January 2020; BizTech
In the first six months of 2019, 4.1 billion personal records were compromised by data breaches. Businesses from a variety of industries were targeted, including nonprofits.
In February 2019, one of the largest nonprofits in western New York discovered a data breach that may have exposed the medical information of up to 1,000 current and former clients. By infiltrating an employee email account, an unidentified hacker was able to access clients’ names, addresses, Social Security numbers, financial data, medical information, health insurance details, and government IDs.
Small organizations can be at just as much risk. In fact, smaller organizations will sometimes have fewer data security measures in place, making them more vulnerable to attacks.
Breaches can lead to large fines and a loss of trust by an organization’s community and donors that could take years to overcome. So, what can nonprofits do to protect themselves from data breaches? They need to make a plan before their data is compromised.
A good place to start is by ensuring compliance with new laws intended to protect data. The largest example is the European Union’s General Data Protection Regulations (GDPR), which went into effect in 2018. While the law protects the data of EU citizens, even nonprofits operating outside the EU could benefit from implementing best practices outlined in the GDPR.
This month, the California Consumer Privacy Act (CCPA) will take effect, making California the first state to implement a statewide data privacy law. The act requires companies to disclose to California customers what data they’ve collected on them, the source of the data, how they’re using it, and what third parties have access to the data. Customers will have the right to require a business to delete their data and to opt out of having their data sold or shared with third parties.
To ensure they’re protected, nonprofits can audit their current data collection methods and implement protocols that build a culture of protecting data throughout the organization. They can invest in technology that monitors data collection systems and detects suspicious activity.
By planning for the worst, nonprofits can protect their reputations, the donors who support them, and the people they serve.—Julie Euber