Dear Diary,

Today, I want to share an interview on data integrity and information sharing. Ilana Blum is a professional focused on due diligence at Brown University. As a prospect researcher, I have learned so much from Ilana Blum and appreciate her stance on these topics which greatly impact the prospect development industry. Please connect with Ilana on LinkedIn. 

Q: As a constant user, developer, and reviewer of donor data, what comes to mind when you think of information sharing?

Ilana: The first thing that comes to mind is that old adage, “Don’t write anything in an email or a contact report that you wouldn’t be comfortable sharing with the donor.” I think that idea can feel a little abstract or removed from your day-to-day when you’re a researcher (and not a “frontline fundraiser”), but I’ve worked in organizations where prominent volunteers and donors actually requested their records from our CRM, so it feels more real to me. At my current institution, we use encrypted email to communicate anything bordering on sensitive data, and even then, we are very conservative about the content of those emails.

The second, and more complicated answer, is that researchers are always going to want more data points – we are insatiable in our desire for better, clearer, more accurate information than what we can find by reading the tea leaves of public records. That constant desire for more data points can run up against data privacy laws (FERPA, HIPAA, etc.) as well as institutional guidance around information sharing. To most effectively do my job, I need to build relationships with fundraisers so that they feel comfortable sharing relevant context and updates on a donor that may otherwise not be apparent from public information, all while ensuring it is appropriately documented in our CRM.

Q: At an organization information sharing is constant and moves rapidly throughout teams, what are 3 keyways we can safeguard how donor data is shared?

Ilana: I think the first key element is to have a comprehensive and well communicated plan around how your organization is going to share (or not share) and protect donor data. I’ve seen breakdowns in donor data privacy where there was not an established, universally known policy around donor data sharing and information was improperly shared with an external volunteer. After that breach, there was an attempt to claw that data back while cleaning up policies on the backend, which was messy and created a lot of unnecessary angst. So, first and foremost, you need a policy, and you need a policy that’s not built during a crisis.

Second, I love the question “what are you going to use this data for?” In my current role, I don’t work directly with our report developers, but in past institutions I worked hand-in-hand with the business intelligence team to create reports that analyzed everything from our donor pools to individual fundraiser portfolios to likelihood-to-give models. Every time a fundraiser reached out to ask for a report or a list, my first question was “what are you going to use this data for?” Their answers were always instrumental in guiding not only the product that was created but also helped me to have a proactive conversation about any data sharing concerns I had.

Finally, going back to my first answer around having a comprehensive and well communicated plan on data sharing, I want to linger on the phrase “well communicated.” Fundraising is a dynamic field and positions, especially on the frontline fundraising side, turn over frequently, so it’s important to have an established training process on data sharing and privacy for all new employees so that you’re not opening yourself up to unnecessary liability every time you make a hire.

Q: I truly feel like Due Diligence is an art and a science. As you’re reviewing a new prospect to add to a portfolio or invite to an event and red flags may arise, how should prospect researchers share this information with their fundraisers? What are a few red flags that catch your attention? (Author Note: caution is subjective per organization therefore it is critical that organizations create their own standards or red flags.)

Ilana: I am lucky in that in my current position, I inherited a fairly established due diligence policy and checklist with a kind of risk typology, including everything from “adverse media” to “money laundering” as potential flags when reviewing a donor. In the instances where I do find information that needs to be brought to the attention of leadership, we also have an established protocol for reviewing that information internally and escalating the conversation if necessary.

To your point on art and science, I think the most challenging part of working in due diligence is to separate your personal feelings or perspective from what would be considered legally, ethically, or reputationally risky for your institution. It’s important to establish a checklist or map out typologies of risk and cite past precedent precisely so that you do not find yourself in a position of asking, “do I find this icky?” as a way of driving due diligence. There is always going to be an instance where I find an individual that I may not want to grab dinner with or engage with socially but pose very limited risk from an institutional perspective.

Q: As prospect researchers we share all kinds of publicly available information from ages to assets to family information that many people never realize is public. I must ask - do you ever wonder if certain information is a “need to know”? Is that how you decipher what information to share with your fundraisers?

Ilana: I find this question challenging because I think it assumes that I, as the researcher, hold all the chips in my relationships with fundraisers. While people outside prospect research do sometimes disparagingly look at what we do as “spying” or “snooping”, I do think it’s really critical for us to be able to communicate to our fundraisers what we’re able to find in publicly available information and what the considerable limitations of our scope are, and where their relationships with donors will often provide the most critical information.

I also think it’s a learning experience for everyone (myself included) in this industry to really understand the full digital footprint that you as a human have, just by interacting with systems like the DMV, County Assessors, the Social Security Administration, the IRS and others. That list doesn’t even include the information we put out voluntarily via social media like Facebook, Instagram, X, LinkedIn, etc.

To answer your question on how I determine what information I share with fundraisers, I think it’s based on years of creating relationships with fundraisers and using my best judgement on what should be shared and when. It’s important to ask yourself why you’re sharing information and what you hope a fundraiser will do with it – are you sharing information on an ongoing, messy divorce because it has implications for the donor’s ability to give a significant gift in the near future, or are you sharing it because it’s salacious? Are you making a fundraiser aware of some political social media posts because you think it provides insight into the donor’s philanthropic and civic priorities, or are you sharing it because you personally find it distasteful? Fundraisers have the same internet access we have, so at the end of the day my value-add is to contextualize that information and make it actionable. If I’m doing that, then I’m doing my job.

---

Ilana, thank you so much for leaving us with thinking points about our due diligence policies, how we share information across teams, and the information shared by prospect researchers and fundraisers about prospects and donors. You have gifted us with so much to hopefully change and create.

Until next time, August 15th

Art Credit: LeNia Stitt