Tag Archives: privacy

Nonprofit Radio for October 10, 2022: The Smart Nonprofit

 

Beth Kanter & Allison Fine: The Smart Nonprofit

That’s Beth Kanter and Allison Fine’s new book, revealing the potential of smart technology and artificial intelligence for your nonprofit, and the entire sector. Beth and Allison are with us to share their thinking.

 

 

 

 

Listen to the podcast

Get Nonprofit Radio insider alerts!

 

I love our sponsors!

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

Fourth Dimension Technologies: IT Infra In a Box. The Affordable Tech Solution for Nonprofits.

Apple Podcast button

 

 

 

We’re the #1 Podcast for Nonprofits, With 13,000+ Weekly Listeners

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.
View Full Transcript

Transcript for 612_tony_martignetti_nonprofit_radio_20221010.mp3

Processed on: 2022-10-08T02:19:32.872Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2022…10…612_tony_martignetti_nonprofit_radio_20221010.mp3.487143462.json
Path to text: transcripts/2022/10/612_tony_martignetti_nonprofit_radio_20221010.txt

[00:00:44.94] spk_0:
Oh, I neglected to mention, you hear me, you hear me do an intro to the show and then we’ll chat uninterrupted and then I’ll do the outro and then I could say goodbye Hello and welcome to Tony-Martignetti non profit radio big non profit ideas for the other 95%. I’m your aptly named host of your favorite abdominal podcast. Oh, I’m glad you’re with me. I’d bear the pain of infra occlusion if you made me chew on the idea that you missed this week’s show. The smart non profit That’s Beth Canter and Alison finds new book revealing the potential of smart technology and artificial intelligence for your nonprofit and the entire sector.

[00:00:56.53] spk_1:
Beth

[00:00:56.87] spk_0:
and Allison are with us to share their

[00:00:58.74] spk_1:
thinking

[00:01:28.01] spk_0:
on Tony’s take to debunk those top five myths of planned giving, sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot c o and by fourth dimension technologies I. T infra in a box. The affordable tech solution for nonprofits. tony-dot-M.A.-slash-Pursuant four D Just like three D. But they go one dimension deeper.

[00:01:32.30] spk_1:
What

[00:01:32.54] spk_0:
a pleasure to welcome

[00:01:33.29] spk_1:
back

[00:01:41.59] spk_0:
Beth Kanter and Allison Fine to the show. Both been on multiple times, although you know them uh they they they each deserve their own special

[00:01:47.79] spk_1:
introduction.

[00:01:49.33] spk_0:
Beth Kanter is an internationally recognized thought leader and trainer in digital transformation and well being in the nonprofit

[00:01:56.46] spk_1:
workplace.

[00:01:57.94] spk_0:
She was named one of the most influential women in technology by fast company and received the N 10 Lifetime achievement

[00:02:04.82] spk_1:
award.

[00:02:05.48] spk_0:
She’s at Beth Kanter and

[00:02:08.97] spk_1:
Beth

[00:02:30.78] spk_0:
Kanter dot org. Alison Fine is among the nation’s preeminent writers and strategists on the use of technology for social good. She’s a member of the National Board of Women of Reform Judaism and was chair of the National Board of Naral Pro Choice America Foundation and a founding board member of Civic Hall. Allison is at a Fine and Alison Fine dot

[00:02:34.94] spk_1:
com.

[00:02:36.18] spk_0:
Bethan Alison welcome back to nonprofit radio

[00:02:40.69] spk_1:
Thank you for having us. tony

[00:02:43.75] spk_0:
congratulations on the book.

[00:02:47.60] spk_1:
It’s very exciting. The response has been tremendous so far.

[00:02:52.45] spk_2:
So both of our 4th book and 2nd collaboration together.

[00:02:56.91] spk_1:
Second,

[00:03:20.05] spk_0:
yes, you’ve co authored the network non profit if I’m not mistaken. Alright and fourth book for both of you. Congratulations all around. I would actually like to start with the last sentence of the book. If every nonprofit in the sector can transform itself into a smart non profit we can transform the world end quote. Uh does anybody want to claim authorship of that particular sentence? Is it possible for co authors to remember who wrote each each sentence throughout the

[00:03:28.19] spk_1:
book?

