It’s oh-so un-hip, perhaps, to suggest this in a Web 2.0 world. But it’s time to start fighting harder for donor privacy.

According to recent polls, people who give money to charities and other nonprofits—including universities such as Stanford, Columbia, and others—are becoming increasingly uncomfortable with the personal information that fundraisers are collecting about them and the growing ease with which these fundraisers can collect their information online and archive what they have collected digitally in-house. A recent survey by the BBB Wise Giving Alliance and Princeton Survey Research Associates, for example, says 85 percent of donors think it’s not okay for a nonprofit organization, including a college or university, to raise money by selling donors’ personal information to others.

Of course, much donor data still gets reaped the old-fashioned way—from personal relationships and the social networks of the wealthy. But as the number of nonprofits continues to expand and as the economy sours, the digital rivalry for each donor dollar is intensifying—making it much more tempting for nonprofits to outsource their fundraising and sell donor data to the highest bidder.

There have always been issues about donor recognition versus anonymity, and such issues are fairly common ones in the philanthropy world. But there are some new privacy risks that didn’t previously exist from the continued proliferation and evolution of Web 2.0 social networking sites, the growth of the mobile Internet, and the increasing use of fundraising from social networks—not to mention the increasingly exposed lives of the young and wealthy on sites like Facebook and MySpace.

To be sure, it’s getting easier for people to give away more information and much easier for charities to knowingly (or unknowingly) send it around. “People are now having conversations by email about prospective donors that are now on their Palm Pilots and Blackberries and iPhones so donor information is now living in more places digitally than ever before,” says Sree Sreenivasan, dean of students at Columbia University Journalism School and an international expert in Internet research. “It’s very hard today to know where your information is going.”

Promises by charities to keep these digital donor-dossiers completely private are becoming harder to keep. “There are tens of thousands of lousy nonprofits out there, and when I say lousy, I mean they may be great at what they do for those in need but still terrible at managing the privacy of their donor data,” says Jeff Brooks, the creative director at Merkle/Domain, a Seattle-based fundraising consultancy and the author of, a blog about donor-friendly fundraising. Making matters worse, privacy experts admit, philanthropic donors remain largely unaware of the large amount of personal information there is about them in cyberspace. Says Marc Rotenberg, founder of the Electronic Privacy Information Center, a Washington, D.C.-based privacy advocacy group: “I think very few charitable donors really know what is known about them by the person who approaches them for a contribution. Privacy still matters.”

Security leaks are also getting more frequent publicity in the blogsphere. New sites such sites as Breach Blog,, and the Data Loss Archive and Database track the breaches and the lawsuits that can result from poor security policies at charities, businesses, government agencies, and other entities.

But failure by nonprofits to notify donors when their data is leaked remains a large, and fairly common, problem. Just ask Allan Benamer, who writes the Non-Profit Tech Blog. Benamer last fall reported that hackers had gotten access to the email addresses and passwords of thousands of donors to nearly 150 charities—including CARE—that used the online database software and services from Convio, Inc. The New York Times picked up the story, and some but not all of the charities affected made an effort to notify donors themselves. There’s a reason for the fear. According to the Times, many of the 20,000 online subscribers to a newsletter put out by United Animal Nations, an animal assistance group, was affected by the breach and quite a few were angry about the leak. “We’ve had losses (in membership),” Nicole Forsyth, the president and chief executive of the charity told the Times last winter. “About 2 percent of our online subscribers have unsubscribed.”

Regardless, silence and secrecy do nothing to solve the challenges of protecting privacy in the Digital Age. And it’ not enough to outsource the security problem to a technology vendor. To be sure, privacy must begin in-house, with improved employee training and organizational policies that are strongly enforced from the top down.

It’s also time for the creation of sector-wide privacy standards. These would both raise awareness of the problem among charities and donors and lead to more meaningful privacy protection and controls that go beyond the small-print of a Web site privacy policy.

Thanks to Barack Obama’s success with online fundraising, charity leaders have been clamoring in recent months to learn more about the art of online fundraising. Let’s not encourage more online fundraising without first demanding more from sector leaders on donor privacy.

imageMarcia Stepanek is Founding Editor-in-Chief and President, News and Information, for Contribute Media, a New York-based magazine, Web site, and conference series about the new people and ideas of giving. She is the publisher of Cause Global, an acclaimed new blog about the use of digital media for social change. She also serves as moderator and producer of New Conversations for Change, Contribute’s forum series highlighting social entrepreneurs and new trends in philanthropy.