Your nonprofit might not be in the midst of a data breach crisis, but did you ever ask about what your charitable organization's responsibility when it comes to a data breach?
Your nonprofit might not be in the midst of a crisis, but did you ever ask the question about what your charitable organization’s responsibility when it comes to a ?
Nonprofits, like many businesses, have private information stored on their donors and possibly clients and employees. Securing the data is as important as any other duty.
There are several charities that allow their donors to donate electronics, e.g. computers and cell phones. Both hold private information. How are they being handled? Are volunteers handling them? Are you giving them away with the original hard drive or data still in them?
One thing a nonprofit needs to be very careful of is data privacy breaches.
Many computers are donated with personal information to organizations that have viruses or other malware. Malware that can allow unauthorized access. Because of this and the concern of data leakage, all hard drives and data devices should be shredded for data security.
Don’t trust ‘erased hard drives. They will not erase all personal data. I’ve heard so many cases where the hard drive was supposed to be erased and data secured and the data was still retrievable. It’s true, it takes up to seven hours to wipe a hard drive clean of sensitive information. I am sure that is why so many second-hand hard drives are peppered with personal information. You are in charge of your own data protection. Don’t take that chance. Know data privacy law and your liability.
If your charity received electronic donations, what is the process?
When computers are received, is there a policy in place that will protect private information? Often when computers and cell phones pile up,( as they often do) they are sold to the highest bidder. Do you keep your information encrypted? If no encryption protection is installed, then where does your information end up? Some will be recycled, but the definition of ‘ recycling’ is vague at most. Are they recycled in a third-world company? Did the bidders/buyers extract the copper and then trashed the rest into the waterways? It’s important to take security measures and know where the cell phones end up.
Know who you are working with.
Know who you are working with. Look closely at your procedure of taking in and donating electronics. Insist on a Transfer of Responsibility and Certificate of Destruction.
Think about it; a computer isn’t much good without a hard drive and software. You have to ask yourself, is it worth putting in a new hard drive and software in the 3 to 4-year-old computer? Sometimes it is and sometimes it’s not.
To answer the outstanding question, ‘yes’, as a charitable organization you could be sued for data breaches. Do yourself and Mother Nature a favor. Find a reputable electronic recycler and protect your organization and the people associated with it. Your donors deserve privacy and basic security measures.
Security breaches and ransomware attacks are getting to be common problems. You may not be able to protect yourself from ever getting a cyberattack but you can take measures to reduce the chances. Data backup is one way to help the privacy of your customers and donors alike.
Check with your attorney to make sure you are compliant with the local and federal laws and make sure your sensitive data is protected.
