FundSvcs Community

 View Only

  • 1.  Question regarding sharing alumni demographic information

    Posted 23 days ago

    Not really sure where to post this question.  Can anyone share a policy of sharing demographic information with faculty?  We have faculty that are asking us to send on a regular basis alumni in their major demographics (address, email, phone). However, I personally reluctant to do this because we don't know what they are doing with the data.  I wanted to see what other colleges do with this.  



    ------------------------------
    Aimee Beavers
    Hartwick College
    gifts@hartwick.edu
    ------------------------------


  • 2.  RE: Question regarding sharing alumni demographic information

    Posted 23 days ago
    Aimee, I think what is needed (if it doesn't exist) is a formal College "Data Acquisition and Use Policy." Every employee and volunteer (including Board members) should annually acknowledge this policy to receive access to any CRM-stored data.

    When I draft these for clients, I always include the following at the beginning of the policy:

    • Data collected and maintained by XYZ employees, volunteers, or consultants is considered institutional data. XYZ retains ownership of all institutional data, and each authorized user of XYZ data is responsible and accountable for its proper and authorized use.

    ·         Using donor data for purposes other than Advancement and internal fundraising activities, especially for commercial or political reasons, is strictly forbidden.

    ·         Information maintained as part of an official XYZ record should be viewed only by authorized XYZ employees and representatives (including select volunteers) who need it to perform legitimate XYZ business.

    ·         XYZ employees and volunteers who access or use donor data should remember that the full range of information collected on any living or deceased individual may be subpoenaed, subject to a court order or warrant, or entered into a court record. Therefore, caution must be exercised when drafting any document, such as a contact report, that will be stored electronically or on paper and could be disclosed if legally required.

    I also include this section regarding volunteer access:

    1.      Data Access & Use by Volunteers

    ·         Volunteers may receive hard copies of information from files, including edited research reports, only when released through authorized Advancement staff. Materials shared with and used by volunteers supporting Advancement must be collected by XYZ personnel and destroyed. Under no circumstances should non-employees (i.e., volunteers) keep possession of confidential work products, pass the material to other employees or volunteers, or copy it in any format.

    ·         Volunteers may be granted read-only access to the Advancement/Donor database once they agree to follow these donor privacy guidelines and complete the required training.


    The policy goes on to discuss the differences between public, private, and confidential information; donor rights to opt out; data transfer and storage; anonymity, etc.

    Then, on the signature page of the policy, there's this statement:

    By signing this document, I acknowledge that I have read and understood this statement – XYZ: Data Acquisition and Use Policy – and that I agree to follow the principles it promotes. I also understand that failing to comply with these directives could lead to immediate removal from my duties and could expose me to personal legal liability.

    I hope this is useful.


    John H. Taylor, Principal
    John H. Taylor Consulting, LLC
    2604 Sevier Street
    Durham, NC     27705

    919.816.5903 (cell/text)

    Serving the Advancement Community Since 1987




    Original Message


  • 3.  RE: Question regarding sharing alumni demographic information

    Posted 16 days ago

    Hi Aimee,

    Additionally, it's a good idea to conduct a risk assessment of the likelihood of a data breach (with examples, like a faculty member emailing a file of alumni info to the wrong person or storing it on a device that is then stolen), document the findings of that assessment and map out a breach response plan so you have it in the event of disaster happening. Your org should already have a breach plan for data in general but having a particular one for this data sharing activity could be helpful.

    You'll also want to update your privacy policy/notice to include that you share limited alumni data with faculty and explain how alumni can opt out of this.

    Hope this is helpful.

    Amy



    ------------------------------
    Amy Daultrey
    Software Services Consultant
    Speaker on privacy law
    amy@amydaultrey.com
    ------------------------------

    Original Message


Related Content