[00:03:29.76] spk_0:
Not, no,

[00:03:31.30] spk_1:
not possible, but so

[00:03:33.14] spk_0:
then All right, Allison, what what uh what does it take to become this uh ideal. Smart non profit

[00:04:33.67] spk_1:
So a smart non profit tony is an organization that understands deeply how to stay human centered and by that we mean putting people first, internally and externally using the most advanced technology organizations have ever had at their disposal. This this, you know um family of technologies like ai machine learning robots and so on and by doing that tony we can stop the incredible hamster wheel of business frantic business of organizations just playing a daily game of whack a mole with email and telephone and ongoing meetings. All of that road work can be done by the technology, freeing up people to build relationships and tell stories and build communities and solve problems and do the deeply human work that most of us came to the sector to do in the first place.

[00:04:45.71] spk_0:
And you you used the word business that was not business, that was business

[00:04:52.15] spk_1:
in the U.

[00:05:08.43] spk_0:
S. Y. Yes. Okay. Um Alright. So there are many uh considerations for becoming a smart nonprofit and some some important roles of leadership that that come out in the book. Um Beth anything you would like to add to the to the intro to our conversation.

[00:05:25.86] spk_2:
Um Sure. What Allison laid out so beautifully is the key benefit of that nonprofits get from embracing this technology and that is the dividend of time and that time can be reinvested either in building better relationships with donors or or clients or stakeholders or also could be reinvested in the staff to free up time. So we’re not. So as you said, the busy work takes up a lot of time but it also takes up a lot of cognitive overload and maybe if we had more spaciousness we would be less exhausted. Um and and more inspired and less burnout.

[00:06:15.66] spk_0:
Yeah the that that dividend of time is throughout the book. And uh well except that hypothesis for now I have I have I have some questions about that, some little skepticism about that, but for now we’ll accept that the dividend of time will indeed accrue to people who work in in in smart nonprofits and to to the to the organization generally. Um Are

[00:06:18.75] spk_1:
you skeptical that it can be created or are you skeptical that people will know what to do with it once they created it? No,

[00:06:27.95] spk_0:
well I don’t wanna I don’t I don’t want to challenge right off the bat but

[00:06:33.36] spk_1:
uh

[00:06:52.52] spk_0:
skepticism that that it that it can be realized. Not not that people will know what to do if it does get realized, but um yeah well let’s come back to it, let’s leave the hypothesis uh as as as perfectly fair and and uh something to truly aspire to because there are as you say, and as you lay out mostly in the last chapter, um there are great places that the sector can go when we realize this uh this dividend of time. Um

[00:07:10.37] spk_1:
let’s

[00:07:19.93] spk_0:
talk a little about, you know, some of these elements of being a smart non profit Um beth let’s stay with you for you know, human centered. What what do you what do you all mean by by that?

[00:08:00.23] spk_2:
Well I guess we use another term in the book um called co batting and really with that I like that because it’s like figuring out what the machines can do best. Right that the automation technology there’s certain tasks that the technology is really good at doing. And those are things like analyzing large amounts of data and automating kind of rote tasks. But there are there’s stuff in our jobs that humans should do and always do. And that is the relationship building, taking the donors out to lunch. Like you were telling us you took a donor out to a nice restaurant recently. You know that’s not something the automation is going to do for you. Um and being creative having empathy, making intuitive decisions. And so when we use this technology leaders really need to understand like what is the right workflow and always keep humans in

[00:08:19.06] spk_1:
charge?

[00:08:21.28] spk_0:
What what’s the what’s the

[00:08:25.05] spk_1:
how

[00:08:25.33] spk_0:
can we how can we make sure that we center humans in in adopting this this smart technology?

[00:09:29.83] spk_2:
Well I think the first step is to ask to talk to them and get their feedback and their input in before you even like grab the software off the shop? It’s not about that at all. Um you really have to start with. Um you know, what are the points of pain? What are the exquisite pain points that we want to address by adopting this technology and getting feedback from the end user’s whether that staff clients donors and then, um, setting up a, you know, an understanding of what the journey is, what the workflow is and where you divide things. And then you begin to go look at software tools and uh, and and find vendors that are aligned with your values and once you’ve, or technologists that are aligned with your values and then once you’ve done that, you can begin to start with pilots and uh, an iteration on it before you get to scale. This is so different tony than social media, which both Allison and I have talked to about where we’re encouraging people to just jump in experiment fail fast. What we’re saying with this technology is that it’s really important to, um, to go slowly and to be knowledgeable and reflective about it.

