Keeping Your Constituent Data Secure


Question: The more I hear and read about companies losing their customer's data, the more worried I get that I'm not doing enough to secure my constituent data. What can I do to make sure my data is secure?

Answer:
You are taking the important first step by thinking about data security! Data security is something you should be concerned about for all data, especially personal information of campers, donors, parents, etc. There are some simple steps you can take to ensure the data is safe.

If you use an online database like DPO, be sure they have processes and technology in place to safeguard your data. Your vendor's data security efforts should be documented on their website
(for example, http://www.donorperfect.com/fundraising-software/online-fundraising-security.asp), or available if you request it.

Also, most systems will allow you to create multiple users with various access to the data. Creating users for each staff member, temp, or volunteer with the appropriate access to the data
is a good way to manage how much they can view and edit in the database. For example, in DPO, multiple (non-concurrent) users can be set up for free. Their access can be defined in the Security section of DPO.

It is important to change the passwords for each user ID as staff and volunteers move on; it is too easy for people to gain access to the databases if passwords are not changed. And more secure passwords ("strong passwords") for constituent data are recommended; this includes using a mixture of 3 of these 4 types of characters: upper-case letters, lower-case letters, numbers, and symbols.

Even if you are using a simple spreadsheet to track donors and alumni currently, the spreadsheet can be password-protected. Of course, it is also important that these passwords are remembered!

Finally, data must not only be secure, but also backed up. Be sure you are backing up your constituent data on a regular basis. Let us know if you have any questions about good backup procedures or tools.