As we started 2020, our Jan.9th blog predicted that Privacy was one of the key trends nonprofits needed to focus on to protect donor trust. We discussed that like any other relationship, nonprofits can strengthen their connection with donors or members by effectively communicating in a way that’s meaningful and personalized for them. And while technology is now making it easier and cheaper to connect all the information donors are providing across different online and offline channels to do so – it is not without some significant risks. All of this additional donor data means organizations need to have a proactive plan in place to ensure they build in data security and privacy protections to retain donor trust. In 2020 we felt marketing teams need to revisit their consumer data practices and ask questions such as :
- Are we gathering new data, transferring data, etc. Where is the information being stored? Have we informed the individual of our processes and intent? Are we using it for anything we didn’t originally communicate or intend to?
This has become critically important as donors are now hyper-sensitive to the privacy gaps surrounding their personal data and trust in NFP organizations is declining. This summer a host of major Canadian charities including Universities, Hospitals, and Community organizations sent out a flurry of emails to donors to let them know Blackbaud had discovered a ransomware attack and had paid the cybercriminals. Months later it advised its many non-profit customers of the issue and I personally received an alarming number of emails from a diverse array of organizations within a week. Widespread media coverage, such as this article about the Heart and Stroke Foundation’s notice, also urged donors to be wary. This is in addition to news sources reporting breaches from companies such as Koodo Mobile, Marriott, Nintendo, LifeLabs, Canva, Desjardins, Facebook, Microsoft and more.
The total costs of data breaches continue to rise and is expected to be $6.35 million in 2020. IBM’s “Cost of Data Breach Report 2020” reported that 42% of Canadian data breaches were caused by malicious attacks, 35% from a system glitch, and 23% from human error. The report also noted that the average time to identify a data breach was 168 days and that the average time to contain a data breach was 58 days.
There have also been reports that an increase in data breaches is correlated with COVID-19 forcing many people to work from home, where laptop security might not be as effective, and attackers focus on employee accounts and cloud computing. So as more nonprofits go through a digital transformation process due to COVID-19 impacts, it is critical to consider training, policies and processes that can reduce the risk your organization will have a breach