About  |  Contact Us  |  Register for Benefits  |  Login  |  View or Edit My Profile  |  Consulting  |  Sponsorship Opportunities  |  Legal & Privacy

  Home      Blog      Job Board      Community      Vendor Listings      Search Site
  Employment  |  Like Minded  |  More With Less  |  Potpourri  |  Records  |  Reporting  |  Research  |  Revenue  |  Samples  | Systems  |  Web Sightings
  Privacy audit questionnaire. Records
 Overview  |  Collection of Data  |  Maintenance and Use of Data  |  Disposition of Information  | Access and Correction  |  Safeguards  |  Accountability

Privacy AuditWith privacy legislation in place or pending in many jurisdictions, it is of critical importance for organizations to review their policies and procedures regarding the collection, retention, maintenance and protection of  prospect and donor information.
  • Organizations should have a clear idea of what personal information they have in their  possession and where it is housed.
  • They should ensure this information is secured and accessible only to those who need to use it.
  • They should ensure that all information added to both electronic and hard copy files passes a simple test: ask yourself if you would feel comfortable having the donor read the information you are putting in the file.
  • They should ensure that all staff members in your area are aware of the broad implications of privacy issues for the work that they do.
  • At points of data collection there should be an opt out for constituents.
  • Advancement offices should have a third party (for mailing or processing house) agreement that protects the use of personal information.
  • Universities need to establish a process of how to handle requests from prospects/donors to see their file. The divisions and schools should not handle this on their own as personal information needs to be collected from a variety of sources and presented to the individual in its entirety. Universities should also be aware there is normally a time limit to gather and present this information.

Institutions normally have many privacy related policies and protocols but they can only work if each individual takes into account  the importance of privacy and confidentiality in his or her own work.

Audit Your Information Usage

The purpose of this privacy audit questionnaire is to help determine what personal information is collected, maintained and used by an institution.

Personal information means information about an identifiable individual, such as name, address, giving history, and other biographic information.

Personal information includes information about prospects, alumni, donors, volunteers, and any others.

The data that is collected can be used to assess compliance with institutional privacy policies and to help access the information needed to process requests received from individuals or legal authorities.

Some additional resources on security and privacy:

Computer Security InstituteSecurity
Supportingadvancement.com FIRST – Forum of Incident Response and Security Teams
Supportingadvancement.com Industry Canada – Online Security and Privacy Guide
Supportingadvancement.com Microsoft – Baseline Security Analysis Tool, newsletters and other tools. Free seminars.
Supportingadvancement.com National Cyber Security Partnership – Public private partnership to make cyberspace more secure.
Supportingadvancement.com PC Magazine Utilities – A number of free tools such as spyware detectors.
Supportingadvancement.com Software Engineering Institute – Papers
Supportingadvancement.com Threats and Countermeasures From Microsoft. A free 900+ page document on improving web security.

Sites with privacy legislation, policies and procedures:
   AFP Toronto ChapterSecurity
AFP Canadian Public Policy on Privacy
Australian Government Privacy Office
CASE – Foundation Independence and Donor Privacy
Canadian Department of Justice Policy on Access to Information and Privacy
  Direct Marketing Association. Privacy policy generator.
Information and Privacy Commissioner of Ontario (IPC) Web site
Ontario’s Consultation on Privacy Protection
Privacy Commissioner of British Columbia
Privacy Commissioner of Canada
Privacy is Your Business from CIO
Privacy Rights Clearinghouse

On this site:
Data Backup and Recovery Strategies
Democracy and Responsibility. Additional security considerations given break-ins and compromises of higher ed data.
Employment Pages. Confidentiality agreements.
Privacy Architecture
Privacy Audit Questionnaire
Privacy Policy Statement
Privacy Principles
Privacy Recommendations
Releasing Alumni Information
Security Survey
Shadow Databases

Contributed by …
Mary Ellen Caskenette, Manager, Document Systems, University of Toronto
Email AddressSupportingadvancement.com Privacy Audit Questionnaire.
Supportingadvancement.com Privacy Recommendations.
Supportingadvancement.com Sample File Plan.
Supportingadvancement.com Sample File Retention and Disposition Schedule.

Supportingadvancement.com Survey – Contactable Rates, Survey Results
Survey on how your contactable rates for constituents compare with other organizations.
Ursula Shail, Manager of Document Systems, University of Toronto
Email AddressUrsula is the Manager of Document Systems within the Alumni and Donor Records Department and is responsible for the Central Files and Document Imaging within the Division of University Advancement.

Supportingadvancement.com Electronic Imaging – The Series. Part 1, Part 2, Part 3, Part 4, Part 5.

Supportingadvancement.com Privacy Audit Questionnaire.
Supportingadvancement.com Privacy Recommendations.
  ↑  Top of Page  |  Samples Page  |  Sample Forms  |  Favorite Reports  |  Frequently Asked Questions  |  Glossary of Terms