Data Encryption for Nonprofits ranks among the most critical data security practices employed by not-for-profit organizations. Serving as stewards for their Stakeholder’s sensitive data, Nonprofits need to provide safeguards to protect that data. Failure to do this presents serious risks to Stakeholders:
Donors – Donor data could contain not only name and address but also credit card numbers, tax identification numbers and donation amounts.
Beneficiaries – Data about beneficiaries is subject to privacy rules. If the Nonprofit is healthcare-related, the Health Insurance Portability and Accountability Act of 1996 (HIPPA) mandates data protection.
Volunteers – Some Nonprofits define data about volunteers to be sensitive. For example, if the work of the Nonprofit raises controversy, volunteers may want their service data to be kept private.
Data Encryption Basics
Encryption translates data into a form that cannot be read. It can only be translated back into readable form if a password or key is provided. This way, if the Nonprofit’s system is breached, the hacker cannot read the stolen data.
There are two types of Data Encryption for Nonprofits: at rest and in motion.
Data at rest means stored data is encrypted. A database represents a good example of data at rest.
The second type of Data Encryption for Nonprofits is data in motion. This means data moving between resting states is encrypted. An example is data being downloaded from the internet to a computer’s hard drive. “End-to-End” data encryption describes the protection of data during all stages of its transmission.
Issues with Data Encryption for Nonprofits
There are numerous methods for encrypting data at rest and in motion. Here some issues to consider in sizing up the data encryption task.
Data at Rest
Data at rest exists across multiple devices and media, everything from computers, tablets to smartphones.
For data stored in the cloud, the Nonprofit cannot usually control the level of encryption.
Multiple regulations and laws govern data protection. HIPPA, GDPR and others need to be understood in the context of the Nonprofit’s specific data.
Data in Motion
Data in motion travels through multiple channels, many of which our outside the Nonprofit’s control.
Managing decryption at the Nonprofit receiving end may be beyond the organization’s IT capabilities.
Making Data Encryption for Nonprofits Work
Except for very large organizations, most Nonprofits lack the technical knowledge to implement a coordinated Data Encryption for Nonprofits program. Two ways to handle this are:
Retain a reputable IT consultant with both technical encryption skills and experience providing these services to Nonprofits.
Require software vendors to provide encryption capabilities. For example, Donor Management software should encrypt data it stores or moves.
Data Encryption for Nonprofits is just one aspect of a comprehensive technology security program. Nonprofits should become knowledgeable in this important area to the extent that they can competently evaluate vendor products and services.