Welcome to The Explorer

The Premier Online Knowledge Base for Information and
Statistics About Social Good

Browse The Explorer

Fundraising Privacy

Fundraisers spend a great deal of time evaluating whether their donor journey makes it as easy as possible for supporters to give. And yet, we forget to consider that the easier it is to give, the easier it is to compromise sensitive financial information. Today’s focus on data privacy provides a unique opportunity for fundraisers to meaningfully explore the links between philanthropy and data security.

Credit Card Data

Information about financial transactions is a highly protected form of constituent data. If compromised, it could not only affect an individual’s personal security and finances, but outwardly spread to impact processing entities, banks, and credit card issuers. In response, major credit card merchants created the Payment Card Industry Digital Security Standard, or PCI DSS. This is a set of minimum-security standards for online and commercial retailers with best practices for storing sensitive transaction information.

As organizations that partner with vendors and merchants to enable giving by credit card, PCI standards naturally extend themselves to nonprofits. Though most vendors already implement PCI standards, it’s essential that fundraisers understand the rationales leading us to protect financial data, and organizations should research their vendor’s degree of compliance with PCI DSS. For organizations using multiple systems to process credit card data, vendor due diligence ensures that no donation revenue is lost due to security shortcomings.



In addition to credit card data, your organization holds a variety of financial transaction information, and you likely offer a variety of donation methods. While some might give cash or checks, others might bequeath you major gifts, assets, stocks, or in-kind gifts. The variety of these gifts underscores the need to critically examine how you store, manage, and maintain sensitive financial information. At this point in the game, most organizations have transferred over to using cloud-based software platforms to manage donor files. Constituent relationship management, or CRM systems, house all your data in one place.

Organizations should be able to place a high degree of trust in their chosen software provider. You should thoroughly research the privacy settings available in the platform, checking for factors like PCI compliance, automatic data backups, and built-in restrictions that use verification tools to confirm and save your work. In tandem with your tech stack, you’ll want to ensure that in-kind as well as cash or checks are safely stored. Whether you deposit these immediately or store them in-house prior, you’ll want to be prepared to process as many types of donations as you enable your supporters to give.


Prospect Data

Prospect research is a valued discipline used by many organizations to learn more about the personal, professional, and wealth backgrounds of current and prospective donors. Combining internal information, like event attendance history, with publicly available information like real estate holdings or net worth, informs organizations of who they should engage and how to estimate prospective gift asks.
As prospect research often relies on personal, often publicly available information, professionals should use ethical standards to frame their work. Any collection of information should be modeled after the types of relationships that organizations want to develop with constituents, with prospect researchers solely seeking out information that will enhance a relationship with potential supporters. Whether you conduct your research in-house or seek outside help, you might consider aligning your methodology with a statement of ethnics. Apra, the professional association for the prospect development community, has even developed a guide to the ethnical collection of information. Read more on Apra’s Statement of Ethics.