Whenever you head to a charity’s website or decide to give a donation to the cause of your choice, you might be wondering what data the organization is gathering on your site visit and beyond, and how that affects you even after you’ve left their website.
Data is very useful to the nonprofits you’re donating to, without majorly interfering with your visit to their website. While it might feel like they’re gathering too much (which might be true, keep reading to learn more), it allows them to give you a tailored experience that aligns with what you care about. Data also allows organizations to ensure that their programs and services are matching up with what their constituents enjoy or appreciate.
With that being said, however, there may be situations, as we’ve seen with Facebook’s Cambridge Analytica scandal, when organizations use data that you thought was private or would be kept safe. Increasingly, we hear of media reports of personally identifiable information (PII) being stolen or misused.
What’s Personally Identifiable Information (PII)?
The U.S. General Services Administration defines Personally Identifiable Information as “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” Your email, address, phone number, and social security number, among other things, all fall into this category.
So how can you make sure your data is protected throughout your giving experience?
Let’s first walk through web “cookies” -- mini files stored on your computer which link back to a specific website. This is where your previously-added shopping cart items sit, whether or not you’ve logged into a website, or information like your name, address, password, or credit card number. When you delete your cookies from your browser, your cookie history is deleted, meaning you have to re-sign into all of your accounts and your personally identifiable information is erased from these files. A pro-tip, if you’re concerned about websites gathering this data, is to clean your cookie history from your browser on a regular basis.
I’ve heard about the E.U.’s General Data Protection Regulation (GDPR). What does the May 25th deadline for implementation mean for me?
In April 2016, the EU Parliament voted to “harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.” The EU also decided in this vote to begin enforcing their decision at the end of May in 2018. In the past few months, you’ve probably heard talk about what the GDPR regulations mean for American companies and nonprofits. Even if the company isn’t located in the EU but they serve EU-based individuals whose behavior is tracked, the organization is subject to follow the GDPR regulations for the individuals within the EU. Ultimately, most recommendations for US-based companies are to implement requests for expressed consent specific to GDPR-appropriate opt-in language.
So, you might get requests from organizations or companies to opt-in to the expressed consent of sharing your data with the organization.
What steps should nonprofits be taking to protect my information?