Fundraising Well — October 2010
October 2010
Editor's Note

Organizations compile constituent information in a database for a variety of reasons in an effort to advance their missions. This information may be shared with certain members of the organization, including volunteers, trustees, executive or program staff, auxiliary members, and event committee members — which sometimes violates constituent privacy.

In this month's issue of Fundraising Well, Susan McLaughlin discusses the acceptable use of constituent data and the details of establishing a privacy policy so your organization can avoid situations where information is shared and constituent privacy is violated.

Printer Friendly

» Download the PDF
» View It Online

Table of Contents

» Editor's Note
» Protecting Your Constituents’ Personal Information
» Latest and Greatest

Introducing Friends Asking Amy

Friends Asking AmyWe are excited to welcome the newest addition to Blackbaud's family of blogs, This blog is geared toward nonprofit professionals who manage peer-to-peer fundraising events. While every organization is different, all of them have one thing in common: They're striving to do more with less. Development staff members are usually tasked with making each event more spectacular than the previous years’, but with no additional resources. was created as a resource and a source of inspiration for event fundraisers. Through this new blog, we’ll be sharing ideas and best practices organizations can implement into their events, answering visitor questions, and providing information on current trends we’re seeing in the marketplace. The goal of Friends Asking Amy is to create an interactive site where individuals can ask questions and get answers from nonprofit experts.

Check out today!

Go to top of page

Protecting Your Constituents’ Personal Information
By Susan U. McLaughlin, CFRE, Principal Consultant, Healthcare and Human Services, Blackbaud, Inc.

Is Your Organization’s Constituent Information Being Shared?

It’s generally understood that information in your constituent database — especially data such as giving history and social security numbers, is private. But do you know what happens when a trustee, who happens to be in sales, calls your data entry staff and asks for a list of names, addresses, and phone numbers of constituents within a specific ZIP code? Perhaps the data entry staff member wants to please the trustee, who is a major donor, and emails him a spreadsheet of 250+ constituents from your database.

This scenario happens more often than we probably know or would like to think. With a privacy policy that is communicated at all levels, your organization can avoid situations like this where information is shared and constituent privacy is violated.

Acceptable Use of Constituent Data

Organizations compile constituent information in a database for a variety of reasons in an effort to advance their missions. Data compiled may include biographical information (such as name, address, phone number, email address, spouse name, birth date, giving history, employment, relationships, volunteer activities, etc.). All this information is critical to the work of the development and marketing offices. Good database administration practices limit access to who can and cannot view, add, edit, or delete constituent information.

Additionally, constituent information may be shared with certain volunteers, including trustees, executive or program staff, auxiliary members, and event committee members, who actively participate in the resource development activities of the organization. Often when sharing lists, we emphasize the confidentiality of gift information, but we also need to go one step further.

According to the Association of Fundraising Professionals Code of Ethical Principles and Standards:

  • Members shall not disclose privileged or confidential information to unauthorized parties, and
  • Members shall adhere to the principle that all donor and prospect information created by, or on behalf of, an organization or a client is the property of that organization or client and shall not be transferred or utilized except on behalf of that organization or client.

To meet these ethical principles and standards, organizational leadership should consider implementing a constituent privacy policy.

Protecting Your Constituents’ Personal Information

A privacy policy provides development staff and volunteers with a clear guide and procedures for handling requests for constituent information. A policy will outline when constituent information may be released and provides context for appropriate requests and use.

What Should the Policy Include?

A privacy policy does not need to be complex. At its basis, it should include a simple statement that the organization protects the personal privacy of constituents by maintaining confidentiality of all constituent information.

To further describe how confidentiality will be maintained, include a statement that outlines how and when information will be released. For example,

“To ensure the privacy of individuals, organizations, foundations, and corporations, constituent information will be released only after consent is obtained from the constituent. Exception is made only for the purposes of advancing the organization through resource development efforts that require constituent information to develop strategies and present gift proposals.”

Finally, clear procedures for what information will be released and when it will be released should be stated. Consider the following:

  • Define what constituent information will be released, such as address, phone number, or email address.
  • Describe the processes for managing third-party requests for information:
    • Staff should explain the policy to the requestor.
    • Staff should contact the constituent for whom information was requested, explain the policy, provide the identity of the requestor, and ask permission for release of information.
    • Staff should contact requestor with approval or denial.
  • Describe the processes for managing internal release of information for the purpose of advancing the organization’s resource development efforts:
    • Constituent information will be made available on an as-needed basis to trustees, volunteers, or other staff.
    • Information may include giving history as well as other information necessary to develop a strategy of cultivation, solicitation, and stewardship.
    • Information released in this manner will be clearly marked as confidential.
    • Those receiving the information will be verbally instructed that it is confidential and to be used only for the purpose of resource development for the organization.

Depending on your organization’s activities, you may also choose to include a statement that constituent information, in full or in part, will not be sold to individuals, businesses, or other parties under any circumstances.


A privacy policy provides clear guidance to staff, trustees, and volunteers about acceptable use and dissemination of constituent information. Organizations that adopt such policies will be able to confidently reassure constituents that their private information is secure, and staff members can be confident that they are upholding the ethical principles and standards of the fundraising professional without fail.

Go to top of page

Latest and Greatest

Web Seminars

Now's the Time to Switch to The Raiser's Edge i
Come learn about the many reasons The Raiser’s Edge i can be your best defense during this economically challenging time.

November 2, 2:00 p.m. ET

The Raiser's Edge i for Membership Management
How can you ensure your relationships with your members continue to be all they can be? Join us to learn how The Raiser's Edge i can help you provide excellent service and build relationships with members that will last a lifetime.

November 9, 2:00 p.m. ET

November 16, 2:00 p.m. ET

In the News

Blackbaud Acquires NOZA, Inc.
Blackbaud has acquired California-based NOZA, Inc.™, an innovator in the emerging semantic search industry and creator of the world’s largest searchable database of philanthropic data.

Read the press release.

Postal Rate Hikes Rejected By Postal Regulatory Commission
The Postal Regulatory Commission (PRC) has rejected the United States Postal Service’s (USPS) request for an average 5.6-percent rate hike next year.

Read more about the decision.


New Class for Blackbaud Learn
In the newest online training class from Blackbaud Learn, Integrating The Raiser’s Edge and The Financial Edge, you’ll learn the purpose of defining a transaction code for Raiser’s Edge expenses, how to configure interface settings, how to link to Raiser’s Edge funds to debit and credit accounts in The Financial Edge, and how to identify the feature used to transfer gifts from The Raiser’s Edge to The Financial Edge. This class is designed for users with no experience integrating Blackbaud databases.

Find out more and sign up for this class today.