Why not-for-profits must protect data more than anyone else

Not-for-profit organizations are in the mission of uplifting humanity. They uplift individuals, families and communities with their hearts and minds. They employ their time, talent and treasure for the benefit of humanity. Without these organizations, the statistics of poverty will shoot up more than where it is today. Millions around the world will starve. Many will not have basic clothing, let alone protection from the freezing cold of winter. Mortality rate will increase because of malnutrition and inability to have access to appropriate health care…

The impact to humanity will be huge.

Not-for-profits collect, store, access and manage data to make decisions, deliver services, measure the impact and value of their services, and provide information to governments, other regulatory agencies, and donors. The people who rely on their services trust these organizations and share lots of information about themselves and their families. Often, they share very sensitive information such as health information which is typically collected and stored in computers. This is a common practice because computers have become part of the global digital eco system. These are connected to the internet and exposed to the world.

Data is very valuable and powerful. If used appropriately by the right people, this could enable transformation and innovation. Classic examples are Uber and AIRBnB; two innovative companies which have transformed and disrupted the transportation and hotel industries by leveraging the power of data.

AIRBnB is the largest accommodation rental company without owning a hotel. UBER is the largest taxi company without owning a taxi.  But they both leveraged data to disrupt and transform these two industries. Likewise, many organizations are leveraging data to innovate and transform. Big Data is considered one of the four “nexus of forces” along with Social, Mobile and Cloud by Gartner.

At the same time, data is very destructive. If critical data gets into the hands of wrong people, it could bring down enterprises.

At a personal level, this might even push people to making wrong decisions about their lives.  There are incidents of identity thefts that pushed people to their brink of total desperation and in some cases contributed to suicides.

We live in an era of connected world and “global village”. All the systems are interconnected. The information we provide to obtain services or purchase products are stored in massive data repositories and shared with thousands of people within and outside the organizations. In many cases, the data is shared with people around the globe. For the most part, these data are secured and shared only for the right reasons. This kind of data centralization, consolidation and sharing have enabled governments to improve services, protect citizens from terrorist attacks, and allowed hospitals to provide better services to clients, among others. Unfortunately, this also opened for criminals and identity thieves to steal valuable personal information for their own purpose.

A recent study found that not-for-profits were successful at using digital tools primarily as a communication device or for fundraising. However, they weren’t looking at the implications of digital technology across all operations.

“Digital data allows us to do things at faster paces with greater numbers of people to bring together insights,” Bernholz said.

“There’s no doubt digital information has the potential to shape the way we conceive of certain social challenges, the way we understand things like food shortages or shelter needs or mental health issues.

“We have also recognised that a lot of that information is sensitive information, it’s personally identifiable information… the rules to manage that information are quickly being adapted from an age when, say, the most sensitive data a not-for-profit might have had would have been contained on paper in locked file cabinets behind a locked door at the office.

“Now it’s entirely possible that not for-profits are accessing that kind of information on a cloud server somewhere or partnering with other not-for-profits to work together better and so they’re using laptops to access that information, and that simple change of technological infrastructure changes the nature and the risk associated with using the data.”

The recent data breach of Personal Health Information in one of the largest Home Health Service providers in Ontario, Canada is a dark reminder of the era we live in. Unfortunately, many organizations are still not doing enough to protect their data.  As much as I am very empathetic to the situation in the above organization, I am also very disappointed on the fact, this organization has their data un-encrypted. This is not acceptable.

Not-for-profits such as the above organization holds personal information about their clients, donors, etc. In some cases, they also hold personal health information. According to the privacy act of Ontario, it is the responsibility of an organization to do everything possible to protect the data from these kinds of breaches.

Not doing enough not only puts your clients’ and donors’ life at risk, it will also expose the organization to several lawsuits and challenge the viability of the organization.

It is very urgent and critical that organizations, especially not-for-profits, take measures to ensure their data is protected.

 

About the Author:

Joseph Edward is the CEO/Chief Innovation Officer of INVORG. If you want to know more information about this topic, you can connect with Joseph at innovation@invorg.com. Or you can Contact Us for a FREE no-obligation assessment on your organization’s data security status.

Leave a Reply

Your email address will not be published. Required fields are marked *