Last week, two powerhouse philanthropic data conferences merged under the Stanford University’s Center for Philanthropy and Civil Society (PACS) and Social Innovation Review (SSIR) umbrella. The two-day Data on Purpose / Do Good Data conference brought together academics, practitioners, and data experts from across the for- and nonprofit sectors to discuss data issues in a civil society, including various sessions on the effective and ethical use of data, creating a data culture, and collaborations around data. I came away with a new understanding of philanthropy's newest dilemma.
One of the most important topics discussed at the conference focused on threats to the security and privacy of data in a digital civil society. Notable discussions highlighted critical issues about the growing threats to private and confidential digital data through existing and new devices.
As I sat through the conversations – some of them pretty scary – I began to think about the challenge foundations face as they balance the desire to become more data-driven (including the gathering and sharing of data) while at the same time using the data only as intended, securing the data from external threats, and protecting the privacy of the stakeholders the data represent.
At first blush, these two notions seem to be at odds with one another: one promoting the expanded use of data and the other about urging caution and the implementation of structures and procedures to ensure responsible and appropriate use of data. The reality is these ideas don’t have contradict each other.
To achieve this balance, however, we need to keep the following in mind:
- First and foremost, there needs to be a more coordinated effort by individual foundations across the sector to understand and address the critical issues related to the collection, use, and management of digital data. I think conferences like Data on Purpose / Do Good Data, and the work being done through The Impact Lab, Stanford’s Digital Civil Society Lab, and Hewlett Foundation’s Cyber Initiative, are leading the way here. Their work will ensure that civil society – especially the philanthropic sector – is aware of and working towards credible solutions to address the potential threats.
- Individual organizations can play their part as well. In fact, many of the recommendations that we’ve made here at Fluxx for investing time and resources on formative evaluations will help address some of the digital data privacy and security issues. A better understanding of your organization’s programs – their story of how change is intended to occur – will help you be more precise in your data selection and collection, reducing the total amount of data vulnerable to attack.
- The importance of collaboration in these matters can’t be overstated. While enhanced coordination and communication with stakeholders helps build relationships based on trust and understanding among data owners and users, it also helps lay the foundation for more detailed Data Sharing Agreements (“DSAs”) and Memorandum of Understandings (“MOUs”) – more precision around the data, its use, and the structures, procedures, and permissions to be used in their collection, analysis, and sharing.
- And lastly of course, an IT plan that directly addresses your foundation’s data risks and vulnerabilities is crucial. Data security should be a standard practice for all organizations, but inadequate risk management practices often leave foundations and their data unnecessarily exposed.
Organizations can ensure better security beginning with these steps:
- Learn the language Arm yourself with knowledge. Master the jargon so you understand what’s truly at stake and what you can do about it.
- Move to the cloud, but don’t be a target With the right cloud-based tools and effective risk management standards, working in the cloud can help a foundation focus most of its efforts on philanthropy – not cybersecurity.
- Keep a secure wireless network Securing the network’s traffic is one of the most important steps to protecting your data. Use complex passphrases and change them often.
- Develop a policy and regular training Even the most tightly secured network and user authentication settings can be rendered useless without ongoing training.
- Know who’s in the system Knowing who’s in the system and how much data they can access or manipulate will help foundations keep a firm grasp on their data. It also helps spot anomalies before they lead to a breach.
Data allows us to be better grantmakers, and careful stewardship of that data is vital to that goal. Foundations should have the utmost confidence that the data collected from grantees is safe, and grantees need to trust that the data they submit remains private and will be used responsibly and as agreed upon. The last thing foundations want is to hurt the organizations and the communities they are trying to help.
Threats to the privacy and security of digital data are real. We as a sector and as members of the broader civil society need to act. Thankfully, there is a movement afoot to address these issues. Seek out these organizations for information and guidance so that you can arm yourself with knowledge and be able to articulate a well-detailed plan of defense.
David Goodman, Ph.D., (@MeasureDoc) is the Director of Impact at Fluxx. David is passionate about finding ways to better use data, metrics, and research to achieve greater impact and sustainability. In his role at Fluxx, David engages with both grantmakers and nonprofits to empower them to use data to turn a single success story into a thousand similar success stories. David brings to Fluxx extensive experience leading and assisting teams in the design, implementation, analysis, and oversight of research and evaluations for the public, private, and nonprofit sectors. David earned a Ph.D. in political science from Rice University in Houston, Texas, and graduated with a B.A. and an M.A. in political science from California State University, Northridge.