Tips on Data Protection
Keeping your supporters’ data safe and secure is vital in today’s world. At Engaging Networks, we take data security very seriously and are always monitoring and adapting to changing legal requirements and potential threats.
That’s why we’ve drafted this short blog, to share some tips on data protection that you can apply for your own data sets. By following some simple procedures you can help ensure your data is only accessible by the right people. Here are a few quick and easy tips: Manage your user lists. Your users can log on and access supporter data. If you are a ‘Super Admin’ for your account, make sure that you regularly maintain this list, making users inactive that should no longer have access or deleting them altogether if they have left your organisation.
Consider using permission groups
For example, if some users should not see certain types of supporter data when they log on, you can use data views to hide it from them.
Keep your passwords secure
Do not email your passwords or tokens. Email is not a secure method of communication (do not email supporter data either!)
Use Egnyte to share secure data
If you need to share data with our support team, or other members of your team use Egnyte.
Never send data (or passwords or tokens) via email! If you’re not familiar with this secure file sharing system please contact us and we can get you set up, or let you know who has access already.
Supporters’ data should not be stored in Google Analytics
That means you shouldn’t place personal data, such as email addresses, into URLs that might be logged by Google Analytics. For example, be careful when using the Form Dependency Redirect, which redirects as soon as the condition is met and pre-populates the landing page from data it places in the URL.
Use a subdomain of your site for your hosted page
If you are using e-activist.com or netdonor.net domains for your Engaging Networks pages, contact us. We can help you get a subdomain for your pages instead (this does not cost you anything), such as action.your-charity.org. This builds trust from your supporters that they are on a legitimate site and also lets you whitelist your domains (see the next item).
Whitelist your domains
This means that your pages can only be displayed using domains you have whitelisted. Some spammers can guess URLs otherwise and submit data or test card numbers.
Although not about data security as such, we have lots of other fraud management tools available – take a look at this page for more information.
Check your audit log
Super Admins can check the audit log to see when users are logging in, and what they do. It can be useful to check that activity, as well as the job monitor and import logs, so you’re aware of how your account is being used.
Be careful when importing and deleting data
Make sure you have robust procedures in place when your users import or alter data in some way. Many of these processes are irreversible, and so mistakes can be hard to correct.
If you’re doing other things to help secure your data on Engaging Networks (or another platform), let us know! The more we can share the better.