Prospect Research Links of Interest
Apra is the premier international organization serving professionals in Prospect Development, the strategic arm of an organization’s fundraising operation. Apra provides leading-edge educational and networking opportunities, establishes and promotes high professional standards and ethical guidelines, and serves as a representative voice for the profession.
Established in 2014, this guide is designed to help each organization develop a tailored system that will ensure the confidentiality and security of information and materials involved in the work of prospect development professionals and the organizations for which we work.
Approved in 2013, The Social Media Ethics Statement was created to assist Apra members in making ethical choices about the use of data gathered from social media in their fundraising research activities. The Apra Social Media Ethics Statement follows immediately after the Apra Code of Ethics on this webpage:
Adopted in 1964 and amended in 2014, the Association of Fundraising Professionals (AFP) Code of Ethical Standards is designed to help development officers adhere to the highest standards of ethical behavior in their fundraising work. These standards include treatment of confidential and proprietary information.
Ethics & Compliance Resources
- The Direct Marking Association (DMA) and the Association of National Advertisers (ANA) merged to form one association (ANA). The association provides resources regarding email marketing regulations:
- Marketing permissions guidance, including usage of email addresses, can be explored here.
- Additionally, the ANA Nonprofit Federation website provides Ethics & Policy Resources for Nonprofits, including an update on privacy and data usage legislation, such as GDPR and the CCPA.
The CAN-SPAM Act requires the Commission to issue regulations “defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message.” The CAN-SPAM Act applies almost exclusively to “commercial electronic mail messages.”
The United States’ Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information (PII) maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage. Title II of HIPAA establishes policies and procedures for maintaining the privacy and the security of individually identifiable health information, outlines numerous offenses relating to health care, and establishes civil and criminal penalties for violations.
The Family Educational Rights and Privacy Act (FERPA) is a United States Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Under FERPA individuals can request that their directory information not be released to third parties. Universities are allowed to define “directory information,” so check your university’s policies to find out which data elements are covered at your organization. Individuals who have blocked their directory information from release should be clearly flagged in databases and users should be educated in the protection of this information.
Managing and governing digital data in ways that advance your mission and respect the rights of the people you serve is a core capacity of foundations and nonprofits. While digital data hold tremendous promise for how we do our work in the social sector, they also raise new challenges. Digital data should be viewed as both an asset and a liability. This site, produced by the Stanford Center on Philanthropy and Civil Society, allows an organization to explore its necessity for various data policies.
The Privacy Act of 1974 establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual.
Personally identifiable Information (PII) is defined as "information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc."
The Donor Bill of Rights was created by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute: Leading Consultants to Non-Profits. It has been endorsed by numerous organizations.
The Donor Bill of Rights was created by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute: Leading Consultants to Non-Profits. It has been endorsed by numerous organizations.
Additionally, AFP established the eDonor Bill of Rights to address concerns and challenges arising from Internet charitable giving.
The United Nations Conference on Trade and Development has assembled a website which keeps track of all data protection and privacy legislation around the world. One can download links to all of the legislation from each country. The site also provides an interactive world map.
The California Consumer Privacy Act of 2018 (CCPA) grants California residents rights with respect to the collection of their personal data. While nonprofit organizations are currently excluded entities, the CCPA does impact third-party data vendors. The CCPA applies to businesses whether or not the business is physically located in California.
EU and Canadian Links
Apra Canada has prepared links to a number of privacy guidelines used throughout Canada and its charitable organizations. The guidelines were compiled by a privacy working group from Apra, AHP (Association for Healthcare Philanthropy), AFP (Association of Fundraising Professionals), and the CPP (Canadian Centre for Philanthropy, Imagine Canada). To access these Canadian privacy documents, please go to the Apra Canada Privacy Tool Kit.You do not need to be a member of Apra Canada to access this kit.
How to keep track of what’s new with GDPR
Additional Resources:
The ICO recommends conducting a Data Protection Impact Assessment ((DPIA) to better understand how your organization uses and processes personal data and to identify any weaknesses in GDPR compliance and practices that needs to be addressed. The ICO has produced some guidance on conducting DPIAs below:
The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
Researchers in Fundraising (RiF) is a Special Interest Group of the Institute of Fundraising and is the leading representative body for prospect researchers in the UK.
The US Federal Trade Commission, which regulates the Privacy Shield, does not have jurisdiction over most nonprofits.
The Freedom of Information Act provides public access to information held by public authorities. Public authorities are obliged to publish certain information about their activities; and members of the public are entitled to request information from public authorities.
Here is a guide for those who have day-to-day responsibility for data protection.