[00:09:53.74] spk_0:
And reflective. Yes, reflective is, uh, something else I wanted to ask about. So what you read my mind fantastic being reflective Alison, what is why, what’s that attribute about for the, for the smart non profit

[00:11:37.25] spk_1:
So this is, um, something I’m deeply passionate about tony Um, I don’t know if, you know, I had a first career as a program evaluator and uh, it’s very, very difficult to get, particularly smaller nonprofits who are so busy and so under resourced to take a step back and not only think about how is what they’re doing, Getting them closer to the results that they want to do, but how can they improve over time and we need them to understand not only the human centeredness that beth just spot on, you know, outlined, but in particular tony how are we making people feel internally and externally about our efforts? Are we making people feel seen and known and heard or and this is particularly important when we talk about smart tech, do you feel like a data point, just you know, a cog in large machinery? Um that’s just getting lost um and we know that feels terrible, everybody has experiences of feeling being made to feel small by organizations and nothing is more important in our work, particularly in the social service and human service areas of making people feel known and heard and yet it is just the sticking point for the sector that it is the thing that gets left off and again we’re back to the business of work, so we want people to be reflective of. Is this the right technology, are you solving that exquisite pain point that you had? How are you making people feel when machines are now doing what only people could do until just a few years ago, you know, through smart tack and is it solving the problems that you set out to solve?

[00:12:00.50] spk_0:
Uh Yeah, I I admired that idea of, of reflective because you know, it’s it’s closely related as you said to being human centered uh you know, thoughtfulness um and it goes to like preparation to um it

[00:12:23.51] spk_1:
also goes to leadership right? You have to have a leadership within an organization that isn’t so brittle that they are open to learning about how to improve and there are too many organizations that are so fearful of being seen as not doing something well that they won’t openly and wholeheartedly be reflective about their activities.

[00:12:42.57] spk_2:
And it’s also about the culture too, and we’ve used this word a lot dizziness and when we have a culture of business and people are multitasking and there’s back to back meetings. They don’t have that space to be reflective. So um and and that’s so required to um to make the changes that you just read about the last line of our book, you know, to get to that place

[00:13:23.79] spk_0:
and we’re gonna talk some about the leadership. Uh you talk about being trustworthy and empathetic, we’ll we’ll we’ll get there. Um Another, another attribute you you mentioned um beth is being knowledgeable, knowledgeable about the tech and I think it’s limits too. But what would you you say it you’ll say it more eloquently than I will.

[00:13:33.54] spk_1:
I

[00:13:33.74] spk_2:
think we can both say that both Alice and I can say both eloquently, but I’ll kick off with um when we say knowledgeable and we’re and we’re saying this to leaders, we’re not saying that you need to know how to code. Um you know, roll up your sleeves and write the code but you need to understand um

[00:13:51.97] spk_1:
what goes

[00:13:57.94] spk_2:
into the code and whether it’s biased um the data sets it’s been trained on and you need most of the time. A lot of leaders in the nonprofit sector when it comes to technology it’s kind of push back, you know sent down the hall to the I. T. Department and we’re really asking leaders to lead in because there’s you know potential challenges which Allison is really great at explaining.

[00:14:16.56] spk_1:
Alright

[00:14:18.19] spk_0:
well Alison explain those but then maybe you can tell us a story too about

[00:14:22.12] spk_1:
uh

[00:14:22.80] spk_0:
about like the degree to which a leader needs to be knowledgeable.

[00:15:38.16] spk_1:
Uh So we’re talking about um this family of technologies tony that is very quickly becoming embedded in every single part of organizational life. Right? This is not a you know fundraising software, smart tech is going to be embedded in the finances and the back office and the coms and development and everything. And the idea of having machines automatically paid for things or screen resumes or screen people for services is a fundamental shift in who is doing work and how it’s being done. Right? So when you understand that premise, you have to have the C suite leaning into this to underst and what it means when your staff is doing different things than they used to do and when people on the outside are engaging with machines instead of people, these are fundamental shifts. So one area. Um Well too I just mentioned that are so important is if you are automating the screening of resumes, then the assumptions that some programmer put into that system and the resumes that were used to test it for looking for certain kinds of employees with certain kinds of skills are going to be biased. I can tell you that right now, right. They are going to have a bias. And largely that bias is going to be against, you know, people who are black and brown or or women.

[00:15:57.35] spk_0:
It’s gonna be in favor of white men.

