Donors Raise a Red Flag Over Privacy

Information-age fears threaten charities’ ability to solicit funds

In the information age, donor privacy is emerging as a formidable obstacle for fund raisers.

In recent months, regulators and legislators — driven in large part by concerns about the Internet’s potential to make vast amounts of personal data available to just about anyone

— have introduced an array of measures to allay consumers’ privacy concerns. While many of the measures are not specifically aimed at charities, they reflect a growing sentiment among lawmakers that there is little difference between efforts to seek charitable gifts and commercial marketing efforts that consumers often find intrusive or misleading.

And that, experts say, is already beginning to hamper the ability of some fund raisers to do their jobs and is likely to lead to new restrictions on the kinds of activities in which fund raisers can engage — if not fundamentally change the way they go about raising money.

Most charity leaders, however, have not grasped the degree to which privacy concerns could affect the non-profit world, experts say. As a result, they have not formulated a unified position, taken steps to review their privacy practices, or tried to educate the public about donor privacy. That failure could lead to stricter-than-necessary legislation that harms fund raising, says Lane Brooks, president of the Washington chapter of the National Society of Fund Raising Executives and director of development at Public Citizen, a non-profit advocacy group.

“People are not aware of the potential for disaster in the field of philanthropy out of what could be a misguided interest in the protection of people’s privacy,” Mr. Brooks says. “Non-profits need to realize how serious the potential effect on fund raising is.”

Among the recent legislative developments:

* The U.S. Department of Health and Human Services last month proposed regulations to protect patients’ privacy by limiting the instances in which electronically transmitted medical records can be used. Fund raisers at hospitals typically rely on the records of former patients to identify prospective donors (The Chronicle, February 10).

* In January, Arkansas became the first state to prohibit solicitors working in behalf of charities from telephoning consumers who request to be on “do not call” lists. Many states have similar laws that apply to commercial telemarketing companies, but most of the states have heretofore exempted charitable solicitations. (Measures similar to the one passed in Arkansas were narrowly defeated in Colorado and Indiana in recent months but are expected to be reintroduced.)

* Under a new federal law that takes effect June 1, drivers must give their permission before charities and other groups can get data from their driver’s-license applications and motor-vehicle registration forms. Those data had traditionally been regarded as a matter of public record and used widely for marketing and fund-raising purposes (The Chronicle, October 21, 1999).

Fund raisers typically use such public records — many of which are now available on the Internet — to compile detailed profiles of potential donors, including how much they paid for their homes, how much stock they own in publicly traded companies, their exact ages, and how much money they earn. But, as has been the case with driver’s-license and now medical records, such information could be barred from fund raisers in the future, experts say.

“The more the public understands that what they thought of as private may well not be — and furthermore that it’s being used by parties hoping to raise money from them — people are going to start crying out for some protections,” says Matt Hamill, director of government relations at Independent Sector, the Washington coalition of non-profit organizations.

Indeed, donors are becoming increasingly uncomfortable with the personal information that fund raisers are gathering, and the ease with which it can now be obtained via the Internet, some fund raisers say.

“I see more sophistication on the part of donors; they know we are gathering this type of information, and board members have asked us to take their names out” of research projects that seek data on their assets, says Michel Hudson, president of the Association of Professional Researchers for Advancement — which represents fund raisers who specialize in collecting such information. Ms. Hudson is a fund raiser at Seton Healthcare Network, in Austin, Tex. “I do see some nervousness, mainly because donors are more aware that we can do this,” she says. “They weren’t really aware when we were doing this same kind of research by going down to the courthouse.”

Many experts predict that online-privacy concerns related to the Internet will increasingly dictate what is acceptable off-line in direct mail, telemarketing, and other types of charitable fund raising.

“We are in the beginning of a 20-year cultural shift generated by digitization, and that shift is drawing new lines about what is acceptable information to use,” says Jonathan Lindsey, director of donor information at Baylor University and chair of the ethics committee of the fund-raising researchers’ association.

Online privacy advocates would like to see companies and charities held to a new standard. They want organizations to ask a person to give his or her permission — or “opt in” — before any personal information about that person could be made public or shared with other groups.

That approach contrasts sharply with the one currently practiced by most charities, particularly those that rely on direct mail and telemarketing. Unless donors and members request that information about themselves be kept private, the groups are free to use the information as they see fit. Most exchange or rent their donor lists to earn money and offset the cost of bringing in contributions.

“The off-line world will follow the model that the online world is creating,” predicts Dave Steer, director of communications at TRUSTe, a Cupertino, Calif., group that monitors Web sites’ privacy-protection policies. “Right now, we believe that ‘opt-out’ is the bare minimum, and ‘opt-in’ is the way to go.”

Both the Department of Health and Human Services’ medical-records proposal and the new driver’s-record law require that such data be kept private unless a person gives explicit permission for his or her record to be shared or made public. Should charities eventually be required to get people’s explicit permission to send them solicitations and other offers, the consequences could be great, many fund raisers fear.

“Direct mailers and telemarketers have the most to lose,” says Mr. Lindsey of the researchers’ association, “because they have no other relation with donors to fall back on if their solicitations are restricted or curtailed.”

The new restrictions have greatly alarmed organizations like the Direct Marketing Association, which represents companies and charities alike and mounted a last-ditch attempt to get legislation introduced that would overturn or at least delay the driver’s-license law before it could take effect.

Charities, particularly those that depend on direct mail and telemarketing, have joined the direct-marketing industry in arguing strenuously that current guidelines — which allow consumers to take steps to have their names removed from list-sharing transactions — are more than adequate privacy controls. Having to adopt provisions requiring charities to get permission from people before soliciting them, they say, would cripple their fund-raising abilities.

“If we were confronted with a mandatory opt-in requirement, it would put us out of business,” says Max Hart, who runs an extensive direct-mail program for the Disabled American Veterans, a Cold Spring, Ky., charity that netted $68.5-million in direct-mail contributions last year. “If you ask people’s permission to have their names and addresses sold, it’s like raising a red flag in front of them. “

Mr. Hart’s charity tells donors that they can be left out of his organization’s list-sharing practices twice a year, using a statement included in a direct-mail appeal. Some 337,000 people on the charity’s list of eight million donors have opted out.

The results would be entirely different, says Mr. Hart, if the charity had to ask donors point blank for their permission first, before selling or exchanging their names and addresses so other groups could send them solicitations. With that requirement, says Mr. Hart, “my guess would be that only 25 percent or less would give permission.”

Such arguments garner little sympathy from advocates at non-profit privacy and consumer-rights organizations. “Many of these opt-out provisions are written so ambiguously that people have no real understanding that their names are being sold or rented,” says Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego organization that tracks privacy legislation and maintains a database of consumer complaints about privacy violations. A fair number of the complaints, notes Ms. Givens, involve misleading or annoying charity appeals.

In one closely watched case, the Attorney General of Minnesota has filed a lawsuit against Minnesota Public Radio, alleging that it misleads donors when disclosing to them how their names, addresses, and telephone numbers are used.

The station, which denies any wrongdoing and says its approach conforms with direct-mail industry standards, tells donors that their names are shared “occasionally” with groups in which it thinks “they may have an interest,” and allows them to request that their names not be circulated.

But the lawsuit alleges that the disclosure is inadequate because donors’ information is in fact shared frequently, their interests are seldom if ever taken into account, and the station never makes it clear that donors will get solicitations from other groups.

Complaints by donors who feel that their interests have been disregarded by charities are not uncommon.

Todd Ganos, a San Francisco investment manager who gives to several local causes, says he is tired of charities that sell his name and address to other charities against his wishes or that refuse to honor his request to remove his name from their mailing list.

“I understand these groups need to raise money,” he says, “but it can be done without these intrusive practices.”

In one case, Mr. Ganos, after receiving solicitations from the American Cancer Society in Oakland, Calif., says he called an executive at the charity and asked her to remove him from her list of potential donors. She assured him that he would get no more mailings. But “six months and two more phone calls later, I’m still getting stuff,” he says.

Mr. Ganos also says he canceled a decade-old membership in the Sierra Club after learning that the charity had given his name and address to other environmental groups — despite his express request that it not do so.

Such complaints tend to color regulators’ and legislators’ views about all non-profit groups, experts say. But charity officials usually don’t pay much attention to donors like Mr. Ganos unless the person has a beef with their own organization. Even when they do follow privacy issues, most charity leaders do not take a “big picture” view, says Mr. Brooks of the Washington chapter of the national fund-raisers’ society. Instead, he says, they follow one or two pieces of legislation and ignore the rest, thus missing the larger implications of privacy regulations for fund raising in general. For example, some non-profit direct mailers have followed the driver’s-licensedebate but have little awareness of the new plan to restrict medical records.

“There is a divide among fund raisers whose primary interest is major gifts and those who are doing direct mail,” says Mr. Brooks. “That’s an artificial distinction, because the principles behind these new developments are the same, and they could affect all of us. If one wing of fund raising abandons the other wing, it does not serve philanthropy.”

Mr. Brooks says that professional organizations for fund raisers, like the National Society of Fund Raising Executives, should start communicating with organizations like the Alliance of Nonprofit Mailers and others. The groups could work together, he says, to come up with privacy policies that fund raisers as a whole can agree on and use to argue for fair legislation.

But even if fund raisers succeeded in helping to stave off more new privacy restrictions, consumer-rights advocates say that donor discomfort about some practices should lead charities to start thinking about how they could change some traditional fund-raising efforts.

In the field of health care, many fund raisers rely on securing the names and addresses of former patients from medical records maintained by their business offices. But with the proposed restrictions on such records, some hospital fund raisers are considering whether they should instead get patients’ permission to send them information — as they are filling out admissions paperwork, for example, or upon release from the hospital.

A few have already stopped asking their business offices to give them names and addresses from patients’ medical records. The Beaumont Foundation, a Troy, Mich., fund-raising arm for two non-profit hospitals, stopped that practice about two years ago.

“The hospitals fear that patients would be offended by this, and doctors also have some concerns,” says Peter Groschner, director of planned giving. While Mr. Groschner says he is worried about how the hospitals will find new donors without being able to solicit former patients, so far the change has not affected contributions. The reason: Fund raisers have redoubled their efforts to seek gifts from current donors.

Privacy advocates would like to see more charities follow the hospitals’ example. But many charity leaders “do not even think about this privacy stuff,” says Tom McGuire, a former fund raiser at the World Wildlife Fund who now works for the Electronic Frontier Foundation, a San Francisco advocacy group that promotes online privacy.

Non-profit groups, says Mr. McGuire, “do not realize that the privacy issues facing big business are exactly what we face in fund raising. They think what’s going on in the real world doesn’t affect them, so they are less inclined to look hard at their own privacy practices.”

Due to their reliance on contributions, Mr. McGuire says, charities cannot afford to alienate donors who tend to hold non-profit organizations to a higher standard than companies when it comes to issues like privacy.

“When you think about the values we generally stand for,” he says, “we are supposed to be the good guys.”