When was the last time you did an inventory of what data you collect about your volunteers and/or donors, how you use it, how you store it and when you delete it?
Here’s two reasons why this process is important:
- It’s required for responsible data custodianship. Your volunteers and/or donors are trusting you to manage their data using current best practises. Current is an important word here as acceptable practices in data management change over time and sometimes it’s tough to keep up.
- The emphasis placed on it through legislation is likely to grow. Europe’s General Data Protection Regulation (GDPR), imposes strict rules on how data is collected, used, retained and destroyed. It applies to nonprofits, governments and businesses equally and fines for noncompliance are hefty. The UK is continuing to apply the same regulations through its own post-Brexit version of the GDPR. Some states in the USA are updating their laws in similar manners and in November 2020, Canada’s federal government introduced legislation known as the Consumer Privacy Protection Act (“CPPA”), the first major overhaul of Canada’s privacy law rules on the private sector since the Personal Information Protection and Electronic Documents Act (“PIPEDA”) came into force in April 2000.
Key questions to ask yourself
- Do we really need to collect and store all of these bits of data? It’s a simple question but I’ve seen many organizations asking application questions that are no longer relevant to them.
- Do we collect data only at the point in time we need it?
- Do we delete data once we no longer need it?
- Are volunteers and/or donors aware of the data we store, where we store it, who has access to it and what we do with it?
- Is our data encrypted at rest (while on the server) and in transit (over the internet)? This prevents hackers from getting anything legible even if they get a hold of your database.
Let’s look at just a few common pieces of information that are collected about volunteers for example and how you might want to reconsider your approach to their collection, retention and deletion. While certainly not a comprehensive list, it will give you enough of an idea of what to consider in your own organization.
Emergency Contact Information
- Collecting - This appears on many volunteer application forms but based on the principal of collecting data only at the point at which we need it, it should not. Some volunteers never make it through the intake process and as such, this is holding personal data unnecessarily. A better time to collect this is when they are actually accepted as a volunteer.
- Verifying – If you currently record emergency contact information for your volunteers, when was the last time your volunteers reviewed it? There is no point holding on to inaccurate data.
- Deleting – There are reasons to hold on to some volunteer information after they are no longer a volunteer, but given that you’ll never need to reach out to an emergency contact, this should be deleted at this stage.
- Collecting - Ask only when the volunteer has become accepted. (Could this ever be interpreted as an application form question that could be used as a basis for discrimination.)
- Deleting - Once you hand over the T-shirt.
- Collecting - Ask only when you get to the stage where you would like to contact references.
- Deleting - As soon as you reach the point where you will never have to refer to them again.
While you might think it may take too much time to keep up with this, any good volunteer management software should help make this easy, especially compared with Excel or paper. Ask about this when exploring new software options.
Are you seeking a better way to save time, money and mitigate risk? Learn about Better Impact's Top-Rated Volunteer Management Solution