Welcome to Charity Navigator's Blog!

The team from Charity Navigator, the nation's largest independent charity evaluator and leading donor advocate, shares their thoughts on emerging nonprofit-sector issues and offers tips to better inform your intelligent giving decisions.

Monday, May 22, 2017

Charity Navigator Metric Mondays #15: Donor Privacy Policy

Charity Navigator metric monday accountability transparency metric donor privacy policy
This Charity Navigator Metric Monday covers an important Accountability & Transparency metric: Donor Privacy Policy.

Donors have expressed extreme concern about the use of their personal information by charities and the desire to have this information kept confidential. The exchanging and sale of lists for telemarketing and the mass distribution of “junk mail,” among other things, can be minimized if the charity assures the privacy of its donors.

In order to receive full credit for having a strict privacy policy, a charity must have a written donor privacy policy published on its website, which states unambiguously that (1) it will not trade, share or sell a donor’s personal information with anyone else, nor send donor mailings on behalf of other organizations OR (2) it will only share or sell personal information once the donor has given the charity specific permission to do so.

In order for a policy to meet our criteria, ALL of the following criteria must be met:
  • The privacy policy must be specific to donor information - a general website policy (which references ‘visitor’ or ‘user’ personal information) will not suffice.
  • The policy must address that the organization does not sell or share donor information.
  • A policy that refers just to donor information collected on the website is also not sufficient; the policy must be comprehensive and applicable to both online and offline donors.
  • If the policy lists specific types of donor information, language must include both email and physical addresses, as well as phone numbers. A blanket term such as “personal information” or “any information” is satisfactory.
It is also possible for an organization to receive partial credit for an opt-out policy. In these situations, the charity has a written privacy policy published on its website which enables donors to tell the charity to remove their names and contact information from mailing lists the charity shares or sells.

To receive partial credit for an opt-out policy, the policy must be specific to donor information, applicable to both online and offline donors, and cover how all personal information is shared or sold. How a donor can have themselves removed from a mailing list differs from one charity to the next, but any and all opt-out policies require donors to take a specific action to protect their privacy.

2 comments:

SeanRmsy said...

Has this always been the criterium of Charity Navigator or is this a recent change? If so, when did the change take effect AND what is the best ways in which to be informed of these changes prior to them being adopted?

Sara Nason said...

Hi Sean,

Great question! Charity Navigator has always included the Donor Privacy Policy as a part of our Accountability & Transparency ("A&T") evaluation. The full A&T dimension of our rating was added to the already-existing financial analysis in 2011. In early 2015, we made some slight adjustments and clarifications to what needs to be in the donor privacy policy in order for an organization to get credit for that metric. We emailed all of our rated charities directly at the time to notify them about the change.