Protecting Constituent Data in Case of the Worst
I first wrote this as a LinkedIn article on inauguration day. Against that backdrop, many of the nonprofit professionals I know are worried about what the new administration will mean for the nonprofit sector. Concerns include personal safety, threats to nonprofit status, financial stability, and more. Cybersecurity is also keeping people awake at night, with social engineering and phishing scams becoming more sophisticated and damaging than ever before. And then there are the fires, hurricanes, and pandemics.
I’m not writing this to terrify you.
Rather, I hope to propose a few practical things that even small organizations without a lot of technical knowledge could do to reduce their risks. Here are some ideas.
Collect only the data you really need
Over the past 20 years, folks considered it advantageous to collect as much data as possible about constituents. The rationale was as follows:
If we have a lot of data, we can use that to serve people better by personalizing programs and outreach.
If we have a lot of data, we can learn what works and what doesn’t, becoming more effective and efficient.
Most people–including me–weren’t attuned to the downsides of all this data collection: intake processes that re-traumatize participants, bloated databases and the accompanying costs, and the harm that could happen should this data fall into the wrong hands.
This year, consider systematically going through the types of data you collect and asking some questions. Do we really need this data? Does collecting it harm or jeopardize our constituents in any way? Are we protecting it sufficiently?
Which brings me to the next idea: data protection.
Follow best practices for protecting your data
There are well-established practices for protecting data from unauthorized access and loss, and you don’t need a huge budget or a tremendous amount of technical expertise to follow them. Keep data in secure cloud storage (e.g. Google Drive, SharePoint, or a reputable database solution). Follow good password practices and learn how to spot phishing scams. To take it one step further, talk to an IT professional about how you could, when necessary, lock and wipe organizational data from devices such as personal laptops or phones. Do a security audit that checks for compliance with your policies.
Give a copy to a trusted ally
It’s unlikely, but what if you somehow lose access to your data, despite your best efforts? Maybe your office becomes physically inaccessible, cybercriminals hold your data for ransom, or government officials seize your organization’s assets pending an investigation. Like giving a key to the neighbor in case you get locked out, it can be helpful to share a copy of key information with someone you trust.
The simplest solution might be to identify which data is absolutely essential, put it on a password-protected thumb drive, and give it to a colleague to store in their sock drawer. On this thumb drive, you could also include a copy of your disaster recovery plan. (Sure, there are more sophisticated solutions, but I’m trying to focus on what’s quick and easy for small nonprofits.)
Create a self-destruct protocol if necessary
Think about the folks you work with. If the data you store about them was compromised, would they suffer serious harm? If that is the case, then as a last resort, you’ll want a way to swiftly delete all of your data about them.
Unfortunately, there’s no self-destruct button to instantly wipe all of your data, so I would suggest a cheat sheet that summarizes the steps (and makes it clear this is irreversible). Here are a few things that might be on it.
Delete user accounts, emails, groups, shared drives, collaboration data (e.g. from Teams), and personal drives for your file share/productivity software.
Wipe devices remotely.
Empty the trash.
Delete your Google Workspace or Microsoft 365 account and disable access (to prevent restoration).
If your CRM or other web-based software allows bulk data deletion, delete all data including attachments, then cancel the account.
Disconnect integrations.
Contact providers and ask them to immediately delete their backup copies.
Now take a deep breath
That last part was scary. But what’s even scarier is ignoring the risks and being unprepared. And to be prepared, I think nonprofits (and foundations!) have to work together. Beyond volunteering to keep a copy of our colleague’s essential data, we can support each other by candidly sharing what’s happening and what’s working, by urging software providers to protect our data and offer a straightforward deletion process when necessary, and by easing up on the amount of data we request from each other.
I have more curiosity than expertise in this area, so please help me sharpen my thinking by posting your thoughts in the comments.
