“We take a poll at meetings of how many people send unencrypted Excel documents over email. Everybody raises their hand.”
At the NY Nonprofit Conference Tuesday morning, Gina Scala, vice president of education & professional development, DMA, used this common example of data use and transfer to emphasize the need for a strong data governance plan.
In a panel moderated by Glen Beasley, director of direct marketing, Arbor Day Foundation, Gina Scala and Cathy Folkes, president, Data Best Practices, offered a series of best practices for data governance, including availability, usability, integrity, and stewardship.
Folkes defined data governance as a system of decision rights and accountabilities to optimize, secure, and leverage data assets. She also claimed that data governance identifies and addresses data quality issues to ensure maximum data protection and adhere to regulations.
Clicking to a PowerPoint slide with a list of brands, both popular and lesser-known, Folkes said, “These companies have all been hacked. And hacks happen every day.”
Scala added that 100% of data breaches involve a third party, and the majority of breaches in the US are directed at companies rather than individuals. According to Scala, names are the number-one piece of data that are taken and credit cards are number two.
Scala explained that data has a certain lifespan, and by purging data regularly, the chances of a data breach or improper use are lessened significantly. Folkes added that it’s really important to understand what vendor partners are doing with data to ensure that all parties involved are acting responsibly.
“Make sure anyone who has any interaction with your data knows what can happen,” said Folkes. “The idea is to make sure you can identify your risks and improve your results.”
Based on their knowledge of data breaches and the need for security, the panel offered an actionable data governance plan that all nonprofits can implement to protect their data, their consumers, and their missions:
- Select a data governance team, including an executive sponsor. If you don’t have the executive team on board, it’s never going to work.
- Define the goals of your data governance plan.
- Ensure you can measure your goals and your results.
- Identify each data source.
- Understand the data you are using from other sources, such as third party vendors.
- Identify the data owners – the consumers, the marketers, the organization?
- Define your meeting cadence – weekly, monthly, etc.
- Develop your road map.
- Build your data governance policy.
- Identify your data breach plan and make sure it is up to date.
- Communicate your successes.
“Data security is about protecting your data against damage, danger, and crime,” said Scala. “Get control of your data, reduce the risk, and maintain that on a regular basis.”
Beasley concluded by urging all members of the audience to get involved in their nonprofit’s data governance plan.
“You’ve heard the expression ‘everyone should have a seat at the table’? Sometimes you have to bring your own chair,” said Beasley.