Monday, May 22, 2017

Metric Mondays #15: Donor Privacy Policy

This Metric Monday covers an important Accountability & Transparency metric: Donor Privacy Policy.

Donors have expressed extreme concern about the use of their personal information by charities and the desire to have this information kept confidential. The exchanging and sale of lists for telemarketing and the mass distribution of “junk mail,” among other things, can be minimized if the charity assures the privacy of its donors.

In order to receive full credit for having a strict privacy policy, a charity must have a written donor privacy policy published on its website, which states unambiguously that (1) it will not trade, share or sell a donor’s personal information with anyone else, nor send donor mailings on behalf of other organizations OR (2) it will only share or sell personal information once the donor has given the charity specific permission to do so.

In order for a policy to meet our criteria, ALL of the following criteria must be met:
  • The privacy policy must be specific to donor information - a general website policy (which references ‘visitor’ or ‘user’ personal information) will not suffice.
  • The policy must address that the organization does not sell or share donor information.
  • A policy that refers just to donor information collected on the website is also not sufficient; the policy must be comprehensive and applicable to both online and offline donors.
  • If the policy lists specific types of donor information, language must include both email and physical addresses, as well as phone numbers. A blanket term such as “personal information” or “any information” is satisfactory.
It is also possible for an organization to receive partial credit for an opt-out policy. In these situations, the charity has a written privacy policy published on its website which enables donors to tell the charity to remove their names and contact information from mailing lists the charity shares or sells.

To receive partial credit for an opt-out policy, the policy must be specific to donor information, applicable to both online and offline donors, and cover how all personal information is shared or sold. How a donor can have themselves removed from a mailing list differs from one charity to the next, but any and all opt-out policies require donors to take a specific action to protect their privacy.

No comments: