Charities go to great lengths to try to get on the front pages, but losing sensitive data could land you there for all the wrong reasons.
A well-known risk-management consultancy tactic is to ask chief executives what is the worst news they could imagine receiving. I would be surprised if loss of data wasn't near the top of the list. Not only would the careless mislaying of donor data be an embarrassment; it would also erode much hard-won trust and potentially affect income. Recent examples of high-profile data leakage in the public sector show that it's not only small organisations that are at risk.
Data security - sometimes called information security - is about diligence, best practice and common sense. This is precisely why it remains a major risk, not only for charities but for all organisations handling personal data. Procedures are only as good as the people running them, unless they are properly monitored, which is the hallmark of an organisation that takes its responsibilities seriously.
Data security is a Cinderella subject, because it's a lot less interesting and 'cutting-edge' than, say, designing the next website, and it very often goes unnoticed when it's effective.
Effective data security will cost a little money, but not much, which might appear unfair when you could get away with doing nothing for years on end. But I would contest that this is one part of a charity's IT expenditure that is non-negotiable.
So here's the fundraising challenge: rather than being shy about the running costs of your organisation, turn the fact that you care about protecting your donors' data into a benefit, and help them to understand that a professionally run charity is a good thing.
- Robin Fisk is managing director of software company Fisk Brett.