[00:16:40.39] spk_1:
Exactly. Because that is what employment looks like. Those are the questions we use those are the expectations that we have and the programming was done most likely by a white man. Um So if you don’t know what to ask. The creator of that software that you’ve just bought that is going to quote save you a ton of time looking at resumes. Um but also screen out um people of color and women then you’ve just an incredible disservice to your organization and the same if you are providing housing services or food services to people in need, the same kinds of biases are going to be found in these systems, right? This is a systems problem. And that’s why as Beth was saying, this is not a technical problem. This is not something where you say go I. T. Guys go find us a good product. You know, they’re not looking out for your organization’s interest in equity. That’s what leadership is for right, setting those moral standards, setting that compass and making sure that your values are aligned in everything you do and how you do it as an organization.

[00:17:59.64] spk_0:
Yeah. You both are very clear in the book that this is a leadership issue, not a technology issue. It’s time for a break. Turn to communications. They have another interesting newsletter this week advocating for the use of cliches. Their argument is that cliches shouldn’t be ruled out entirely but used judiciously. Like not don’t go overboard either. Whatever you think about cliches, my point is they’re thinking about them. They’re thinking about how best to communicate your story because your story is their mission turn hyphen two dot C. O. Now back to the Smart non profit any any stories, can we can we tell a story at this point? Alison

[00:18:23.00] spk_1:
sure there are, there are social services agencies around the country um that we’re using smart tech systems to provide um food assistance. And only after the system had been in place for several years. tony did they find out that it was literally leaving out black people from the system. In the opening chapter of our book, we talked about a screening tool called V. I. Speed at uh

[00:18:39.80] spk_0:
three times.

[00:18:40.55] spk_1:
I

[00:18:42.50] spk_0:
just kept saying it. V. I. S. P. D. D. Yeah.

[00:18:50.81] spk_1:
Yeah the I stood at that was programmed by um why white man with very good intentions that unintentionally was leaving black people out of getting priority housing in hundreds of communities around the world, four years before the social workers finally got heard saying, we know this tool doesn’t work on the ground, we’re using. It, it is not screening people correctly because the questions were biased against people of color who have so much trouble getting into public systems.

[00:19:32.89] spk_0:
You you have three caveats sort of that that you uh you make very clear and bias is one of them. So we’re just talking about that um responsible use is another another of the three beth can you can you talk to uh what you’re thinking about responsible use and sort of thinking through problems?

[00:19:59.01] spk_2:
Um Sure. Uh it’s kind of like taking a Hippocratic oath that you will do no harm. Right? So the example that Alison just laid out, obviously there was harm done by keeping people screening people out for important services. Um so so it it who’s um non profits to do uh something that we call threat modeling? I know it’s a big scary term and word and it comes from the internet cybersecurity but

[00:20:11.51] spk_0:
didn’t frighten me.

[00:20:17.94] spk_2:
Okay, well it might frighten some people we have had that reaction, um but it’s just basically

[00:20:19.33] spk_0:
not profit radio It’s very savvy listeners here.

[00:20:21.72] spk_2:
Absolutely,

[00:20:23.24] spk_0:
this is this is a higher echelon audience than you’re

[00:20:25.77] spk_2:
right, of course, your

[00:20:26.90] spk_0:
other podcast. So please

[00:20:28.49] spk_2:
threat

[00:20:29.80] spk_0:
modeling is not intimidating to us.

[00:20:31.51] spk_2:
Okay, so threat modeling is actually having a brainstorm of all the possible things that could go

[00:20:36.33] spk_1:
wrong.

[00:20:42.33] spk_2:
Um if you uh implement this technology um what what harm could be done to the end user um if they if they were given um let’s say you have a buy right? And in fact the Trevor project is an example of an organization that did this threat modeling. They wanted to they had a problem. Um they had, you’re familiar with the Trevor project,

[00:21:02.88] spk_0:
explain, explain what what

[00:21:04.80] spk_2:
okay, so they provide uh

[00:21:07.10] spk_0:
counseling

[00:21:23.42] spk_2:
to yes to L. B. G. T. Q. Youth, you know through text and online phone, if you will. And so they’re dealing with kids who are in crisis and a whole, you know, um continuum of issues and they have councilors that there who are volunteers but they’re trained in this very specific, very sensitive type of counseling, especially when young people are coming to them in crisis. And so um so the problem was, you know, they needed to scale um and get more counselors in there so they could help more clients. And so they decided that they wanted to use a bot,

