Keeping Your Donor Data Safe: Best Practices for Raiser’s Edge™ SecurityMar 14, 2023
Donor trust and confidence is of utmost importance, so it is critical to have your Raiser’s Edge™ security in tip top shape. Nonprofit organizations process a lot of personal information and gift-related data for their donors. The ability for your organization to carry out its mission is due to the support of your board, volunteers, donors, and staff, and the protection of their personal information, identities, and giving histories must be taken seriously.
Access to Raiser’s Edge™
Let's dig into who should have access to the database, how they access Raiser’s Edge™, and what happens when someone leaves their position. The database is the repository for all donor and prospect information, including demographic data, giving histories, wealth information, payment methods, and confidential notes. Because of the nature of such information, Databasey recommends the following standards when it comes to access:
- Only employees and contractors will have access to Raiser’s Edge™.
- All employee and contractor access to Raiser’s Edge™ is subject to a confidentiality obligation, which is included in all employment/contractor agreements.
- A confidentiality clause is stated in every employee/contractor agreement, including those for part-time, non-exempt employees.
- All database users must enable Two Step Authentication.
- When employees leave or consulting engagements ends, the last day of Raiser’s Edge™ access is the day the employment/consultancy terminates or expires.
- When employees leave, their Raiser’s Edge™ user account is deactivated and not deleted. This is to maintain data integrity of information entered by that user.
When a database user turns in their notice, I change that person's rights so they cannot delete anything or export data from the database. Then, at the end of their last day, I deactivate their account.
Rights & Behaviors of Raiser’s Edge™ Users
Information about donors and donations should always be handled with respect and confidentiality. Employees, volunteers, and contractors should not be permitted to use this information for any purpose other than to carry out the services they are performing for the benefit of your organization. Here are some of our favorite standards regarding the rights and behaviors of users:
- All Raiser’s Edge™ users will be assigned a security group and that group will have varying rights to edit, view, add, and/or delete data. The security group will be assigned based on must-have database functionality.
- No lists or spreadsheets that contain donor names, contact information, and/or giving histories will be emailed without encryption.
- No lists or spreadsheet that contain donor names and/or giving histories will be housed on an outside computer or storage drive.
- Financial information, research profiles, and strategy notes for individual prospects and donors will be restricted to certain security groups. These groups are comprised of prospect researchers, major gift officers, leadership, and database admins.
- When entering notes, solicitors should enter information with the understanding that any information recorded could be seen by other database users. Solicitors should not include unprofessional, negative or disparaging details about the donor’s family, financial, personality, or other personal areas. Notes should contain 1) the who, what, when, and where; 2) results of the interaction; 3) pertinent facts learned that will deepen the relationship and move the gift toward fruition; and 4) next steps for strategic follow up.
- No credit card and/or banking information will be captured in notes or any other database field.
Nonprofits need a robust database to build and maintain a healthy fundraising program. By implementing access and usage standards, you can mitigate the risk. Additionally, it's good business to value and respect your stakeholders' data, both clients served and donors.