Blog

Jamie Alexander
  • linkedin
  • twitter
  • facebook

Make data-driven decisions

Data privacy—a 101 for fundraisers


Data has been in the news a lot lately—and there’s no debating its power. We all know that companies have become so advanced at mining individuals' data that, in the worst cases, we now have fake news and allegedly swayed elections. Europe has even gone so far as to implement the General Data Protection Act (GDPR), which goes into effect May 25th, 2018 to protect personal privacy and curb ill-intended uses of personal data.

But we all need individuals’ data to run our businesses effectively, and most of us don’t have bad intentions. In the case of your nonprofit, collecting and using individual data allows you to get the funds you need to provide your service to the community and enhance the greater public good.

How do you make sure that your use of data for fundraising campaigns is compliant, legal, and ethical? We know the amount of information on this subject can be overwhelming, so we’ve compiled some tips and resources that you can use to make sure your data practices are sound.

Know the rules of the (data) trade

You probably already know about CAN-SPAM Act for email (here are the FTC’s guidelines for a refresher). And then there’s the Electronic Communications Privacy Act, which many say is outdated. But you might be less familiar with all the new privacy policies and rules for advertisers that the social networks and other companies are putting together in response to the Cambridge Analytica scandal—check them out:

  • Facebook’s new privacy policies. While organic reach of Facebook business pages is declining, the platform is still the largest social network. Fundraisers and marketers should know the changes that Facebook has made in the wake of the election scandal. The Daily Carnage (which you should be reading if you aren’t already) put together a great summary of the changes.

    Also, before running an ad for your organization on Facebook, be sure to read its ad policies  thoroughly and pay special attention to the Data Use Restrictions section. If you are running ads that aren’t compliant you risk being banned as an advertiser, and Facebook makes it difficult to regain advertiser permissions.

    Instagram, as part of Facebook, follows these guidelines too. You can find additional information on Instagram’s privacy policy here.

  • Twitter’s new privacy policies. Most of the recent focus may have been on Facebook, but Twitter has a new policy, too. This CNET article will help you interpret it. There is a lot of information, but here are the two takeaways we believe are most important to know: 1) When collecting information, advertisers must describe how their data will be used. 2) Landing pages on which users will be submitting confidential or private information must be on a secure server.

  • LinkedIn’s new privacy policies. Even such seemingly benign sites as LinkedIn have updated their policy in the face of Facebook’s scandal. Here’s the new policy.

Here are some other rules for managing your data safely:

  • Ensure that any webpage used to collect data is on a HTTPS connection, NOT an HTTP connection.
  • Use secure methods whenever transferring this data (i.e. not over email). 
  • Protect all collected and stored data in your CRM to ensure this information is not compromised.
  • Do not sell or rent out your list, unless you explicitly tell your subscribers that you will be doing so for a partnership, collaboration, or other reason.
Be aware of GDPR

Oh yes, GDPR. You’ve heard of it, but either you’re not quite sure what it is or you don’t know if you should be concerned about it (after all, your organization is not in Europe). Yes, you need to be concerned about it. If you…

  • Have any contacts in Europe in your database
  • Have campaigns that target people in Europe
  • Have frequent visitors on your website from Europe

…you could be fined up to 4% of your global revenue for violating it.

The biggest take-away is that you need an individual’s consent before collecting and using their data. The law applies only in Europe, but it’s a good practice to use anyway (see the next section on permission marketing). Here is a great resource on guidelines to consent.

Here are some other resources to read up on the GDPR:

Get familiar with Permission Marketing

Or, in the case of nonprofits, you can think of this as “Permission Fundraising”. This is a term coined by marketing guru Seth Godin in Permission Marketing: Turning Strangers into Friends, and Friends into Customers. Actually, the best I’ve heard the GDPR described is by Seth Godin: “On the twentieth anniversary of Permission Marketing, the EU has decided to write the basic principles of that book into law.” If you follow the guidelines of Permission Marketing, you likely will already be in compliance with GDPR and other data policies recently put in place.

The basic idea is that, instead of “Interruption Marketing” (TV ads, newspaper ads, SPAM emails, and more), our fundraising communications should be providing value to potential customers who have already “raised their hand” and expressed interest in our organizations. Our own Steven Roth, of JCA Arts Marketing, explains this concept more in his Ask Me Anything post about Permission Marketing.

What are best practices in getting someone’s permission to market to them?

  • Have a clear and transparent privacy policy explaining how you use the data your organization collects.
  • Be clear in opt-in, subscription, and contact forms on exactly what the signee is signing up. (For instance, if a person fills out a form about a volunteer opportunity, this doesn’t mean you can use their information for all of your fundraising emails unless you ask.)
  • Focus on generating prime content that has value to your prospects—content that people seek out and ask for more.

What do you do after you get their permission?

  • Deliver on your promise: only use an individual’s information for the purposes they have agreed to. You should only use their data for what you have outlined in your privacy policy. Fill your content with paths that guide people toward the action you want them to take.
  • Shop in your own closet. Utilize your existing contact or donor base.

Guess what? Permission Marketing works, too. Wait until you see your email rates when you’re sending emails to people who actually want to hear from you.

So there you have it—easy resources to legal, compliant, and ethical data usage in 2018. Good luck out there! And remember—data can and should be used for good!

If you need more help on how to manage and use your data—contact us. We can help you enrich your data, too!

Data Enrichment Services