Tips for Your Team
Executives should consider the tools and resources their teams will need to safely manage data. Considering that many data breaches occur out of sight, executives should provide resources to empower their staff to effectively understand and manage personal information. Start by considering these items:
• Determine which staff members are responsible for staying aware of high-level privacy matters, like changes in federal and state data regulations or the impacts of new technology. Whether it’s a department lead, database administrator, or board member, these individuals will need to ensure that changes at the legal level are reflected within your policies.
• Remember that your end users are frontline security staff. Depending on your needs and tech stack, you may have multiple staff members record data across multiple systems. You’ll want to ensure that staff responsible for data maintenance are equipped to understand and manage this information.
• Consider introducing cybersecurity and data management training to your team. Many software vendors offer free resources or trainings to support these functions, and they require minimal time on the part of staff. Whether it’s part of your onboarding or an annual event, ensure that this takes priority as part of your constituent experience.
• Plan for assets like a confidentiality statement. As you likely maintain a bevy of sensitive information, a confidentiality statement would specify the types of individuals required to maintain confidentiality (board members, staff, and some volunteers), the types of information to be kept confidential, and the length of time this information should remain confidential.
With the embrace of our current technological revolution, it should come as no surprise that changes in technology and legislation are headed our way. Organizations need to be aware of changes like California’s newly passed CCPA, and keep up with best practices that emerge around them.
Laws like the California Consumer Privacy Act, or CCPA, serve to protect residents with the right to know what personal data is being collected about them and whether this data is sold or disclosed to others. What’s more, it offers California residents the ability to opt out of the sale of their personal data. It remains to be seen how this could affect nonprofits, but as we know, changes in the private sector tend to make their way towards the social sector. To learn more about the CCPA, explore this information from the California legislature.
In addition to forthcoming legislation, you can support your team by keeping aware of the cultural transitions that data security is ushering in. Many organizations are pursuing tools like cyber insurance that protect their organization in the event of a data breach. This remains especially pertinent as future technologies like predictive intelligence fully automate user tasks and leverage social information to get a better understanding of our social networks. While these have the potential to make our work easier, we should be weary that we examine their use through the lens of privacy and stewardship, ensuring that the constituent drives our approach.