Disable all preview features

How to Protect Your Personal Data

 
 
How to Protect Your Personal Data Header Image
Whenever you head to a charity’s website or decide to give a donation to the cause of your choice, you might be wondering what data the organization is gathering on your site visit and beyond, and how that affects you even after you’ve left their website. 
 
Data is very useful to the nonprofits you’re donating to, without majorly interfering with your visit to their website. While it might feel like they’re gathering too much (which might be true, keep reading to learn more), it allows them to give you a tailored experience that aligns with what you care about. Data also allows organizations to ensure that their programs and services are matching up with what their constituents enjoy or appreciate. 
 
With that being said, however, there may be situations, as we’ve seen with Facebook’s Cambridge Analytica scandal, when organizations use data that you thought was private or would be kept safe. Increasingly, we hear of media reports of personally identifiable information (PII) being stolen or misused. 
 
What’s Personally Identifiable Information (PII)?
 
The U.S. General Services Administration defines Personally Identifiable Information as “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” Your email, address, phone number, and social security number, among other things, all fall into this category.
 
So how can you make sure your data is protected throughout your giving experience?
 
Let’s first walk through web “cookies” -- mini files stored on your computer which link back to a specific website. This is where your previously-added shopping cart items sit, whether or not you’ve logged into a website, or information like your name, address, password, or credit card number. When you delete your cookies from your browser, your cookie history is deleted, meaning you have to re-sign into all of your accounts and your personally identifiable information is erased from these files. A pro-tip, if you’re concerned about websites gathering this data, is to clean your cookie history from your browser on a regular basis. 
 
Another important factor is whether or not the organization has a “Donor Privacy Policy.” (You can view Charity Navigator’s here). In addition to a standard “Terms of Use” and “Privacy Policy,” Donor Privacy Policies are an extra step that charities take to explicitly state how or when they will use data associated with your visits. For example, Charity Navigator states that “We will not sell, share or trade our donors' names or personal information with any other entity, nor send mailings to our donors on behalf of other organizations.”
 
Before giving to a charity or creating an account for the first time on a nonprofit’s website, make sure the organization has a Donor Privacy Policy, in addition to their Privacy Policy. If you’re not sure, check out the charity’s rating on Charity Navigator -- one of our Accountability & Transparency metrics is whether or not the organization has an easily accessible Donor Privacy Policy on their website. If the organization does not have a Donor Privacy Policy and you don’t want them to use your information, consider reaching out to the organization to see if they can not track your visit. Otherwise, consider donating to another charity with a similar mission that does have a Donor Privacy Policy. 
 
I’ve heard about the E.U.’s General Data Protection Regulation (GDPR). What does the May 25th deadline for implementation mean for me? 
 
In April 2016, the EU Parliament voted to “harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.” The EU also decided in this vote to begin enforcing their decision at the end of May in 2018. In the past few months, you’ve probably heard talk about what the GDPR regulations mean for American companies and nonprofits. Even if the company isn’t located in the EU but they serve EU-based individuals whose behavior is tracked, the organization is subject to follow the GDPR regulations for the individuals within the EU. Ultimately, most recommendations for US-based companies are to implement requests for expressed consent specific to GDPR-appropriate opt-in language. 
 
So, you might get requests from organizations or companies to opt-in to the expressed consent of sharing your data with the organization.
 
What steps should nonprofits be taking to protect my information? 
 
Nonprofits should always have a Donor Privacy Policy explicitly posted somewhere on their website, which should be accessible to you whenever you are on their website. If they work within the EU and you haven’t heard from them about their opt-in language, email them to see how the new regulations affect your data.
 
If you can’t find anything from the charity about protecting your data, and you have a concern about the potential for your data being misused, consider donating to an organization that has a Donor Privacy Policy and is working to keep your personal information safe. Check out the charity’s Charity Navigator rating to see whether or not they receive credit for having a Donor Privacy Policy, as well.
 

Join Our Mailing List

Join over 400,000 other informed givers and get updates on charity ratings, new features, hot topics, and tips for donating.