Menu

Data privacy and security: The complete guide for associations

These days, data privacy and security are hot topics — and association members are no exception. On the one hand, members of professional associations like yours are clearly concerned with the privacy of their data — but on the other, they also want their associations to provide them with personalized content. Naturally, creating such content means an association needs certain user-specific data. So, how can these two seemingly opposite interests be aligned?

Essentially, it all depends on how well you construct your association’s data security and privacy policy, especially for your career-center software. Association members don’t mind sharing some information if they’re sure it’s secure and that they’ll get tangible benefits out of it — like valuable, targeted content.

With that in mind, let’s explore some essential information on keeping your personalization balanced with data privacy for the ultimate member experience!

Federal regulations on user privacy

Seeing as associations gather and maintain sensitive and personal information on their members, their databases must be secure and in compliance with federal, state, and international law.

For associations in the United States or those that have members in the United States, there’s a complex patchwork of state and federal privacy policies and user data protection laws. These regulations describe the obligations that all organizations that hold and collect personal information must fulfill. Naturally, the requirements may vary depending on where the association is located and where their members reside — particularly when it comes to state laws.

However, federal obligations are something all US-based associations have in common. Below, we take a look at them in detail.

Fair Credit Reporting Act

Abbreviated as the FCRA, the Fair Credit Reporting Act is there to govern the use of consumer reports while determining insurance, employment, and credit eligibility.

According to the FCRA, credit card numbers must be truncated on printed receipts and some types of personal user information must be permanently destroyed after being processed. This Act also regulates how organizations can use some types of information they collect for marketing purposes from affiliates. Also, there are additional FCRA requirements for financial information, like payment details.

Children’s Online Privacy Protection Act

COPPA is designed to impose a strict prohibition on collecting personal information on children younger than 13 online. Operators of online services and certain websites that are intended for children or may be used by children must not use, collect, or disclose any personal information about kids younger than 13.

Even collecting information on a single child is considered a serious violation with significant penalties — fines run up to $16,000 for each violation.

This is why associations need to make sure that their online data collection contains mechanisms that screen out personal information from children. Of course, there are websites and associations that work with children and process their information as a part of that — in that case, they would need to be approved through a COPPA compliance program. These are also audited regularly and parental consent is frequently tracked.

Bear in mind that any organization that collects birth dates could be subject to COPPA compliance scrutiny.

CAN-SPAM Act

Professional associations and other organizations frequently engage in communications and marketing campaigns. However, seeing as certain federal regulations aim to reduce the unwanted use of the personal information of US citizens for telephone and email communications, these campaigns expose the organizations who undertake them to federal laws.

For instance, the CAN-SPAM Act aims to dictate the circumstances in which an organization may send someone unsolicited emails for a commercial purpose. Such emails are allowed as long as they come with:

  1. An accurate subject line and header
  2. Clear identification of the email being an advertisement
  3. The postal address and legal name of the sender
  4. Nondeceptive text in the message body
  5. A mechanism for the recipient to opt-out of unsolicited emails in the future

Before an association decides to do an email blast, it should make sure that the message is compliant with the requirements outlined by CAN-SPAM. Also, it’s not a bad idea to get consent for future messages from the recipients — this single step can minimize a lot of compliance issues you’d otherwise have with CAN-SPAM.

Keeping member private data safe

One of the most important aspects of managing your privacy policy and user data is keeping your members’ data in a single secure place. As an association starts growing and gathering more and more data from members, it’s important to move your data collection away from simple spreadsheets.

There are plenty of association management software (AMS) solutions out there, and the right AMS can be of big help when it comes to ensuring the safety and security of member data. Logically, this should be your top factor when choosing among different AMS solutions for your association.

Before going with any technology vendor, you need to be certain that they’re using all the best practices required to stop unauthorized data access. Multi-factor authentication is a good example, as it is one of the first things you want when it comes to increasing data security.

Tokenization is also a neat feature, as it will improve the security of electronic payments in the case of recurring transactions like donations or membership dues via a secure digital identifier.

A preference center is a good idea

As mentioned above, federal laws mandate that you allow association members to opt out of unsolicited emails or similar communication. Some organizations and companies try to make opting out more difficult, in hopes of keeping people in their email chain that way. However, this can backfire on your association badly.

Members don’t want to be hassled or tricked when it comes to email advertisements — instead, they want a personalized experience and one that they can customize as they see fit. That’s why you want to create a “preference center” — an online settings portal where your members can easily choose when and how they want to receive content from your association.

Ten data security tips for associations

There are a number of steps that association executives can do to make sure the data privacy and security of their members are at an adequate level. Some of these include:

  • Make sure all relevant association staff know where they’re storing association data, as well as who they’re sharing it with and who has access.
  • Enforce and establish policies for managing member data, especially payment information and sensitive data from mobile devices.
  • Ensure that your association is in compliance with all the data security requirements from relevant regulatory authorities.
  • Make sure all staff members are regularly updated and educated on data security awareness.
  • Create incident response procedures and hold staff training sessions for the possibility of a data breach.
  • Keep everyone updated on applicable state and Federal laws that regulate the use of personal information.
  • Maintain and install necessary security safeguards for data that's stored onsite, like encryption, firewalls, and intrusion detection.
  • For offsite data that’s located on a hosted site, make sure operating agreements and contracts with the host ensure the presence of security safeguards.
  • If your association has members from the European Union, make sure that you’re compliant with GDPR.
  • Ensure compliance with the Telephone Consumer Protection Act.

Wrapping up

When it comes to data privacy and security, especially for career center software, you need to realize one thing: member trust and personalization go hand in hand. If your members know that your association is aware of their security and data privacy needs and is doing all it takes to fulfill them, they’ll be happy to provide all the necessary information your organization needs to function properly.

As you continue striving to maintain a balance between fulfilling member expectations about data security and their increasing need for a more personalized experience, ensure you’re approaching the issue thoughtfully — and utilize all modern technology and software solutions that can support your effort.

Your association needs the most advanced, secure career center on the market to truly unlock the value of your audience safely and securely. Get in touch with Madgex today to learn how our technology can boost your audience engagement, generate revenue, and increase your membership.

 

Subscribe to get the latest association, job board software, and technology content.