Donor Privacy: Protecting Your Revenue and Reputation Online

Online giving continues to be a fast growing and dynamic revenue opportunity for nonprofits of all sizes. The Blackbaud Institute reports that in 2020, total online giving across the sector was up by 21% over 2019. When broken down by budget-size, the trends show impressive growth across the board:

  • Medium-sized nonprofits with budgets of $1M – $10M were the largest growth leaders, notching a 25% year-over-year increase in their online giving revenue.
  • Small nonprofits with budgets less than $1M came a close second, with an over 22% year-over-year increase in their online giving revenue.
  • Large nonprofits with budgets larger than $10M clocked a 15% year-over-year increase in their online giving revenue.

The ongoing, record-breaking success of GivingTuesday is yet another indicator of the popularity of online giving. Nonprofit campaigns saw record breaking success in 2021, with $2.7 Billion raised in the United States alone. These unprecedented levels of giving represent a significant continued trend of increased generosity, especially in online methods such as peer-to-peer campaigns.

Also consider that for many nonprofits, GivingTuesday marks the launch of their end-of-year fundraising campaign as they specifically target their mid-size and smaller dollar donors with online asks. An online solicitation strategy has indeed become a staple element of a comprehensive end-of-year fundraising campaign.

Great Reward, Great Responsibility

Yet with great reward also comes great responsibility. Online data security and privacy is of high concern for Americans.

In a 2019 survey, the Pew Research Center reports that 69% of U.S. adults express a lack of confidence that companies will use their Personally Identifiable Information (PII) in ways with which they are comfortable. Even further, 81% of respondents believe that the potential risks of companies collecting data about them outweigh the benefits.

While not specifically mentioned in the Pew survey, nonprofits certainly face the same scrutiny and concern from constituents as private companies.

In the 2022 OneCause Giving Experience Study, 57% of first-time donors reported giving because they felt the money would make a difference, and 49% because the organization made it clear exactly how their money would be used. This desire for transparency extends to data security and privacy—implementing and communicating your security measures is a fundamental way to signal transparency and respect in a digital world.

This means that nonprofits seeking to innovate their fundraising practices and maximize their revenue through online donor giving must prioritize donor privacy and data security. If they ignore these critical priorities, organizations risk serious damage not only to their future revenue, but to their reputation as well.

The Many Risks of Poor Donor Privacy Policies

Nonprofits understand that donor retention is a much more cost-effective and desirable strategy for stewarding a healthy, loyal donor pool than new donor acquisition.

Acquiring new donors can be 50-100% more costly than the dollars those donors actually give, according to Double the Donation. Arjuna Solutions has well documented that if you look at the data in terms of donors instead of donations, there’s a consistent trend over recent years that for every 100 new donors acquired in a year, approximately 99 others were lost.

Yet one factor in poor donor retention that nonprofits still need to appreciate fully is the negative effect of inadequate donor privacy policies.

If donors do not trust that a nonprofit is appropriately safeguarding their personal data, they will not hesitate to make their donations elsewhere. A donor’s impulse to protect their personal data will be stronger than their conviction about a nonprofit’s mission.

Another critical risk of poor donor privacy policies that nonprofits need to consider is the potential for legal action. Organizations with insufficient data privacy policies, deficient data usage rights and management practices, or that have experienced security breaches can risk legal action. In the most extreme scenario, a nonprofit could lose its 501(c)(3) standing if it fails to adequately defend its privacy management practices in litigation. Nonprofits that are genuinely and seriously concerned about fulfilling their mission will certainly not risk their existence over lackluster online security policies.

A final risk for consideration is that inadequate donor and data privacy policies can make it more difficult for nonprofits to find the partners they need to succeed in future fundraising. Technology vendors, corporations, and other nonprofits may hesitate to collaborate with an unreliable data partner. Collaboration is a mainstay practice of the nonprofit sector, and no nonprofit should allow inferior data security practices to undermine their desirability and credibility as a partner.

