Privacy grows into a hot nonprofit topic.For Gods Love We Deliver (GLWD GLWD God's Love We Deliver (New York City non-profit organization) ) in New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. , donor and prospective donor privacy is something that is taken very seriously. It's an issue that impacts nonprofits in both direct mail and online. "When we acquire a new donor, we give them the opportunity to chose not to receive any more solicitations from us," said Thomas Daubert, manager of marketing and communications for GLWD. He is also the president of the Direct Marketing Fundraisers Association in New York City. "We honor any donor's request not to exchange the information that we have on file about them," Daubert said. Privacy is a hot button issue for nonprofits, whether the contact is by mail, telephone, over the Internet, inperson or from a special event. THE NONPROFIT TIMES first featured the topic in the January 2000 issue. The information age has been hurtling forward since and so have privacy concerns and laws. Here's what's happened since that first story. Donors have become more aware of the issue. "When we first started our Web site, we had a very basic privacy policy notice. But because of the concern of our donors and emerging technology we recently put up a more advanced one," Daubert said. Opt-in, opt-out, phishing Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. and cookies are a dizzying array of terms that can leave a donor's head spinning. However, all those terms can be summed up in one concept--privacy--a word that creates headaches for nonprofits and, in some cases, costs hundreds of thousands of dollars to ensure. Nonprofits wrestle with privacy issues every day, said Walter Sczudlo, executive vice president and general counsel for the 26,000 member, Alexandria, Va.-based Association of Fundraising Professionals (AFP (1) (AppleTalk Filing Protocol) The file sharing protocol used in an AppleTalk network. In order for non-Apple networks to access data in an AppleShare server, their protocols must translate into the AFP language. See file sharing protocol. ). "We have to show our donors that we are protecting their privacy in everything we do." Online fundraising Online fundraising is the use of Internet-based technology, marketing and communication techniques by non-profit organizations to bring in revenue, frequently as donations. Internet fundraising has grown exponentially during the past five years. And, it has proven to be the Pandora's Box Pandora’s box contained all evils; opened up, evils escape to afflict world. [Rom. Myth.: Brewer Dictionary, 799] See : Evil of privacy issues, leaving unsuspecting donors concerned about possible identity theft. Internet privacy Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. was not even an issue five years ago, said Lindy lin·dy or Lin·dy n. pl. lin·dies A lively swing dance for couples. Also called lindy hop. [From Lindynickname of Charles Augustus Lindbergh. Litrides, president of the Atlanta-based Litrides & Associates, a donor relationship marketing and privacy consulting firm Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a . "The Internet was not that big in our lives then," she said. There was some talk about Internet privacy but it was not an issue, she added. At that point, it was more a "nuisance factor," questions like "where did you get my email address See Internet address. ," and for the off-line world (jargon) off-line world - A die-hard nethead term for non-computer-related experience. See also big room. ["Internet", Feb 1996]. of direct mail, "where did you get my mail address?," she recalled. But while, nonprofits have found success on the Internet, so too have unscrupulous individuals who are looking to part people from their money for less altruistic al·tru·ism n. 1. Unselfish concern for the welfare of others; selflessness. 2. Zoology Instinctive cooperative behavior that is detrimental to the individual but contributes to the survival of the species. reasons. One of the biggest fears potential online donors have is identity theft, said Carolyn Hodge, director of direct marketing for the San Francisco-based TRUSTe organization. TRUSTe is an online watchdog organization. The group has 1,500 nonprofit and for-profits registered, Hodge said. To become a member of TRUSTe and to be able to place its green logo seal of approval on a Web page, the applicant must fill out an extensive questionnaire and abide by strict consumer privacy guidelines. Phishing and spoofing (1) Faking the sending address of a transmission in order to gain illegal entry into a secure system. See e-mail spoofing. (2) Creating fake responses or signals in order to keep a session active and prevent timeouts. are the one-two punch one-two punch n. 1. A combination of two blows delivered in rapid succession in boxing, especially a left lead followed by a right cross. 