[00:21:44.37] spk_1:
which

[00:22:33.01] spk_2:
is, you know, automated response. We’re all familiar with thoughts, you know, buy a pair of sneakers online or trying to make a doctor’s appointment and you encounter a bot. And so rather than replace the counselors on the front line with this technology that won’t be human center, it could be potentially dangerous. Um especially with a sophisticated self learning bot, which could learn through, you know, and learn through interactions and say the wrong things and that could be devastating to an end user who’s in crisis. But what they decided to do was to use the bot for training simulations. So they took data from real conversation, stripping all privacy information and they use this to train their bot, which was a highly sophisticated software that was self learning. But they said that this spot will not be on the front lines with anybody, will only interact with um for training simulations. So what this did was free up a lot of time from the staff in terms of delivering trainings to more quality control. So they were able to get more counselors on the front

[00:22:51.82] spk_1:
line, so

[00:23:01.15] spk_2:
it’s an example of being human centered, but it’s also an example of that dividend of time and and repurposing it um and also uh making sure, you know, so it’s doing no harm. Yeah,

[00:23:15.16] spk_0:
and that and that responsible use. Okay, okay. Um the other the other caveat you have, so you have, you have three caveats bias, responsible use and privacy. Talking about ethical standards who’s uh, who’s who’s most interested in talking about privacy Allison Fine, raised their hand first.

[00:25:08.25] spk_1:
Yes, I did. Um so this is not a new issue, right, We’ve been dealing with digital privacy um for a long time, but as a sector haven’t really ever gotten our arms around it. tony right in that we has a sector have just subscribed to. I think we think the lowest expectations from the commercial side, which is you try to get as much personal data as you can write. You ask for those emails and you leave. You might let somebody unsubscribe from a newsletter, but you don’t delete their emails. Right? And a much, much more ethical model we feel is in the european union, the G D P R. I can’t remember what that stands for. But the idea is that, um, the people, the consumers, constituents, donors, volunteers are in charge of their data and they get to tell us how they want to be engaged with us, right? They get to tell us that they want to be forgotten entirely from our systems. They don’t want to be on any of our list. They don’t want to be in our systems. And that flipping over of the model we think is very in keeping with being human centered, right? It’s very in keeping with the values that we’re trying to, uh, in view in this whole concept of smart nonprofits, right? That we shouldn’t fear, um, asking people what the value we provide to them is. Right. Do we brought enough value in having their email for them to want to stay with us or are we just turning through again, as we said in the beginning, turning them through systems like the cogs in a great big machinery. So we think the smart tech is going to generate even more data than the last 10 years of digital tech, which is astonishing to think about kind of mind blowing to think about

[00:25:18.86] spk_0:
Because I think didn’t you cite 90 90% of the data that we have is in the past two years?

[00:25:34.41] spk_1:
Yeah, yeah. It is remarkable to explode. And so we need to be, we need to raise the bar on our ethical considerations on the use of data and the relationship that we have with our constituents. They need to trust us more. The fact that the nonprofit sector along with other sectors, the degree of trust is going down. tony is, is not good and we ought to hold ourselves to higher standards of privacy and data protection.

[00:26:52.20] spk_0:
Two weeks ago, Gene Takagi and I talked about that exact subject in a show that I called in nonprofits do we trust? It was just, it was just two weeks ago. It’s time for a break. 4th dimension technologies, your tech is an investment invest wisely. What’s the state of your office infrastructure? Should you give remote or hybrid employees tech allowances or just give them the equipment outright or both or neither. How’s your disaster recovery plan? How’s your backup working? four D. Can help you with all these investment decisions, check the listener landing page tony-dot-M.A.-slash-Pursuant four D. Just like three D. But you know they go one dimension deeper. Let’s return to the smart non profit Do we know what the impact has been on, on business? Uh,

[00:27:02.62] spk_1:
coming

[00:27:13.65] spk_0:
out of the G D P R has, it, has it had the devastating effect on business that the business community in europe was, was claiming when they were, uh, lobbying against it or trying to, you know, trying to weaken it. Do we, do we know I’m putting you on the spot. Do either of you know, whether that’s had such a devastating impact on european business?

