donation process. Transparency also keeps donors up to date on the organization's level of security. Each organization should be prepared to answer requests for greater access, control, and insight into how their data is being collected and used.
As nonprofit organizations take more steps toward improved data security during the COVID-19 crisis and beyond, they are protecting themselves and their donors against costly data breach risks. By becoming more aware of what regulations they must follow and what resources they have at their disposal, nonprofit organizations are less likely to become exposed to enforcement risk for breaking data protection laws. Ultimately, by following these regulations and utilizing various resources, nonprofits will save themselves time and money, while also maintaining the organization’s reputation and trust with donors, staff and volunteers.
Samantha Mestwarp, Account Executive, FormAssembly