Security of data and information needs to be considered in everything we do.
Donor and prospect information is particularly sensitive and could subject an institution to public exposure and admonishment if this critical information was leaked or stolen.
We are entrusted by our prospects and donors to maintain confidentiality and to safeguard their information and if this trust is misplaced it will have an adverse our ability to raise funds.
We are also typically responsible for maintaining the list of alumni, and the possible misappropriation of this information for commercial or other purposes has great appeal for criminals. This data is not just an average cross section of the population, but represents the higher income earners and achievers in society.
In addition to basic biographical information, most advancement and development systems and organizations retain much more in-depth information on the higher level donors and prospects, and this information must be protected. We also have the additional issues of protecting donor anonymity when requested by donors. Many organizations purchase mailing lists, and these lists are the most valuable.
These few pages on security are not intended to be an in-depth review and analysis of security policies and procedures, but represent a basic summary and discussion of practices that you should consider.
The topic of security is broad and covers many areas from locking down your desktop computer to the more complex issues of digital rights management, hard copy information and data backup and recovery strategies.
Managing security is one of the most important trends in information technology. With the advent of virus attacks, identity theft, hackers trying to get into your corporate networks, and theft of data, we need to improve our vigilance and management practices.
Current publicity regarding breaches in security for higher education data has been limited and educational institutions have been spared some of the public scandals associated with some breaches such as the posting of credit card or social security numbers on public web sites.
However, it is just a matter of time before sensitive and public donor information is accessed and makes an interesting front page news story.
With recent changes in laws regarding fiduciary responsibility of management, executives and directors are much more personally accountable for security operations than they have been. Breaches can cause loss of employment and personal lawsuits.
Managing security needs to move from one of your check items, to one of your most important regular agenda items.