Encryption for Nonprofit data ranks among the most critical data security practices employed by not-for-profit organizations. Serving as stewards for their Stakeholders’ sensitive data, Nonprofits need to provide safeguards to protect those precarious assets. Failure to do this presents serious risks to Stakeholders:
Donors – Donor data could contain not only name and address but also credit card numbers, tax identification numbers and donation amounts.
Beneficiaries – Data about beneficiaries is subject to privacy rules. If the Nonprofit is healthcare-related, the Health Insurance Portability and Accountability Act of 1996 (HIPPA) mandates data protection.
Volunteers – Some Nonprofits define data about volunteers to be sensitive. For example, if the work of the Nonprofit raises controversy, volunteers may want their service data to be kept private.
Data Encryption Basics
Encryption translates data into a form that cannot be read by unauthorized parties. It can only be translated back into readable form if a password or key is provided. This way, if the Nonprofit’s system is breached, the hacker cannot read the stolen data.
There are two types of Data Encryption for Nonprofits: at rest and in motion.
Data at Rest: This means stored data is encrypted. A database represents a good example of data at rest.
Data in Motion: The second type of Data Encryption for Nonprofits is data in motion. This means data moving between resting states is encrypted. An example is data being downloaded from the internet to a computer’s hard drive. “End-to-End” data encryption describes the protection of data during all stages of its transmission.
Issues with Data Encryption for Nonprofits
There are numerous methods for encrypting data at rest and in motion. Here some issues to consider in sizing up the data encryption task.
Data at Rest
Data in Motion
Managing decryption at the Nonprofit receiving end may be beyond the organization’s IT capabilities.
Except for very large organizations, most Nonprofits lack the technical knowledge to implement a coordinated Data Encryption for Nonprofits program. Two ways to handle this are:
Encryption for Nonprofit data is just one aspect of a comprehensive technology security program. Nonprofits should become knowledgeable in this important area to the extent that they can competently evaluate vendor products and services.