How safe is your Donor Data?

Had just sent off a piece to our marketing department on data security when I received my invitation from the Institute of Fundraising Technology Group to attend their session on this very topic (Sign up here)- so seems this is an issue on a few people's minds. I had started my piece by describing a cartoon I saw in a national paper recently, which showed one commuter saying to another ‘I never buy the Times anymore – there’s always those secret papers to read on the train these days’.

I sometimes wonder if stories of data loss is like those shocking crime statistics, that when you investigate them a bit further, you find out it was always going on but just not reported in the same way. Surely, in the days before the Data Protection Act we were always leaving large volumes of personal data lying around in some form or other? Well, maybe so, but actually we were constrained by the technology. For my first ten years in this business, all our client data was stored in Oracle databases on Unix platforms. Its not easy to leave that kind of stuff around on the train.

However, data sticks with Excel spreadsheets are a totally different proposition, especially now Excel 2007 has the 64000 row limit removed. We should not be surprised by the spate of recent embarrassments. The MOD, the HMRC, and the DVLA have all been in the news for the wrong reasons - I dread the day when a national charity features in one of these stories because the knock on effect for donor confidence could be severe.

So how do we minimise the risk of that happening? The key is to ensure that users can access their data, and move it around without removing it from the network. Let’s look at some scenarios. If data needs to go outside the organisation, perhaps to a mailing house or database supplier, there are two safe routes – you can encrypt it using a tool such as Private Crypto before emailing it, or you can copy it to an FTP site with a secure user-friendly utility like Filezilla. If you need to use data at a branch for a local event or mailing, most database packages will allow browser-enabled access to your central database across the Internet. If you need to share a report which contains thousands of rows of name and address data, and you don’t have a database with easy remote access, or it is not appropriate to grant access to the target audience, why not upload it to a secure document sharing site such as Microsoft’s Windows Office Live which is a freely available cut down version of Sharepoint? The IT For Charities site also has a number Internet Resources for UK Charities which should give you a few more ideas.

Of course as with all IT issues, the management side is just as important as the technical aspect. Database packages now make it easy to export data to spreadsheets, and from there to data sticks. Guidelines should be clearly set then, so everyone understands that when dealing with large volumes of personal data, leave it on the network or the Internet where it can easily be secured, not on the train next to the MI5 secret papers!