[00:27:25.95] spk_1:
It’s been fine. And, and look, companies, commercial companies here have had to put, uh, more effort into privacy issues when they do work in the european

[00:27:37.36] spk_0:
union,

[00:27:40.59] spk_1:
you know,

[00:27:40.96] spk_0:
California

[00:27:41.82] spk_1:
for Nya are holding people to the same standards now. Um, but it hasn’t had a huge negative impact on business,

[00:27:50.70] spk_0:
you know,

[00:27:51.44] spk_1:
it’s fine.

[00:28:01.23] spk_0:
Okay, okay, now this, this smart tech artificial intelligence we’re talking about, this is widely used commercially, Right? I mean, isn’t this, I don’t know, fundamental to amazon google the 24 hour chatbots that beth mentioned, you know, you see a little about 24 7, the likelihood of that being a live person at four in the morning is very, very small. This, this is, this is ubiquitous in the commercial sector,

[00:28:22.79] spk_1:
isn’t it?

[00:28:23.82] spk_2:
Yes, it is, but I think we’re at this point um, uh, Allison likes to call it the heel of the hockey stick where it’s going to the cross of this technology has come down. It’s becoming democratized and it’s becoming more accessible to non profits of all sizes.

[00:28:41.29] spk_0:
You

[00:28:42.67] spk_2:
don’t have to be nasa to use this.

[00:28:51.56] spk_0:
All right. Now to keep yourself out of jargon jail. You’re gonna have to explain the, uh, the hockey stick on a graph metaphor. So go ahead, tell us what X and Y are and why it looks like a

[00:28:54.63] spk_1:
hockey stick.

[00:28:55.50] spk_2:
Okay. It’s okay. So imagine a hockey stick, right. Or I should do it this way. I’m looking at my

[00:29:02.71] spk_0:
nobody can, nobody can see your hands, but we all know what

[00:29:04.91] spk_2:
happened, but

[00:29:05.98] spk_0:
not sophisticated enough to know what hockey sticks.

[00:29:20.11] spk_2:
It basically shows. And this happens with technology. Um, is that, you know, early adopters use it because it’s very expensive, experimental. It’s unproven. And as it, the technology improve and the cost comes down and it becomes more accessible to consumers and small businesses into organizations. The adoption rate starts to skyrocket. So it goes up. So you see sort of a flat line and then a steep hill or steep mountain increase in

[00:29:35.49] spk_0:
X’s time. And why is technology adoption?

[00:29:39.42] spk_2:
Yes.

[00:29:40.76] spk_0:
Yeah. You’re better at

[00:29:41.91] spk_2:
charts than I am.

[00:29:43.65] spk_0:
Okay, well, you, you, you invoked the metaphor of the hockey stick. You gotta, you gotta be able to stand behind it now.

[00:29:48.41] spk_2:
Oh, I guess I guess I should.

[00:29:50.13] spk_0:
All right. All right.

[00:30:31.21] spk_1:
It’s not just nonprofits adopting this now. tony I would say that it’s all medium and small sized organizations in every sector that now has available to them, technology that they couldn’t afford just a few years ago. And that’s, that’s what the difference is. The technology is a brand new, it’s just become very affordable for smaller organizations. However, as I mentioned before, just because it’s available and just because it’s affordable, doesn’t necessarily mean it’s the right stuff to grab off the shelf. And that’s the part that’s that’s the impetus for us to write this book. You need to know what you’re grabbing and using, Yeah,

[00:30:42.60] spk_0:
the availability to small and midsize shops, I think is through is throughout your book. Um, let’s tell another good story. The one with the, uh, uh, the repurposing of the school bus routes to deliver food instead of drop off Children during the pandemic because Children were no longer going to school. So they repurposed school busses to drop

[00:30:55.43] spk_1:
off meals.

[00:30:57.87] spk_0:
Who knows that story best.

[00:30:59.76] spk_2:
Yeah. So, you’re, you’re talking about research at Carnegie Mellon University and you’re talking about Pittsburgh school system and

[00:31:07.96] spk_0:
Pittsburgh school system.