2. Informal An especially forceful or effective combination or sequence of two things. for online identity thieves looking to get consumers to give up their credit card numbers, social security numbers, and passwords. A phisher will create an email that appears to come from a legitimate nonprofit, or create a Web site that appears to be legitimate, called spoofing, and attempt to get the person to answer the email or log onto the Web site and give up personal information, Hodge explained. Using the "spoofed" Web site or email to lure unsuspecting donors to give up their personal information is called phishing. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the Anti-Phishing Working Group The AntiPhishing Working Group (APWG) is a consortium that brings together businesses affected by phishing attacks, businesses that provide security products and law enforcement. The APWG has more than 2700+ members from more than 1600 companies & agencies worldwide. (APWG APWG Anti-Phishing Working Group APWG Action Plan Work Group APWG Acquisition Policy Working Group APWG Advocates for Prostituted Women and Girls APWG AFSCN Prioritization Working Group APWG AFSCN Priorities Working Group ) Web site, the most targeted sector is Financial with retail the second most hit. In October, 73 percent of the reported attacks were on the financial sector and 7 percent on retail, according to the APWG. There have been few reports of nonprofits being targeted by identity thieves. However, Hodge said, donors see it happening in the for-profit sector and worry about the security of donating to charities online. "We try to provide an additional assurance to the consumer that someone is watching their back," Hodge said. According to the APWG, an estimated 5 percent of those receiving phishing emails respond with their personal information. But, Rick Christ, president of the Warrenton, Va.-based npadvisors.com, said phishing isn't really a concern for charities because many of them don't have enough visitors to their Web pages to inspire someone to go after donors' information through emails or a spoofed Web site. Data storage online is an even bigger concern, he said. "There is a lot of sloppiness out there," Christ said. Too many nonprofits are keeping donor data online too long and not downloading it and securing it, he said. When it comes to credit card information, he said credit card companies, keep a tight rein on that type of information. Computer tracking While the word cookies might conjure con·jure v. con·jured, con·jur·ing, con·jures v.tr. 1. a. To summon (a devil or spirit) by magical or supernatural power. b. images of double chocolate chip Chocolate chips are small chunks of chocolate. They are often sold in a round, flat-bottomed teardrop shape (similar to a Hershey's Kiss). They are available in numerous sizes, from large to miniature, but are usually around 1 cm in diameter. in some peoples' minds, for an Internet user Internet user n → internauta m/f Internet user Internet n → internaute m/f it means a small electronic tracker that's put on an Internet user's browser by a Web site. But, cookies should be no problem for a charity as long as it is up front about it, Christ said, "and put in its privacy policy statement." He compared a cookie to someone leaving a suit at a dry cleaner. They are given a ticket with a number on it that allows the dry cleaner to locate the suit when the customer comes to pick it up. A cookie works in the same way, Christ explained. It allows a Web site to know when that user is going onto the site. The cookie may contain information that will allow the user to automatically log-in when accessing a site. It might also contain information that automatically lets the site see some personal information about the user, such as previous donations or areas of the site or organization that interests the user, Christ said. Very seldom do cookies, at least as nonprofits use them, permit the site to view the user's personal information, he said. To allay al·lay tr.v. al·layed, al·lay·ing, al·lays 1. To reduce the intensity of; relieve: allay back pains. See Synonyms at relieve. 2. a users concern, Christ said that in addition to letting users know up front that the site wants to place a cookie on the computer, it should also give the user the option of not accepting the cookie. Opt-in, Opt-out In both the online and off-line worlds, nonprofits are permitting those who receive direct mail and email to opt-out from receiving it. There is also extensive talk in both realms to create opt-in programs. Opt-out is the older of the two methods, in which a person receiving information, via either email or snail mail Mail sent via a country's government-regulated postal system. (messaging) snail mail - (Or "snailmail", "smail" from "US Mail" via "USnail"; "paper mail"). Bits of dead tree sent via the postal service as opposed to electronic mail. , can stop it. Every legitimate nonprofit Web site or direct mail solicitation solicitation In criminal law, the act of asking, inducing, or directing someone to commit a crime. The person soliciting another becomes an accomplice to the crime. The term also refers to the act of obtaining bribes, as well as to the crime of a prostitute who offers sexual will have either a telephone number or an address where someone who wishes to be off its mail list can call or write to opt-out. Opt-out