Data Privacy and Security Considerations: Non-Profit Organizations in the Digital Era

In the digital era, non-profit organizations are increasingly reliant on data and technology to carry out their missions effectively. However, this also exposes them to various data privacy and security risks. It is pivotal for non-profits to prioritize data protection to maintain the trust of their donors, beneficiaries, and stakeholders. Here are some key considerations for data privacy and security:

Data Collection and Purpose Limitation: Non-profits should collect only the necessary data required to fulfill their objectives and clearly communicate the purpose of data collection to individuals. Avoid gathering excessive or irrelevant data that could potentially be misused or stolen.

Consent and Transparency: Obtain explicit consent from individuals before collecting their personal information. Provide transparent and easily accessible privacy policies detailing how data is handled, stored, and used.

Secure Data Storage: Ensure that all data, whether stored locally or in the cloud, is properly encrypted and protected against unauthorized access. Implement strong access controls and regularly update passwords.

Vendor Management: If third-party vendors handle any data on behalf of the non-profit, conduct thorough assessments of their security practices and ensure they comply with relevant data protection regulations.

Monitoring and Detection: Implement monitoring tools to detect unusual activities or security breaches in real-time. Quick detection can help prevent or mitigate potential damage. According to statistics from Surfshark, the United States experiences the most data breaches of any country. In 2021, 212.4 million users were affected (compared to 174.4 million in 2020). In second place was Iran, with 156.1 million breached users in 2021 (up from 1.4 million in 2020).

The CAN website is protected by world-class security tools and processes by its hosting partner, NTT Ltd. The system is hosted within a private cloud environment that is technically secure, compliant with all Federal laws regarding the privacy of personal information, and monitored 24/7/365 for any potential security breaches or irregularities.

NTT Ltd. delivers the CAN on a private cloud experience built to serve only CAN personnel and its authorized users. As with all private clouds, it is architected so that anyone attempting to gain access to the secure areas of the website should be blocked if they do not have proper login credentials.

The CAN cloud is maintained and provisioned only by the CAN personnel and the supporting hardware and network is dedicated to the CAN. This level of security, provided and managed by NTT Ltd., ensures peace of mind to anyone entering personal information or accessing any other type of material on the CAN website.

Remember that data privacy and security are ongoing processes. Non-profit organizations need to continuously review and update their practices to adapt to changing threats and regulations in the digital landscape. Taking these considerations seriously will not only protect sensitive information but also enhance the reputation and credibility of the non-profit in the eyes of its stakeholders.

By: Sydney Marks
www.canportal.org

Coordinated Assistance Network is proud to present The Momentum to Modernize Grant (M2M) M2M is intended to provide technology that produces transformational resources for nonprofit infrastructure, efforts to scale, and implementation support. CAN is granting 75 in-kind grants to organizations for “Black Level” CAN portal licensure. Click here to learn more about M2M.