Philanthropy and Giving Insights





How To Keep Your Donor’s Information Safe


Data security is a common concern these days. When people enter their payment information online, they want to be sure that it is safe and protected from theft. But as data breaches become more and more commonplace, many individuals are growing worried that organizations aren’t taking the necessary steps to ensure information isn’t stolen. And when large brands like Marriot experience huge breaches, it further erodes the trust people have in institutions they know.


Marriott was apart of a large scale hack that devastated their reputation and stole the sensitive personal information of millions of their loyal customers. In 2014, Marriott acquired Starwood group, which is in charge of hotel operations for well-regarded chains like Westin, Sheraton, and W Hotels.At the end of November 2018, the Marriott group disclosed that the company was subject to a huge data breach, resulting in an estimated 500 million customers being affected. The majority of victims—320 million—had combinations of name, address, email, gender, and passport information stolen.


What was shocking to learn about this breach was how long it was taking place before authorities were involved. The hackers breached Marriott’s database 4 years ago. For years, the hackers were working on ways to get past encryptions and collect data—and no one noticed!


While it’s obviously concerning that hackers could have such unrestricted access to your data, many nonprofits don’t have robust security measures in place or a plan should a breach occur. Companies that experience data breaches are subject to plummeting levels of trust from consumers, and nonprofits are even more vulnerable—donors take the money they give very seriously. If your organization is the reason for their information being stolen, they aren’t likely to give again. And, since you aren’t selling a product or service they need, they often have less incentive to work past that distrust.


Here at CharityGiving, we’ve written about data security problems before. It’s important to get an ssl certificate for your website, install firewalls, limit staff access, encrypt your database, and use up-to-date software. One additional step nonprofits should take, however, is creating a plan should a breach occur.


Sit down with key staff members and think through how you would handle a breach. Staff members should know about the precautions you are taking. They should know how to identify a breach, who needs to be told about it, and how to notify your donors. Hopefully you never have to use this plan—but if you do, there are few things worse than being unprepared for how to communicate to your donors. There are several things you should consider when you put this plan together.

 

 1. Communicate early and truthfully


One of the biggest mistakes organizations make when disclosing data breaches is waiting. Taking too much time before revealing the error makes it look like you were trying to cover it up, and it gives hackers more time to use the information they’ve stolen without the knowledge of your donors.

 

 2. Don’t make claims you’ll have to take back


Don’t downplay a breach dishonestly. If you claim it was smaller than it was, the worst thing you could  do is return to your donors with worse news. Be direct and clear about what happened, and make sure you have all the information.

 

 3. Apologize


Having your personal information stolen is an incredibly vulnerable experience, often leaving people feeling violated and afraid. Express regret for what happened and make sure that the tone of your communication and the attitude of your staff is sincere.

 

 4. Think legal


Since data breaches can include some legal liability, be careful how you phrase your communication. Accepting blame can open you up to greater legal repercussions—try to connect with someone who can advise you legally on what not to say.

 

 5. Offer a way out


If possible, find a way to offer help to those affected by the breach. Consider seeking out a partner organization who helps people in these situations to provide counsel and to answer questions. It will go a long way to calm people’s nerves, and will stand out as move of integrity in a crisis.


While keeping these in mind can help reduce the negative impact of a data breach, it’s obviously much better to never have one. Thankfully, there are tools out there that will help you keep your donor’s information secure, like OneClick Donation®. Created to make life easy for the donor, OneClick Donation allows users to make a donation online efficiently.


Donors input their cell phone number when filling out a donation form. After this, they are sent a secure code to their phone, which they enter into the form. The donor is the only person who has the ability to approve and authorize a payment due to the incorporation of two-factor authentication. The unique code grants access to a secure digital vault where the donor’s credit information is stored—rather than just entering the credit card information into multiple sites and increase their vulnerability.


And if someone tried to steal their information? A hacker would not be able to process a transaction without the donor receiving a text to their phone about a donation.


OneClick Donation® is truly one of the only hacker-safe donation platforms with strong measures in place to ensure that donors’ information is practically untouchable by hackers. The donor’s information is stored securely in the Credit Card Company Vault, which reduces risk of card information being accessed by the wrong people and helps eliminate transaction fraud. This level of security keeps your donors safe—and prevents you from ever having to use that data breach communications plan.