is an important part of donor privacy issues, Sczudlo said. The AFP believes that donors must have the right to opt-out from receiving solicitations, he added. "And, nonprofits must alert donors annually that they have the right to opt-out. They should not only do it when the donor comes on board," Sczudlo said. A donor's right to opt-out should be made clear on all nonprofit Internet sites and direct mailings, he said. Five years ago, opt-in was just beginning to make an appearance. Optin policies require that a donor or potential donor indicate in some way that they want to opt-in and receive nonprofit solicitations. Sczudlo said the AFP has some real issues with opt-in. The AFP has been working with various state attorneys general on the matter. As more states seek to strengthen consumer protection laws consumer protection laws n. almost all states and the federal government have enacted laws and set up agencies to protect the consumer (the retail purchasers of goods and services) from inferior, adulterated, hazardous and deceptively advertised products, and and consider opt-in as a solution, the AFP has been trying to get them to look at other possibilities, Sczudlo said. "They (the AGs) need to understand that opt-in limits a charity's ability to balance the scales between a consumer's right to protection and the charity's ability to solicit donors." Many nonprofits also attach a privacy statement to their Web sites and solicitation mail detailing what they do with their lists and how they protect their donors' privacy. "It's really not an issue if everyone follows the rules," Litrides said. Most of the privacy issues, Litrides said, are in the online communication. "I haven't seen it in the off-line world," she added. But, nonprofits are now giving consumers a choice, with opt-out and, in some cases, opt-in so that "they (nonprofits) are well prepared," to deal with donor privacy issues, Litrides said. HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, Five years ago, the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA) wasn't even on the radar screen for fundraisers at hospitals and their foundations. However, since 2003, HIPAA has hovered over healthcare fundraising. Dealing with HIPAA, which outlines a patient's privacy rights, is costing hospitals and their foundations hundreds of thousands of dollars and in some cases millions of dollars for compliance, said William C. McGinly, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of the Falls Church Falls Church, independent city (1990 pop. 9,578), NE Va., a residential suburb of Washington, D.C.; inc. as a town 1875, as a city 1948. There is diverse light manufacturing, including telecommunications equipment. , Va.-based Association for Healthcare Philanthropy (AHP AHP Assistant House Physician. ). The act, adopted by Congress in 1996 did not begin to impact hospitals' fundraising until 2003, when institutions had to begin to comply with its privacy standards. It was designed to stop the "fraudulent misuse of patient information by insurance companies," said McGinly. Insurance companies were acquiring patient information and using that information to deny patients insurance coverage, he explained. What started out as a "need to protect privacy," ended up being "too sweeping," and "made life so much more complicated," for hospitals and associated foundations, McGinly said. The gist of the law, at least the portion that affects healthcare fundraising, is that hospitals cannot target segmented fundraising mail to former patients without their express written consent. For instance, if a person goes into the hospital as a cardiac patient, the hospital's fundraiser or foundation cannot target that former patient as having been in the cardiac care unit without his or her written permission. The hospital and foundation can, however, do mass mailings to former patients soliciting donations, McGinly said. But, the mass mailings cost more to send than only segmented, targeted mailings. McGinly said the mass mailings resulted in lower gift amounts than segmented mailings although he did not have exact numbers. More and more hospitals are hiring the additional staff necessary to go to patients and ask them to sign consent forms that will enable the institutions to solicit them. Despite this extra effort and additional cost, hospitals are finding that almost 50 percent of patients asked to sign a consent form refuse, McGinly said. "When the public is asked about fundraising, they think it means a call during dinner time and don't want to participate," he said. Because of the restrictions, hospitals are losing "half of their grateful patients," McGinly said. Hospitals are also increasingly turning to sending out mass mailings of comment and questionnaire cards. They are asking former patients, what their interests are, and what services they look on favorably, McGinly said, that way former patients are "self-identifying," so that "now the hospitals can direct market them." Chris Cloud, director of fundraising programs for the New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of Weill Cornell Medical Center in New York City, said while the operations side of the hospital might have felt HIPAA's financial impact, the fundraising side has not. When HIPAA went into effect in 2003, "we were terrified ter·ri·fy tr.v. ter·ri·fied, ter·ri·fy·ing, ter·ri·fies 1. To fill with terror; make deeply afraid. See Synonyms at frighten. 