Secure Your Database – Secure Your Future: Some Simple Guidelines

March 26, 2022

Nonprofit organizations most often start from the vision of the founder.   Whether that vision is a neighborhood without violence, the elimination of hunger, or an appropriate education for one’s special needs child, the founder drives the train and others are inspired to jump on board because they support that vision.

The desire to achieve that vision is foremost in the minds of all involved. It is all about action, Action, ACTION!  Get guns off the streets!  Feed the hungry! Educate that child! Issues like policies and procedures are not the top priority.  The founding core of people usually knows that they should have such things, and “will get around to it” when they have time. 

There is nothing wrong with this attitude, as long as “when they have time” does not stretch on indefinitely.  But when dealing with your donor or member list, you should be thinking about its maintenance and security at the outset.

From Day One, the most valuable item any organization possesses is its database of stakeholders, including volunteers, donors, community leaders, and those you hope to enlist in your cause.   Whether you keep this database in a specialized program like Salesforce or DonorPerfect, on a simple Excel spreadsheet, or just a handwritten list of names and notes in a notebook, you should have some simple rules for it.  The first rules should focus on WHO has access, and WHAT they are allowed to do with it.  Below, I have sketched out three basic levels, functions, and needs for people working with your database.

  1. The lowest level of access is for people who only need information on donors, such as their contact information and giving history.  These staff members or volunteers are not responsible for updating or editing the information, but need this information to perform necessary functions like planning special events or fundraising appeals. 
  1. The intermediate level of access is for those who are responsible for maintaining this database, including creating and updating contact information and donor history.  This is a crucial function, as so much of fundraising is about cultivating and maintaining relationships.  This staffer documents the donor relationship by capturing not only how much donors give, but also whenever they have contact with your organization.  If they call to compliment you on a well-run event or an excellent article in your newsletter, or if you call them to ask for assistance like an introduction to someone, this is the staffer who notes it in the database.  This staffer should also be able to recommend changes and improvements to the database design, such as adding another field to capture more information or eliminating one that is not relevant.  As your organization grows, this function will also grow.
  1. The highest level of access is the person in charge of all others with access to the database.  This is the person who implements and enforces your access policy, which covers who has access and at what level.  In a small organization, this will likely be the executive director.  As the organization grows, this may be delegated to an administrative person.  But wherever the responsibility lies, this function guards the security of your database.  This staffer has to know who is using the database and why.  Who has Level I access so that they can organize a fundraiser, direct mail appeal or send out the newsletter?  Who has Level II access and inputs changes and updates on a regular basis and can recommend improvements in design?  In addition, this person needs to maintain control over the passwords, know what they are, keep them secure and change them when necessary.

When organizations are in the start-up phase (which can last for years in some cases) developing guidelines and policies may seem like a luxury you do not have time for.  If that is the case, a founder, staffer, or key volunteer doing fundraising should at least keep these three levels of access in mind.  Segment the people and staff functions making use of your database, and assess the level of access they need.  Your database is your most valuable possession at this stage.  The people on this list are those who have demonstrated some interest in your cause, and over time you will be growing those relationships, developing allies with a stake in your future.  Keeping this information secure is one of your most important responsibilities.

Reprinted from Pamela’s Grantwriting Blog.

Robert Weiner is an independent consultant and is of counsel to Marts and Lundy. He is the co-host of TechSoup’s Databases and Software online forum, a founding member of the Association of Advancement Services Professionals (AASP) and winner of the association’s Jonathan Lindsey Lifetime Achievement Award. He is a board member of Community Initiatives (a nonprofit fiscal sponsor), a former board member for AASP, and the former chair of AASP’s Committee on Best Practices/Emerging Trends. He is also a member of the Nonprofit Technology Enterprise Network’s (NTEN’s) membership committee.

Comments on this entry are closed.

Previous post: