Antony Savvas considers how charities can ensure their IT function is understood across the organisation to gain maximum value from it, and what they can do to keep their sensitive donor and beneficiary data secure
The ongoing increase in functionality, accessibility and affordability of IT systems continues to provide opportunities to charities in how they maintain records and communicate with stakeholders. And in-house or outsourced cloud solutions provide charities with the potential to run their organisations much more efficiently and effectively.
But there is also the widely recognised threat of security breaches due to malicious activity or operational errors releasing highly sensitive data.
Research has pointed to a disjointed approach to the IT functions from within charities, with the activity taking place in silos leading to failures to get the most out of technology.
More than half (57 per cent) of UK third sector organisations are struggling to unlock the marketing and fundraising potential in the data they hold, according to research from charity technology supplier Blackbaud.
The research was conducted in conjunction with research consultancy nfpSynergy and surveyed 338 not-for-profit professionals. It revealed that just 30 per cent of respondents felt they were doing a good job in using their data for marketing and fundraising.
In addition, 70 per cent of respondents said there was untapped potential in the data their organisations held. The inability to integrate digital data into CRM systems emerged as a major issue, with 38 per cent of respondents able to integrate online data into their CRM systems and just 15 per cent able to integrate their social media data. Only a third of respondents were able to integrate data from third party online giving platforms.
Jo Croft, CEO of BSS - a charity which provides outsourced helplines and CRM technology to charities such as Mind and Marie Curie – says: “When providing advice and support services to a significant number of users – whether over the phone, by email, the web or as a combination of all of these - charities often face difficulties weaving the query information together.
“This often results in users having to describe their issue or query a number of times, which not only wastes time, but also forces users to unnecessarily re-live potentially difficult and sensitive experiences.”
She says: “By harnessing advanced CRM technology to underpin helpline services, all records of previous contact are held in one place – no matter what channel is used to communicate. This allows charity operatives to address any existing issues from the outset, reducing the need to repeat these more challenging conversations, and helping to resolve the issue faster.”
Scott Logie, managing director of marketing firm REaD Group Insight, is a current board member and ex-chair of the Direct Marketing Association. He says: “Charities, like many other businesses, do have disparate IT technology siloed across the organisation. One area of improvement required is in customer personalisation.
“Most charities still fail to recognise the individual and their contribution to the cause and there are many new cloud based solutions to help solve this issue by building better pictures of their customers.”
Unified communications (UC) through the cloud allows charities to make better use of their existing premises through “hot-desking”, since anyone can sit down and work productively from anywhere. And the ease of setting up virtual meetings means they can eliminate the common costs associated with assembling a group of people in one room together – for instance having to pay for them to travel perhaps an hour each way to attend.
And unifying communications across an organisation simplifies what is often a messy mix of technologies and services, purchased ad hoc by different offices and departments, with one system or service.
Then there’s the whole issue of transparency. With all communications unified and on record, the technology gives managers an unparalleled ability to track and review an organisation’s activity to ensure it is working in line with the Government’s Charities Statement of Recommended Practice - as well as any other compliance requirements - so it can remain fully accountable to the authorities, governing bodies, supporters and beneficiaries.
David Monteith, global communications expert at MeetingZone, which specialises in the not for profit sector, says: “UC allows disparate networks of people to collaborate more effectively without technology or bureaucracy getting in their way or causing time-wasting bottlenecks. Given how most charities work, this clearly has many advantages.
“The technology brings other important benefits, most notably the potential for dramatic cost savings through productivity gains and vastly improved operational efficiency. This results in a higher proportion of their vital funding being spent on the causes they support rather than on things like travel, expenses and office expansion.”
Going into the cloud
Ian Tomlinson, CEO of Cybertill – a provider of cloud IT to a range of charities including the British Red Cross, Dove House Hospice and Hospice in the Weald – says: “We often come across silos within charities. For example, we regularly find retail and fundraising are disparate departments.
“That said we are now beginning to witness charities trying to overcome these barriers and developing a more cohesive environment. For instance, charities realise that in retail applications there is huge potential in untapped data, as fundraising departments are interested in accessing and using it to target donors.”
He says: “Cloud based applications not only make the data more accurate, as there is a single central database and not a proliferation of databases, but also more accessible throughout the charity. Extracting data from one cloud application and importing it into another is a simple process, this helps charities break down silos.”
Tackling security and data protection
A serious data loss incident could do severe reputational damage to a charity and the sector as a whole. Of 2,000 Britons recently surveyed by Populus for insurer Zurich, 69 per cent said a serious data loss incident would decrease their trust in a charity’s ability to keep their data secure, and 56 per cent said it would decrease their trust in all charities’ ability to safeguard data.
The survey found 68 per cent of respondents would be discouraged from donating online or via a mobile in the future following a serious data loss incident, and 42 per cent said it would discourage them from donating by any means.
The EU is currently in the process of reforming laws on data protection which, among other things, will require organisations to report data protection breaches to the relevant authorities within 24 hours, with big financial penalties for those who fail to do so.
The UK Information Commissioner’s Office (ICO) already has powers to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Last year, it fined the British Pregnancy Advisory Service (BPAS) £200,000 for a serious data leak, after an anti-abortion hacker gained access to thousands of client names, addresses and phone numbers from a BPAS website and threatened to publish them.
The charity had not realised that it was storing the personal details of people who had contacted it for a call back on pregnancy issues on its website. BPAS said it would be appealing the fine.
Scott Logie says: “Customers value trust, honesty and openness above all other considerations when sharing their personal data with organisations. As such, the most important thing a charity could do if they suffered any breach would be to report it and be clear about process changes to fix the problem. Charities are extended a great deal of trust by consumers, to try and hide any incidents would be as much a breach of trust as the incident itself.”
On cloud security, Tomlinson says: “It is important when dealing with any cloud vendor to ensure what security standards their platform attains, a minimum should be the ISO 27001 standard for data security.
“However, simply put, the environment of the servers and data in the cloud is usually far more secure than any individual organisation could hope to attain in-house. Another critical factor for charities is their cloud provider must be able to confirm that the data stored in the cloud is held within the EU, so as not to contravene the Data Protection Act.”
Oscar Arean, technical operation manager at disaster recovery specialists Databarracks, says: “Disjointed IT centres and silos can cause security risks. Many charities are in a difficult position because they often hold very sensitive data which is often only protected with comparatively low budgets.
“Larger charities have dedicated information security professionals with cross-departmental powers to keep data protected. In smaller charities the responsibility will often fall to the IT manager but they can’t possibly do a good job unless they have a complete view of the data (electronic or otherwise) within the charity.”
Arean says the case needs to be made at board level to take data security seriously across the organisation. He says: “The job of the IT manager is made far simpler when strong data security is supported and pushed down from the top. I would also recommend joining the Charities Security Forum (charitiessecurityforum.org.uk), which is an excellent group sharing knowledge and best practice amongst charities of all sizes.”
Connect Assist provides digital helplines and consultancy services to over 50 third sector and charity customers, including Barnardo’s and The Royal British Legion. Connect Assist CEO Patrick Nash says: “Regardless of whether an IT function is managed in house or outsourced, it is crucial that all staff understand why data security is paramount, and that processes to minimise the risk of a data breach are in place.
“We recommend providing training tools, issuing regular email or intranet based security updates and undertaking regular audits to ensure staff are adhering to policies and training.”
Antony Savvas is a freelance journalist