Top Ten List for Keeping Your Donor Information Secure

Top Ten List for Keeping Your Donor Information Secure


By David Allen, Development for Conservation


Before I get into this week’s topic, let me quickly remind you that I am gathering 5-year-value data on new members again this year. I will report on what I learn in the next few weeks. If you are willing to participate, here’s what I need from you:

  • Isolate the members and donors you have who made a first gift to your organization at some point – any point – during the calendar year 2014.
  • Now add up everything that group has given to your organization – as a group – since then.
  • Send those two numbers to me – the number of donors and the total amount they have given. The email address is David (at) DevelopmentForConservation (dot) com.


*     *     *     *     *     *     *


I find the best stuff when I am looking for something else. Isn’t that always the way it is?

Last week, I was looking for sample confidentiality agreements, and I ran across a write-up on best practices for keeping your donor information secure.

And then I went looking for other information on the topic. Here’s what I learned and what I’ll share here as a Top Ten List:

  1. The first and most obvious best practice is to keep physical stuff behind locks and keys. Do you have donor information on your server? Is the server locked away? Do you have paper donor files? Are they in a locked file cabinet, or better yet in a locked cabinet behind a locked door?
  2. The second most obvious is the electronic locks – AKA passwords. Are you changing your passwords regularly – meaning on an intentional schedule? There doesn’t seem to be any general agreement about how often, but everyone recommends that the period be intentional. This means that you know right now the next time your passwords will be changed. It is scheduled. Also, does every user have a unique password? And are they also changed on a regular basis? Do you have regular office conversations about cybersecurity (like not opening attachments from senders you don’t recognize)?
  3. Keep a list of everyone with access to your data and keep a list of access that they actually have. This even includes consultants! Most donor software offers different levels of access to the data (permissions), beginning with Read Only. Some levels allow you to see gifts but not activity, or vice versa. Some allow you to enter data but not to delete it. Some levels allow you to run specific reports, run all reports, or run no reports at all. You know the levels your software allows. Are you using them? Is your user list regularly reviewed?
  4. When someone leaves staff, you take their keys, right? You should also take their electronic access. The problem is tracking it. This is the other side of the coin mentioned above. In addition to having a list of people with access to donor information, you should also have a list of the access to information that each person has. This now explicitly includes mobile access. When someone leaves staff, there should be a checklist of electronic things to which they need to be disconnected. And that checklist should not be created as they are leaving!

And while I’m right there, you should think about this especially when someone leaves under adverse circumstances. Being able to efficiently shut off access to information may save headaches from those who would cause intentional problems for you.

  1. Don’t store credit card or bank account information on one of your computers or online. Use a third-party on-line merchant like Network for Good, or PayPal. You can actually have that third-party develop a webpage that looks exactly like yours so it isn’t quite as obvious, but having that added level of protection is still vitally important.
  2. Be careful what you include in email and text messages. Never include credit card or banking information. You can always delete the email or texts on your devices, but you have no real idea where else it lives. It’s better to talk on the phone than to email sensitive information.
  3. Color code your paper donor file folders, if you use them. When I worked for TNC, we used purple. Any purple file anywhere in the office was always a donor file. And donor files should never be left out in the open when you’re not there. Before you leave each night, look around. Are there donor files that should be put away?

Be careful what you put in paper donor files, too. Don’t put credit card and/or banking information in your donor files. And don’t put embarrassing stuff in there either (this includes notes you keep electronically). Put it this way, noting that someone’s favorite gin is Tanqueray is probably OK. Noting that they were stumbling drunk at the Annual Gala is probably not.

  1. Design your response cards and forms so that the credit card information is easy to tear off and shred without having to shred the rest of the form.
  2. And then actually do it, of course. If you don’t have a shredder, get one. And use it to dispose of any paper with donor information on it that you don’t intend to keep. Even address and other contact information.
  3. If you distribute paper copies of donor profiles or gift lists at meetings – at Board meetings, for example, or to conduct screening exercises – make sure you gather back all the copies at the end of the meeting. If someone at the meeting wants to come into the office to continue viewing it, that’s fine, but as a general rule, don’t let them carry it home. If someone you trust does carry sensitive information away from the meeting to continue working on it, make a note to yourself to collect it later. I have made it a practice never to mail such lists, I would rather hand deliver it and then pick it up later in person.

Oh, and by the way: Anyone with access to your donor information should sign a Confidentiality Agreement every year to keep the seriousness of the issue top-of-mind.

That’s how I got started on all this in the first place.


OK – your turn. What have I missed here? Does your land trust employ a best practice on donor information security that you can share?


Cheers, and Have a great week!




PS: The source for the original piece I found was an online tool-kit resource from Capital Campaign Masters

PPS: I chose the photo because this is the way my driveway looked all week.


Photo by Nick Le courtesy of

Share this!
  • Heidi Habeger
    Posted at 10:24h, 12 February

    Good morning, David. Thanks for reminding us about this important topic. When we credited our Privacy Policy last year, we wanted to be more transparent than most. Seems fitting for the times we live in. In our policy we cover donor info, not just website and email stuff. The policy can be found on our website here – (the link is in the bottom/footer of our website). Please let me know if you have any comments on what we’ve outlined. We do follow what you’ve outlined above, although we could do better on changing passwords – I’ll work on that.

    • David Allen
      Posted at 10:30h, 12 February

      Good resource. Thanks for sharing it here. I’m sure others can benefit from your trailblazing.