Donor privacy is a big and important issue in philanthropy right now. Many organizations are working hard to protect and expand it, in law and regulations.

I’m an IT guy in philanthropy. Soon after I came to the U.S. in 1999, I worked at Milwaukee’s Lynde and Harry Bradley Foundation (before it was hacked), and I now work at the Kern Family Foundation in a western-Milwaukee suburb. There’s an additional, critical perspective on donor privacy.

According to Lawrence Lessig’s dictum, popularized by his seminal 1999 book Code and Other Laws of Cyberspace, “code is law.” It still is, and may be more so. Code, of course, is the software and hardware that make cyberspace what it is.

While philanthropic donor-privacy defenders and advocates do not need to fully understand code as a technical matter, they do need to know that legal and regulatory rights essentially mean nothing if code cannot consolidate them. And this requires resources.

Grantmaking foundations themselves likely have these resources. Many, if not most, of their grant recipients may not. The recent ransomware attack on cloud-computing provider Blackbaud concerningly proves that many nonprofit groups of all kinds are not prepared to deal with data breaches, to the detriment of donors and their privacy.

As with any foundation grant-contract demands for data that measure outcomes, mandated donor-privacy protections cost money, too. If they’re imposed by a funder, it’s only fair to fund them, if necessary. It should basically be considered a necessary transaction cost.

 

Clement Mariaselvanayagam is the IT and grants administrator at the Kern Family Foundation in Waukesha, Wis.