The uproar over Cambridge Analytica and subsequent Facebook backlash, Apple CEO Tim Cook’s highly-publicized Duke University commencement address, Net Neutrality, and the introduction of new European privacy rules: if you’re starting to feel that a privacy revolution is brewing, you may be right.
Today’s associations face a host of unique challenges. Employees and member volunteers work side-by-side to deliver on their mission while juggling competing member demands across multiple chapters with limited resources. Understandably, compliance can sometimes take a backseat to the day-to-day mandate of delivering member value. Regulations can be disproportionately cumbersome, complicated, and costly for non-profits.
As increasingly more data breach and whistleblower revelations hit the newsstands, consumers (and not-for-profit members) are starting to open their eyes to how their data is collected, bought, and sold online. And the outlook isn’t very rosy for organizations that don’t put transparency and trust at the heart of their business model. Luckily, associations—who thrive on relationships with a common purpose—have a distinct opportunity to lead the privacy revolution with authenticity and integrity. Here’s how:
1. Make Privacy Everyone’s Business
A privacy-by-design approach ensures the data your organization collects is accurate, relevant, minimal, and integrated into all aspects of your operation. Tear down silos by moving privacy out of the marketing and IT departments, and incorporate stewardship at every level of the association.
2. Use All the Players on Your Team
Don’t limit yourself to a top-down approach. Rather, work on the frontlines with the people who collect and use the data in order to decide what is and isn’t needed. It’s especially important to cast a wide net for feedback if you have multiple chapters serving different regions, with different needs and value offerings. And don’t be afraid to empower volunteers alongside paid staff. ‘Outside eyes’ can offer valuable insights and fresh perspectives to help you see the forest for the trees.
3. Put Your House in Order
Once you know what data you need (and what you don’t), take a deeper dive from a marketing standpoint and align that information with the different steps of your sales funnel. Ensure you have a 360-degree view of who needs access to what data, and for how long you need to retain it. If you don’t have it already, introduce a method to obtain consent (and be sure you are compliant with all related laws related to this) and give users control over their information. Have a process to make sure their choices are disseminated to everyone who needs to know.
Often, parent organizations and their regional chapters find it challenging to synchronize data as it flows back and forth. Implement a clear process—ideally through automation or technology—to help comply with the growing framework of privacy legislation in Canada and abroad. *
4. Tell It Like It Is
Today’s brands must be authentic. After all, strong, long-term relationships with members are founded on trust.
Communicating what data you collect and how you use it gives you an opportunity to deliver your message (and position your organization) positively and openly.
5. See the People in the Process
Help board members, employees, and volunteers across the organization understand how they interact with the data collected by the association, and challenge them to treat that data as they would their own. How you handle the information that belongs to your members and supporters is key to cultivating their confidence. It can be tempting to gather data for data’s sake, so be sure to remind everyone to focus only on what you need—emphasizing the people (your members) behind the process.
6. The Buck Stops with You
Identify if you share information with third-party vendors or affiliates, and why. Even if you don’t sell your member data, you almost certainly share it with others (for example, email marketing or CRM providers). In some cases, regulation compliance may require your organization to go beyond a blanket statement and to identify who those providers are. Vet your providers carefully, as members will hold you responsible for any data misuse—regardless of where it originated. Even if you don’t bear the legal risk, the reputational risk is squarely on your shoulders, especially considering the mandatory breach notification requirements for Canadian companies and organizations.
7. Practice, Practice, Practice
By following these simple guidelines and treating your members’ data as you would your own, you can equip your association to navigate the privacy landscape, no matter what obstacles lie ahead.
* A common misconception is that the EU’s General Data Protection Regulation—its newly-introduced comprehensive privacy framework—applies only to companies operating in Europe. The regulation applies to any company doing business with EU citizens, regardless of where it’s located. Does your email database contain any contact information for EU residents? IP addresses? If so, GDPR applies to you.
IABC Communication World Magazine: GDPR compliance—what you need to do right now.
Jill Knaggs is a senior marketing and communications leader with extensive experience solving problems, developing strategies and managing campaigns. Her background includes specialty marketing supports for association and nonprofit clients and employers across all kinds of industries; from big business to niche not-for-profits.
Is your association protecting the privacy of its members as well as it can? Considering how often we hear about businesses getting hacked, putting customer data such as credit card numbers and purchasing patterns in jeopardy, are you certain you've done all you can to protect your members’ personal information while complying with current privacy regulations? During her session at the CSAE 2018 Conference, Good Cybersecurity Doesn't Have to Be Costly or Take Years to Build, Sophie Doukas will discuss an association's delicate relationship with cybersecurity, especially when it comes to protecting member privacy.