What Do You Have About Me In Your Database?

I was at a meeting recently when I was approached by a volunteer who asked me a question. The exchange went like this:

Volunteer: “What information from your database have you shared with XYZ Org?

Me: “What database?

Volunteer: “The database at the firm.

Me: “We don’t have a database with information about you at the firm. We don’t keep any donor information at the firm; it is the property of our clients. Why do you ask that?

In the conversation that followed I learned the reason for this question.

It seems this volunteer had recently been solicited for another campaign.  During the course of the solicitation the solicitor let slip some information about the volunteer that he did not think was public. He was so taken aback by it that he asked the solicitor “How do you know that?

The solicitor then produced a background memo that he had been provided for the call that had a great deal of detail about the volunteer’s charitable giving.  And here is the catch; the volunteer knew that some of those gifts had not been made public.

The volunteer concluded, in conversation with his solicitor, that some of that information had been provided by fundraising counsel, who had apparently worked on other campaigns that this donor had supported, and the consultants had captured and were sharing that information with others.

My almost involuntary response on hearing this was “that is completely unethical and probably illegal.

This conversation continued to bother me. We are often required to sign confidentiality agreements with our clients before we begin our engagements. But, even without those, it seems intuitive that capturing our clients’ donor information and sharing it with other clients would be wrong.

Just to confirm, I made a call to AFP to inquire. Their response was “that is completely unethical and a blatant violation of the Donor Bill of Rights.”

Next I called the chair of the Giving Institute ethics committee and asked here.  The response, “That is completely unethical, I hope it is not one of our members doing that.”

So, what is my point?

My point is that I don’t know if we are dealing with a consulting firm that does not know that keeping and sharing client donor information with other clients is wrong, or if they know and just don’t care, but the fact of the matter is everyone I ask – including the original volunteer who brought it to my attention – agrees that it is wrong.

And, in this day and age, when the nonprofit sector is under such scrutiny and in which there is no body credentialing or regulating fundraising consulting firms, organizations need to be very aware of who has access to their donor data and what is being done with it.

Yes, I know that Google has made much of our public information easily searchable on the web.

But the operative word there is “public”.

If a donor makes a gift to one organization, that information should not be shared with anyone, until and unless the organization shares it with the donor’s permission.

Perhaps I’m overly sensitive to this, because I routinely meet volunteers who do not trust fundraising consultants because of some violation of trust – typically related to what was supposed to be a confidential feasibility study interview, where the consultant later shared information that was given in confidence (another blog topic for another day).

Since I have been a fundraising consultant for over 25 years, I take that distrust kinda personally.

So, to see a firm deliberately and systematically collecting client information and sharing it with others gives me chills.

I wonder how many more times I’ll be confronted by the question “What do you have about me in your database?”, and I am just so glad that my honest answer will be “nothing.

Do you know where your data is?