I feel that prospect development is evolving quickly. The European Union’s General Data Protection Regulation (GDPR) and recent scandals in philanthropy and higher education seem to have changed the landscape, and I am being asked questions I have not been asked before. What do I do to help my colleagues and myself? I’m losing sleep trying to figure out where to start!
Insomniac in Fond du Lac
I empathize with you! It can feel overwhelming with everything that has happened in the past few years! I’ve found that having policies in place and talking with others can help alleviate stress because it gives me a firm reference point when responding to internal questions. Also, the process of creating a policy can help you build your understanding of the topic at hand.
Writing policies can be time consuming — but there are many resources available:
- Through the Apra/AASP partnership, examples of best practices and policies are available free of charge for Apra members
- Search online for the policies of similar institutions and see if you can use their policies as a starting point for yours.
- Read the CASE prospect research and wealth screening GDPR compliance guidance.
- Talk to your office of legal counsel who may already have something available or may provide guidance regarding your policies.
- Reach out to colleagues within and outside your organization who can provide moral support, subject matter expertise, act as sounding boards and help you with drafting documents. The Apra Ethics and Compliance Committee and the “L” are resources that you can always go to!
Many ethical issues are relevant to prospect development professionals. Read our last Ask the Ethicist article, “Recent Headlines Have Left Me Speechless.”
All of these resources can help you get the words on the page, but in hopes of further alleviating your insomnia, here are a few policy areas you might want to prioritize, if you don’t already have them in place:
- Gift acceptance: Who will we not accept gifts from? What types of gifts will be accepted? Who gets to decide?
- Due diligence/persona non grata: How do we vet our donors or prospective donors? Who do we vet? What do we do when someone “fails” the vetting process?
- Admissions and fundraising: When do we cease solicitation activities with a donor or prospective donor who has a child applying to our organization? What types of interactions are appropriate for a donor or prospective donor with a child applying to our organization?
- Vendor review: Does your vendor retain your constituents’ data? Does your vendor store and transmit your data in an acceptable manner? Does your vendor adhere to the terms and conditions/regulations of any third parties from whom they acquire information? Does your vendor have any known issues that could bring embarrassment to your organization?
- Social media use: What are the acceptable uses of social media in your shop? What social media will you/won’t you store in your database of record?
- GDPR-related policies:e. right to be forgotten requests, data subject access requests, privacy notice communications
- Data sharing for internal/external parties: What data do you share with people from outside your organization? What data will you share with individuals from outside the fundraising arm of your organization?
- Data retention: How long will your organization retain various categories of data? Are there any categories of data that we should delete from our database and never add again?
It’s important to review the content of your policies on a regular basis, so you should also have a policy on reviewing policies. (So meta!) How often will you review them, who will review, and who signs off? And, it doesn’t hurt to have a policy that addresses policy violations.