It is time for a fundamental shift in how we collect, manage, and protect data. In recent years, the non-profit sector has become more adept with the practices of digital marketing, social media, and social listening; even merging these technologies with our constituent relationship management (CRM) platforms. Organizations are collecting and storing more information than ever to inform better marketing, fundraising, advocacy and stewardship efforts.
The benefits of these practices are great, but the sector is also seeing the risks and dangers associated with careless data use and protection practices. The most prominent risks are in the form of violating new data protection regulations. In Canada, we saw the early shifts happening in this space with the introduction of the Canadian Anti-Spam Legislation (CASL) in 2014, and most recently we’ve seen it on the international stage with the EU’s General Data Protection Regulations (GDPR).
Combine these with recent scandals like Cambridge Analytica’s misuse of sensitive personal data from 87 million+ Facebook users, and high-profile data breaches in organizations like Equifax, it’s safe to say we’re at a critical moment in time when it comes to data use and protection.
With this, our sector has an opportunity to evaluate current practices and reach for a higher standard, one that reflects a more equitable relationship with those whose data we collect. Here are steps you can take today to improve your practices:
1. Evaluate all current platforms being used in your organization to collect and store constituent data.
A typical organization may have a CRM to manage and store donor information and history, a digital marketing team or partner who is managing campaigns online, and in some cases using methods like social listening to gather insights to build marketing strategies.
Each of these is an entry and/or storage points for sensitive user data, and having a full understanding of these paths and how they are being managed and secured is an essential measure to ensure your practices are responsible.
Conducting an internal audit of these platforms, security measures in place, and the methods being used to collect data is an important first step to take in improving practices. This should be led by an internally appointed Data Protection Officer (DPO) and reviewed on an annual basis at a minimum.
2. Create and/or update an external policy to be transparent with constituent about your data use and protection practices.
Radical transparency requires us to be aware of the data we collect, have a reasonable, legitimate use for that data, and to actively inform our supporters of those practices. Being radically transparent with your supporters on where you gather information, how you use it and why is one of the best ways you can gain their trust in an area where they would otherwise be apprehensive.
As an outcome of your data audit, consider revisiting your privacy policy. Does it make sense to you? Does it reflect your actual practices? Consider where that privacy policy is made available and make adjustments with professional support. Be sure that you are always providing a clear opportunity for supporters to be aware of, and opt-out of these practices.
3. Practice ethical data use all-year round and challenge your peers and partners to do the same.
It’s easy to let this slip in our day-to-day, but with this topic growing and evolving across all sectors. In fact, what do you do if you outsource components of your digital program with partners or agencies? This may mean reaching out to partners and suppliers to help increase internal knowledge and expertise in this area (try asking what all those “marketing pixels” installed on your website actually do). It’s reasonable to seek help navigating these issues, and your partners should be accommodating in bringing you up to speed with how your systems are configured.
While we wait for our governments to catch up in regulating this area effectively, it’s on us as a sector to maintain trust from our constituents and respect their information so we can continue to fulfill our fundraising and engagement goals. At Grassriots, we’re committed to doing better. We have begun working with our clients and partners in the sector to build a new code of ethics for digital marketing, one that represents best practices but also respects an individual’s right to privacy and data protection.
Ryan Baillargeon is the Founder and CEO of Grassriots Inc., an evolving team of creative, strategic and digitally-minded experts advancing the missions of non-profit organizations. Together, the team works toward building a stronger, more effective industry of change. As a developer and technologist, Ryan has led digital strategy for numerous campaigns with issues ranging from cancer control, modern slavery, wildlife protection, and climate justice. Ryan launched Grassriots with a mission to challenge organizations to embrace digital transformation and learn to access the human capital potential of their supporters to drive social change.