Q&A: Donor privacy policies for nonprofit staff and boards

When donors give, they trust your nonprofit organization with private information such as their phone number, email, home address, and payment details. While most supporters expect this information to be used by your nonprofit, they may not know how many people at your organization need access or for what reasons. This is why it’s important to create a donor privacy policy that protects your supporters’ information. 

Privacy policies allow both donors and members of your team to understand the parameters of using donor data. Once you’ve developed your privacy policy, share it with donors and inform them that you may use their information to send follow-up communications such as thank-you letters, surveys, event updates, or solicitations.

Let’s explore the benefits of donor privacy policies by reviewing an example of when a nonprofit used a privacy policy to determine how board members could use donor information. 

Question: How do I maintain donor privacy while strengthening donor relationships? 

Many nonprofit professionals have questions about how to maintain donor privacy when multiple people need to access their information. Take a look at one example of a question from the Community Foundation's executive director: 

Please help! Our small community foundation has great board members willing to help us reach out to donors, past and prospective, but six board members also serve on a local college fundraising board that’s in active campaign mode.

Here’s the issue: A few of these folks keep asking me for a donor list with all contact data, the stated purpose for which is to help us thank our donors.

They’re all solid and honest people, but I don’t want to put our donors’ private information at risk by giving them our donor list. These board members might forget where they met or learned about a donor and unintentionally give their information to the college’s very well-staffed development team.

Do you have any advice about how to engage these board members in strengthening our donor relationships without giving up our information?

—Executive Director (ED), Community Foundation

Answer: Create donor privacy policies to guide outreach 

Create a general privacy policy for your internal use, then upload a donor version to your website and other communication materials. Formalizing your donor privacy policies will depersonalize situations like this and set respectful, healthy boundaries for board members and donors. 

Because of your board members’ overlapping duties, it may be tricky to have them directly email donors. However, you can encourage them to create an individual donor thank-you video or write and sign a personalized letter that your staff can send to donors. 

To minimize sharing sensitive information with these board members, have a staff member create a short summary including the donor’s first name, the amount they gave, and what cause or campaign their donation supported. This way, the donor thank-you messages remain genuine and personal without sacrificing donor data privacy. 

What to include in your donor privacy policy

A general privacy policy should cover contact and profile information of donor prospects and other supporters, such as volunteers. A supporter profile may include their donation records, communication preferences, event attendance, and volunteer hours. 

This sensitive data—contact information and insights on how they interact with your organization—enables your nonprofit organization to shape your communication plans to be more effective and relevant. The more data you have about your community members and prospective donors, the more likely you are to succeed in engaging them, as long as you handle the data with care. 

How to use your donor privacy policy to instill trust

A donor privacy policy protects your donors and instills confidence in your prospects. Create a version of your general privacy policy that specifically addresses donors. Consider making assurances to donors such as:

• We will not sell, trade, or share personal information collected on our website or through any other channels with anyone else.
• We will only share your information if you give us specific permission to do so.
• We will use payment information and billing addresses only to process donations or complete event registrations.
• We will use personal information to protect against potential fraud.
• You have the right to review information that we have collected about you.

The trust you build as you commit to a thorough, respectful privacy policy enables your organization to source the data that sharpens your insights, strengthens your relationships, and motivates more of the actions you need. 

Communicating the importance of donor privacy

You may need your nonprofit board’s approval to put these policies into place. Be direct and explain how honoring donor privacy in this situation is beneficial to both your organization and your donors. After all, your board members’ ultimate goal is to strengthen donor relationships and further your nonprofit’s purpose.