In January 2015, the Huffington Post published an article on 32 Data Breaches Larger Than Sony’s in the Past Year. Data hacks have become so common that people can be very wary of who gets their data, especially with reports about how donor data can be breached or cases of identity theft from online donations.
Many governments the world over have enacted legislation to protect personal information, and, while these mostly apply to “commercial activities,” nonprofits have to pay attention. Since “with big data comes big responsibility”, safeguarding your donor information must come with the data territory.
Because of these issues, you may think that you need a huge data center to keep your information secure. Or you may doubt that you have the technology to handle security issues. However, you don’t have to let these responsibility barriers prevent you from working with data. And you can avoid letting misconceptions about data security make you wary.
Let’s look at four ways you can surmount these barriers with some basic tactics and precautions.
Look to the sky
A popular misconception is that anything stored on remote Internet servers is more at risk of a data breach, but this isn’t necessarily true.
As TechSoup explains, “If all your data lives on a local server in your office, or the C: drive on your computer, and you have no other backup system, you’re not in a good position to secure anything.”
In addition, Idealware came up with environmental threats, unauthorized users, technical failures, and malware as other potential threats, all of which can be much higher on individual computers.
The reality is that any time your data is on a computer, it’s open to risk.
So weigh the pros and cons of each scenario—keeping data “in-house” or “on-cloud”—to make sure your data-ship as tight as possible.
Get your James Bond on
You can never go wrong by collecting data with the flair of a secret agent–which means you just have to collect it intelligently.
For example, unless you are a bank, credit organization, or medical provider, then you probably don’t need social insurance numbers, past work experience, medical information, and driver’s license numbers.
Overall, a good rule of thumb is simply to have a good reason for the data that you are collecting.
In fact, a very easy-to-follow list can be found in the Protecting Personal Information workbook for nonprofits from the Government of Alberta.
Simply create a table with three columns: Activity, Personal Information, and Purpose.
If you can’t “match” your data with a purpose, than you don’t need the data.
You can’t get much smarter than that.
Follow mom’s advice
Just like you want your own information to be handled wisely, your donors want you to take great care with their data. Taking care can be boiled down to good-old, straight-from-mom, common-sense precautions:
- Lock paper data in drawers or cabinets
- Password-protect all computers
- Make sure your network has adequate encryption
- Use fax cover sheets
- Add confidentiality notices to email (or encrypt your messages)
- Get consent before getting information
These steps are pretty simple, but in the daily grind, it’s easy to forget mom’s sage advice. This is when having standard data handling protocols and standards as part of your data culture come into play.
Give your data the Mr. Clean treatment
Scrubbing non-essential personal identifiers gives you and your donors peace of mind.
In fact, Datassist worked on a great project called the Gender and Work Database for which safeguarding privacy was a big issue. This database lets international researchers and policymakers look at labor data from a variety of different perspectives. So we used a “Mr. Clean” approach to build an interface that lets users manipulate individual level data, but they only see aggregate and privacy-protected data.
What this project shows is that you can provide privacy and data protection, while accomplishing an in-depth analysis of the individual data.
And the great news is that you don’t need complex systems to clean your data.
In fact, some common data scrubbing tactics that protect individual data include:1
- Data masking, such as removing names and addresses from an Excel sheet.
- Pseudonymisation: identifying information with a code
- Reducing information precision: instead of an exact age, use an age group
- Aggregation: add people as numbers to a group
- Avoiding cross-tabulations (combining separate variables into one table; often used for survey data)
These are the simplest ways to keep your data safe, but other automated tools that you can consider include:
Strike a balance
When it comes to data security, you can easily become either too nonchalant or overly paranoid. You can find a healthy middle ground by conducting a simple privacy audit, creating a data security policy, and asking key questions to keep sensitive data safe.
Next up is part 5 in our 6-part series: 5 Super Simple Approaches to Start Down the Data Path.
- The first four items on the list come from the Office of the Information Commissioner, Queensland. Dataset publication and de-idenfication techniques. Accessed May 21, 2015.
Privacy resource round-up
- The Government of Alberta’s Non-Profit Privacy Worksheet
- Blackbaud’s Protecting Your Constituents Personal Information
- NTEN’s Questions Every Nonprofit Should Ask About Sensitive Data
…So take time right now to:
- Sign up for monthly data science and visualization resources.
- Check out this recently published book that features Datassist work,
- Take a look at some of the work we have done.
- Friend us on Facebook for a personal connection with what we do.
- Follow us on Twitter for the latest news.
- Get inspired with us on Pinterest.[/dismissable_alert]