WealthEngine’s sole focus is prospect research. Your records and our data sources are all processed internally and the information is never shared with outside parties. We have internal checks in place and experienced staff to manage any volume of records processed. In this day and age, one small mistake can greatly harm your long term efforts. You need to know that you are working with the best company in the market, despite the price. With more than 14.2 million records run last year alone, your data is in good hands.

As you consider your donor/prospect screening process, please use the tips below to ensure that your data remains private and secure.

Evaluating Your Vendors

  • Evaluate the data mining company’s core function—is prospect research the company’s proven core competency? Or does it offer a number of products such as donor management software and fundraising consulting? Is the company new to prospect research? Chances are, those companies that are new or have broader priorities are not investing heavily in their data mining services, especially in security. Be sure to research before you buy.
  • Consider how your department and your vendor(s) are processing your data. Best practices stipulate that a single person should manage the transmittal of the data via a secure, electronic or automated submission.
  • Examine the breadth of the company’s client base. How many records does it screen each year? Who are its clients and which ones/how many are similar to your organization? How long has the company been in business?
  • What is the skill level of the staff and the people processing your data?

Protecting Your Data

Within your department

  1. Restrict access to data files (including donor and/or patient information) to only those employees who need access
  2. Ensure that any printed/paper files are kept in a locked file cabinet or secure room.
  3. Educate development staff and fundraising activists on the process/purpose/use of screenings and their roles in protecting the data.
  4. Develop an implementation plan for data use and clearly outline who has access to screening results and which data should be pulled into your donor management system (DMS). 
  5. In cases of high staff turnover, be sure to change passwords for access to sensitive data.
  6. Use encryption on computers that house or use confidential data on a regular basis.
  7. Have a written IT/Data Security policy that covers both internal matters such as data theft or negligence by employees, and external threats such as viruses and phishing. Such a policy should also be communicated to staff on a regular basis through on-going training.
  8. Don’t share passwords for your online research tools (e.g. WealthEngine’s FindWealth Online℠) or for your FTP site unless necessary. Only share your password with those who need it and change it when someone with access leaves your organization.
  9. Keep data—including copies of checks and financial transactions—only as long as you are required to do so. 
  10. Properly dispose of electronic and hard copies. Be sure to use a shredder when disposing of hard-copy data so that the information is always kept confidential.

When sending your data to a vendor

  1. Ensure that a single person on your staff is responsible for file submission.
  2. Don’t include information that refers to a patient’s diagnosis, including area of treatment such as neurology, oncology, etc. HIPAA rules state that development offices can only receive demographic data on patients (name, address, DOB, phone, etc.) and date of service, unless the health care organization gets written permission from the patient to offer up additional details (such as area of service or diagnosis). If they do so, they can include the information in screenings; however, the data should be coded in some way to protect the patients’ privacy as much as possible. For example, you can assign each treatment a number: 1 for oncology, 2 for diabetes, etc.
  3. Only send information that is pertinent for the screening results to be conclusive (e.g. demographic information).
  4. Do not transfer files by standard email—use secure methods such as FTP or file encryption.

When communicating with your patients and donors

  1. Be up front about your prospect research. Consider posting a statement on your website or in your privacy policy about data mining. Transparency up front helps assuage issues later.
  2. Develop a policy statement outlining process/policies/HIPAA compliance to be distributed to patients who question research practices.
  3. Allow donors/patients an opt-out option for fundraising activities.

Questions? Please don't hesitate to contact Client Service at customerservice@wealthengine.com or (301) 215-5980 option #3.

Call us at 877.927.8071 to find out more.

Try us on for size and see how we fit!

Our team is standing by and ready to help.