Estimated Reading Time: 5 minutes
Resource Type: Articles
Topic: Data Privacy, Tech Risk, Cybersecurity, HR Risk and Employment Practices
Masters of disguise are using others’ identities to support lavish lifestyles. Using one or two verifiable pieces of data identity, thieves construct a life for themselves and commit someone else’s money to supporting it. Armed with name, address, Social Security number, credit cards and PINs (personal identification numbers) stolen from personnel files, office waste baskets and electronic databases, thieves are racking up thousand of dollars against other people’s business accounts.
Professional thieves hit hard and fast. Many of them have inside contacts who gather data on current and past employees for a price. These staffers might be someone in senior management, clerks or counselors in the HR department, clerical floats or temporary staff. Motivated by making a quick buck, the thrill of getting away with something, or getting back at someone who’s harmed them, they hand over another’s identity to criminals. But none of their reasons for engagement protect your nonprofit should the person whose identity was stolen decide to file a suit alleging your nonprofit was negligent in protecting personal privacy. What can serve in your defense are strong internal controls that show you’re fulfilling your duty of care in protecting personal information gathered in the course of providing your services.
The first thing to do is make a list of the categories of people whose information you collect:
Then identify:
Analyze the results to discover where the holes are and plug them. Simply make the identity theft less easy to accomplish, or “harden the target” in today’s parlance. Balancing the needs and rights of a nonprofit against its employees and its clients can be tricky. Creating use policies, educating people on their existence and chastising those who break a policy go a long way towards providing necessary protection. And keep in mind that the greatest security risk a nonprofit faces is from disgruntled insiders — not the contract person cleaning the office in the evening or a teenage hacker seeking access to your systems for the thrill factor.
“First let me congratulate you on a conference well done. I had a great time at the Nonprofit Employee Benefits Conference and walked away with some valuable tools and questions that we’ll need to be addressing in both the short and long term. Thanks to you and your staff for all you do to provide us with quality resources in support of our missions.”
“BBYO’s engagement of the Center to conduct a risk assessment was one of the most valuable processes undertaken over the past five years. Numerous programmatic and procedural changes were recommended and have since been implemented. Additionally, dozens (literally) of insurance coverage gaps were identified that would never have been without the work of the Center. This assessment led to a broker bidding process that resulted in BBYO’s selection of a new broker that we have been extremely satisfied with. I unconditionally recommend the Center for their consultative services.
“Melanie Herman has provided expert, insightful, timely and well resourced information to our Executive Team and Board of Directors. Our corporation recently experienced massive growth through merger and the Board has been working to better integrate their expanded set of roles and responsibilities. Melanie presented at our Annual Board of Director’s Retreat and captured the interest of our Board members. As a result of her excellent presentation the Board has engaged in focused review which is having immediate effects on governance.”
“The Nonprofit Risk Management Center has been an outstanding partner for us. They are attentive to our needs, and work hard to successfully meet our requests for information. Being an Affiliate member gave us access to so many time- and money-saving resources that it easily paid for itself! Nonprofit Risk Management Center is truly a valued partner of The Community Foundation of Elkhart County and we are continuously able to optimize staff time with the support given by their team.”
“The board and staff of the Prince George’s Child Resource Center are extremely pleased with the results of the risk assessment conducted by the Nonprofit Risk Management Center. A thorough scan revealed that while we are a well run organization, we had risks that we never imagined. We are grateful to know that we have now minimized our organizational risks and we recommend the Center to other nonprofits.”
Great American Insurance Group’s Specialty Human Services is committed to protecting those who improve your communities. The Center team has committed to delivering dynamic risk management solutions tailored to nonprofit organizations. These organizations have many and varied risk issues, hence the need for specialized coverage and expert knowledge for their protection. We’ve had Melanie speak on several occasions to employees and our agents. She is always on point and delivers such great value. Thank you for the terrific partnership and allowing our nonprofits to focus on their mission!