Is Your Organization’s Constituent Information Being Shared?
It’s generally understood that information in your constituent database — especially data such as giving history and social security numbers, is private. But do you know what happens when a trustee, who happens to be in sales, calls your data entry staff and asks for a list of names, addresses, and phone numbers of constituents within a specific ZIP code? Perhaps the data entry staff member wants to please the trustee, who is a major donor, and emails him a spreadsheet of 250+ constituents from your database.
Acceptable Use of Constituent Data
Organizations compile constituent information in a database for a variety of reasons in an effort to advance their missions. Data compiled may include biographical information (such as name, address, phone number, email address, spouse name, birth date, giving history, employment, relationships, volunteer activities, etc.). All this information is critical to the work of the development and marketing offices. Good database administration practices limit access to who can and cannot view, add, edit, or delete constituent information.
Additionally, constituent information may be shared with certain volunteers, including trustees, executive or program staff, auxiliary members, and event committee members, who actively participate in the resource development activities of the organization. Often when sharing lists, we emphasize the confidentiality of gift information, but we also need to go one step further.
According to the Association of Fundraising Professionals Code of Ethical Principles and Standards:
- Members shall not disclose privileged or confidential information to unauthorized parties, and
- Members shall adhere to the principle that all donor and prospect information created by, or on behalf of, an organization or a client is the property of that organization or client and shall not be transferred or utilized except on behalf of that organization or client.
Protecting Your Constituents’ Personal Information
What Should the Policy Include?
To further describe how confidentiality will be maintained, include a statement that outlines how and when information will be released. For example,
“To ensure the privacy of individuals, organizations, foundations, and corporations, constituent information will be released only after consent is obtained from the constituent. Exception is made only for the purposes of advancing the organization through resource development efforts that require constituent information to develop strategies and present gift proposals.”
Finally, clear procedures for what information will be released and when it will be released should be stated. Consider the following:
- Define what constituent information will be released, such as address, phone number, or email address.
- Describe the processes for managing third-party requests for information:
- Staff should explain the policy to the requestor.
- Staff should contact the constituent for whom information was requested, explain the policy, provide the identity of the requestor, and ask permission for release of information.
- Staff should contact requestor with approval or denial.
- Describe the processes for managing internal release of information for the purpose of advancing the organization’s resource development efforts:
- Constituent information will be made available on an as-needed basis to trustees, volunteers, or other staff.
- Information may include giving history as well as other information necessary to develop a strategy of cultivation, solicitation, and stewardship.
- Information released in this manner will be clearly marked as confidential.
- Those receiving the information will be verbally instructed that it is confidential and to be used only for the purpose of resource development for the organization.
Depending on your organization’s activities, you may also choose to include a statement that constituent information, in full or in part, will not be sold to individuals, businesses, or other parties under any circumstances.