2. To menace or threaten; intimidate. we would lose all of our donors, but it has not worked out that way," Cloud said. The reason it didn't work out that way, he added was preparation. "We knew it was coming, put in a lot of work and began to put measures into place on the fundraising side that would enable us to be successful." Cloud said the fundraisers at the medical center wait for about six months after a patient has left the hospital and then solicits the former patient through direct mail and telephone calls using only basic patient information, such as age, address and basic demographic data, which the law allows. The medical center also places fundraising brochures in waiting areas of each department so that waiting patients or their relatives can see what the center does and, in essence, opt-in to receive solicitation mail and calls. "So, we have been successful despite the HIPAA restrictions," Cloud said. Direct mail Direct marketers that use the mail need to communicate to donors that they are treating the issue seriously and letting them know what they are doing to protect information, said Neal Denton, executive director of the Washington, D.C.-based Alliance of Nonprofit Mailers. Identity theft, a big issue for online fundraisers, is also a major concern for direct mail marketers, Denton said. The fear is that those receiving the direct mail appeal, which might have personal information included, will be tossed out without first being destroyed and identity thieves will get hold of it. Much like their online brethren, direct mail includes detailed privacy statements explaining what the organization's policy is concerning the use of a donor's data. They also include opt-out information for those who would no longer want to receive the charity's mailings. To help protect a donor's information, nonprofits using direct mail are keeping that information in secured files. In their privacy statements, charities also disclose how that information will be used and if it will be rented or traded for use by other organizations. Do not call While the national Do Not Call Registry Do Not Call Registry is the name of a list of personal phone numbers that are off limits to telemarketers in North America.
The Federal Trade Commission discussed creating a national Do Not Email list but has dropped the idea as being unworkable at this time. Ethics questions are where Litrides said she has been seeing problems. She said she sees nonprofits "doing the right thing" when it comes to ethics. Unfortunately, Litrides said, the highly visible for-profit ethics cases "put questions into peoples' minds." Nonprofits need to show the public that they are following standards and that they have the ability to monitor themselves, Sczudlo said. To that end, the AFP has a list of 18 ethical standards, which its members pledge to follow. "Donor trust is all we have," he said, "and that must be maintained and protected. The charitable sector is based on trust. Once you lose it, it is difficult to regain it again. It is important to let donors know there are standards in the sector." Several of the ethical standards include: "members shall not disclose privileged or confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead to unauthorized parties," and "members shall adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. the principle that all donor and prospect information created by, or on behalf of, an organization is the property of that organization and shall not be transferred or utilized except on behalf of that organization." The future What does the future hold for donor privacy? Organizations say that technology is advancing so quickly, especially in the online world that they are having difficulty keeping up. Daubert said GLWD just completed a revamp re·vamp tr.v. re·vamped, re·vamp·ing, re·vamps 1. To patch up or restore; renovate. 2. To revise or reconstruct (a manuscript, for example). 3. To vamp (a shoe) anew. n. of its privacy policy to keep up with technology, something that had not been done in six or seven years. Looking at the future is not yet possible. It's taking enough effort just to catch up to the present. Editor's Note Editor's Note (foaled in 1993 in Kentucky) is an American thoroughbred Stallion racehorse. He was sired by 1992 U.S. Champion 2 YO Colt Forty Niner, who in turn was a son of Champion sire Mr. Prospector and out of the mare, Beware Of The Cat. Trained by D. At various times this year, The NPT NPT National Pipe Taper (pipe thread specification) NPT Non-Proliferation Treaty NPT Nonprofit Times NPT Newport (Rhode Island) NPT Nuclear Nonproliferation Treaty NPT Neath Port Talbot will re-report stories of five years ago to examine the impact of events and to see how the sector has adapted to change. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion