Let’s be honest: “data privacy” isn’t usually top of mind when you think about nonprofit fundraising. But it needs to be part of how you protect your donors’ trust.
From ransomware attacks to accidental leaks, data breaches are more common than many organizations realize—and the cost isn’t just financial: they can undermine donor confidence, damage your nonprofit’s image, and create expensive legal issues.
Every time a donor gives, they’re also handing over personal information—contact details, financial records, even family connections. They expect that data to be protected. Yet Microsoft has reported that nonprofits are now the second-most common targets for cyberattacks, making them especially vulnerable to breaches that erode trust and damage relationships.
To dig into this complex issue, I sat down with three Stelter experts for a conversation about what nonprofits can do today to keep donor data safe:
- Jared Heller, Stelter Information Security Engineer
- Nina New, Stelter Vice President of Operations
- Hanna Plants, Digital Experience Director
Zach: I appreciate you joining me to share your perspective on data security for nonprofits.
What’s the feeling these days among donors about data privacy and protection?
Jared: Across the board, expectations for transparency and responsible data stewardship are rising, which is pushing all organizations to stay proactive and build trust through strong security practices.
Hanna: There’s an implicit expectation among donors that their information will be handled with care. So we see privacy and protection not just as legal or operational concerns but as key elements of organizational integrity.
Are you hearing any concerns from nonprofits?
Hanna: In my experience, concerns around data privacy are more frequently raised by our larger clients, especially healthcare organizations and institutions with in-house legal or compliance teams. The focus tends to be rooted less in what donors are saying directly and more in the legal implications of evolving data privacy regulations (like GDPR or state-level laws in the U.S.).
That said, we know donor trust is paramount in the nonprofit industry.
Even if donors aren’t asking these questions out loud, they believe that their information will be protected. Trust is eroded when something goes wrong, even if unintentionally.
What should nonprofits (especially those with a smaller staff) do to ensure their donor data is protected?
Jared: Start with the basics:
- Limit access to donor data to only those who need it.
- Use strong, unique passwords with multi-factor authentication on any system that handles sensitive data.
- Keep your software updated, including donor databases, email platforms and antivirus tools.
- Regularly back up your data and ensure those backups are stored securely.
- Provide foundational security training for your team. Awareness about phishing and safe email practices can have a big impact.
Nina: The first step in protecting data is knowing where you stand. Ask yourself these key questions:
- What data are we storing? Keep only what’s essential and purge the rest.
- Who has access to this data? Limit access to team members who truly need it for their roles.
Next, build a culture of continuous security education. Services like KnowBe4 or Cofense can train your teams on how to properly handle data and how to identify potential threats.
Finally, audit your infrastructure. Identifying any gaps or vulnerabilities will guide your next steps. For example, many of our customers in the education space utilize the HECVAT (Higher Education Community Vendor Assessment Toolkit) to understand where to focus their efforts.
What’s your sense: How are planned giving teams talking to donors about data privacy and protection?
Hanna: Many nonprofits, especially smaller teams, are still navigating how to talk about data privacy proactively. It’s not always prioritized in donor strategy because it’s viewed as technical or legal, but it’s becoming more important.
My sense is that planned giving teams are often focused on relationship building and may not always feel equipped (or responsible) to field questions about data usage.
What does the future of data security look like for nonprofits? Any advancements of note?
Jared: The future of data security is becoming more adaptable to the needs of both small and large nonprofits. Donor platforms and cloud services are increasingly offering built-in protections like encryption, access controls and automated backups, making it easier for smaller teams to put strong safeguards in place.
For larger organizations, there is continued growth in tools that offer real-time monitoring, advanced threat detection, and more control over data privacy and compliance. Artificial intelligence is also gaining traction to quickly identify suspicious activity or potential risks.
What’s the main takeaway you want to stress to nonprofits?
Jared: Donor trust is closely tied to how you protect their data.
You do not have to be a cybersecurity expert to make meaningful improvements. Focus on the basics, make steady progress, and ask your partners and vendors what they are doing to support data security.
Finally, security is not just an IT issue. It’s a key part of donor stewardship.
Any last thoughts on this topic?
Hanna: Data privacy is a complex and constantly evolving space. For nonprofits, especially those with limited staff or tech support, keeping pace can be overwhelming. My personal guiding principle is to lead with empathy—for both the donor and the organization—and focus on building trust through transparency, clarity and consistent user experience.
Thanks to Jared, Hanna and Nina for sharing their insights.
At the end of the day, protecting donor data is really about earning and maintaining donor trust. Focus on the fundamentals, be consistent and involve partners when needed—because every improvement builds a stronger foundation for your mission.
At Stelter, we make data privacy a priority—and we encourage every nonprofit to do the same. Because when donors know their information is safe, they can focus on what really matters: supporting your mission.
Thanks for this — love how you break down data security into concrete steps for nonprofits. It feels like you’re arming folks with tools and confidence.