Easy Strategies to Safeguard Donor Privacy

Nonprofits that proactively assess, audit, and improve their donor and data privacy policies stand to benefit in three crucial ways.

  • Encourage trust with their donor community
  • Inspire donor retention in their fundraising campaigns
  • Earn needed and important partnerships

Arjuna Solutions recommends three easy strategies for nonprofits looking to improve how they strategize and manage their donor and data privacy practices.

#1: Audit and fix any practices that leave data vulnerable to exposure or exploitation.

First, nonprofits should examine their internal data privacy policies to audit for and then fix any practices that leave data vulnerable to exposure or exploitation.

Consider the following questions as a starting place:

  • Who has access to donor and donation data, and why? What level of data access is critical for various individuals to perform their core job functions, and what level of access might be too permissive?
  • What details of donor and donation data do you collect and store? What purpose do those data points serve you in your fundraising strategy and operations? Do you truly need them all? Only collect and store the data that actually helps you fundraise more meaningfully; avoid data collection for data collection’s sake.
  • How many years back do you keep donor data before archiving it? If a donor hasn’t given to you in ten years and you’re making no effort to reactivate them, do you still need their personal information?
  • What’s the process for recording offline gifts get in your organization’s CRM? How many people are involved in that process, how long does it take, what happens to the original paperwork?

Privacy and data management policies that are not sufficiently developed need to be uncovered through rigorous and regular audits and remediated immediately thereafter.

#2: Know your vendors’ privacy policies.

Second, nonprofits should obtain explicit confirmation from their technology vendors about how they’re collecting, storing, managing, and using donor PII. A vendor’s practices should completely align with all applicable legal requirements, as well as the nonprofit’s data privacy and security standards.

Nonprofits should also ensure that vendors pass security and privacy audits, and only have access to the data fields necessary to perform their services at the time of delivery.

Arjuna Solutions, for example, does not need to use PII, and the firm is transparent about its approach to interacting with, managing, and protecting donor information. Security is prioritized across our organization and directly architected into the services we deliver. To learn more about how we handle donor information and protect our customers, please read our Security White Paper.

#3: Transparently communicate your privacy policies.

Finally, nonprofits should continually reinforce trust with their donors by communicating regularly and repeatedly about their donor privacy policies. Transparency and consistent vigilance with privacy management are the ultimate trust-builders.

One natural place to consider publishing or linking to information about your data privacy policies is on your donate page. Having ready access to privacy standards as donors are entering their personal information to make a gift acts as an important trust-marker, and it will make them more likely to complete their transaction.

Also consider adding a link to information about your data privacy policies on the auto-responder message donors receive as their transaction confirmation. This is an ideal opportunity to remind donors that they can have faith that their personal and financial information is secure and truly safe with your organization.


Online giving is an enormous and exciting opportunity for nonprofits of all sizes. As it continues to grow, nonprofits eager to reap its rewards must also be ready to assume responsibility when it comes to donor and donation privacy – or else face serious risks in terms of their revenue and reputation. Fortunately, there are clear and easy strategies for creating and managing high-quality donor and data privacy policies.

Author: Rachel Michele

Rachel has been Arjuna’s Chief Technology Officer and head of operations for 7 years. She delivers a unique blend of technical, managerial, and executive experience in support of product development, A.I., process automation, data visualization, infrastructure, strategic planning, forecasting, and company operations. Prior to joining Arjuna Solutions, Rachel led a forensic data analytics team as a manager at PriceWaterhouseCoopers.

Her team was deployed in response to some of the largest cyber breaches, financial crimes, and regulatory investigations in U.S. history, routinely requiring her team to parse through billions of records across disparate databases and data sets. Rachel has also led numerous multidisciplinary teams on projects concerning matters of U.S. national security.

Wrapping Up!

More fundraising resources are just a click away.