Your nonprofit might not be in the midst of a data breach crisis, but did you ever ask the question about what your charitable organization’s responsibility is when it comes to a data breach?
Nonprofits, like many businesses have private information stored on their donors and possibly clients and employees. Securing the data is as important as any other duty.
There are several charities that allow their donors to donate electronics, e.g. computers and cell phones. Both hold private information. How are they being handled? Are volunteers handling them. Are you giving them away with the original hard drive or data still in them?
One thing a nonprofit need to be very careful of is data breaches.
Many computers are donated to organizations that have viruses or other malware in them. Because of this and concern of data leakage, all hard drives and data devices should be shredded for security.
Don’t trust ‘erased hard drives’. I’ve heard so many cases where the hard drive was supposed to be erased and the data was still retrievable. Grant it, it takes up to seven hours to wipe a hard drive clean. I am sure that is why so many second hand hard drives are peppered with personal information. Don’t take that chance.
If your charity received electronic donations, what is the process?
When computers are received, is there a policy in place? Often when computers and cell phone pile up,( and they often do) they are sold to the highest bidder. Then where are they end up? Some will be recycled, but the definition of ‘recycling’ is vague at most. Are they recycled in a third world company? Did the bidders/buyers extract the copper and then trashed the rest?
Know who you are working with.
Know who you are working with. Look closely at your procedure of taking in and donating electronics. Insist on aTransfer of Responsibility and Certificate of Data Destruction.
Think about it; a computer isn’t much good without a hard drive and software. You have to ask yourself, is it worth putting in a new hard drive and software in the 3 to 4 year old computer? Sometimes it is and sometime it’s not.
To answer the outstanding question, ‘yes’, as a charitable organization you could be sued for data breaches. Do yourself and Mother Nature a favor. Find a reputable electronic recycler and protect your organization and the people associated with it.