[00:32:38.23] spk_2:
United Pittsburgh school district or whatever it’s called. Um, so this was at the very beginning of the pandemic when we were in the shutdown and um, and kids that are in schools that are in poorer areas relied on the school lunch program to get their meals right. And so if schools were shut down and, and, and students were tele community, there’s no way to get this food. So they used a machine learning algorithm to re engineer the must routes to take the food to the kids in the most efficient way. It’s really interesting how during the pandemic, you know, there was a little bit of a silver lining. I know it’s awful. But there was a silver lining for some nonprofits to really push and to innovate. And I think food banks in a way we’re forced to do this. Um, there’s another example in boston of the boston food bank completely automating its inventory and it’s stocking to become a lot more efficient. And at one point they even were experimenting with having robots come in and stock the shelves because most of the food banks, volunteers are older and they were told not, you know, during the very early part of the pandemic, not to, you know, come in because it could be dangerous to their health. Um, and that’s also a great kind of idea story, use scenario to think about to do the threat modeling that we were talking about earlier. So let’s just say for example, food banks. So let’s let’s bring in the robots and have

[00:32:38.99] spk_1:
them stock

[00:32:40.47] spk_2:
the shelves, you know, so, but you also have to think about that volunteers who are coming in, um, to do this type of work. Those were their lifeline in terms,

[00:32:50.89] spk_0:
yeah.

[00:32:51.75] spk_2:
How are they going to feel and how are we going to redesign the volunteer job and how are you going to encourage them to come back in and make them feel safe and welcome into the food

[00:33:02.13] spk_1:
bank. Right.

[00:33:02.86] spk_0:
Less feeling less unless they feel useless and replaced by machinery. And this is all the organization thought of us. And now they now it’s just a bunch of metal replacing us metal and plastic parts. So yeah. Alright. Also being human centered, reflective,

[00:33:59.75] spk_1:
but that that’s that’s the dividend of time, tony if you can say all right, we used to have these uh, you know, two dozen volunteers who came in and were stocking shelves all the time. And now we’ve automated that task. What is it that these, you know, lovely people who wanted to help could do that would be so, you know, deeply human and centered as you say, and uh, you know, in in improving our relationship with our clients. Maybe they could be calling clients. So what else do you need? You know, what else is happening for you or just saying hello to somebody, Right. I mean, there are all sorts of wonderful human things that those people could now do if they want to um that they never had the time to do before. That’s the that’s where this is again, a leadership issue of really thinking about how do we want to use our human capital in the next chapter of organizational development?

[00:35:40.16] spk_0:
Okay, I think that’s an excellent example of the dividend of time that we’re we’re about a half an hour in or so. So let me uh let me try my, my skepticism out on you that we I’ve heard this before, that there was gonna be, there were promises of increased productivity and increased time. I’m thinking of smartphones, we’re going to give us more time and they certainly make us more productive, but I don’t I don’t I don’t see studies saying that we we have so much more time. I see that time being absorbed now you might say, well maybe I’m making your case for you that time being re allocated. Unthought feli unwisely. But I don’t I don’t see people walking around feeling that they’ve got so much more free time since the widespread adoption of smartphones 10 years ago or so. Um Another video conferencing, you know, whatever teams uh zoom, I hear more about zoom burnout than I do about feeling that I’ve got so much more time available because I don’t have to go to meetings. I don’t have to go to the office. Um You know, so those are a couple of the paperless office. That was another paper, the promise of the paperless office was going to be so much so much more efficient for us and I think that was gonna save time because we wouldn’t have to file papers and it was gonna save office space because we wouldn’t need storage and these promises. Um I sound like a whining 60 year old, but these promises have not come

[00:35:44.78] spk_2:
to not

[00:35:46.09] spk_0:
come to fruition in the

[00:35:46.96] spk_2:
past. So I’ll take what I’ll tackle the zoom fatigue thing and, and then Alison can kind of related to smart text. So

[00:35:56.32] spk_0:
I guess I should say uh, it’s not whining. I don’t want to sound like a curmudgeonly 60 year old.

[00:36:00.94] spk_2:
Well you’re not a curmudgeon and you never whine.

[00:36:03.79] spk_0:
All right, Thank you.

[00:36:52.45] spk_2:
So, so if you take zoom fatigue, right? Um, and that came from stanford University and basically what is causing it is the flight or fight response that is going on in our bodies when we see the grid. I mean, there’s some ways to mitigate it. But what happened is is that nonprofits like many businesses all of a sudden were forced to pivot to becoming remote distributed teams. We never really work like that. So the idea was, let’s just all make, get a zoom meeting. Let’s just take everything we did in person and just plop it online. And what happened because everybody was doing this there was, we didn’t really evaluate how do we collaborate effectively. What do we need, what can we do? Like a synchronously so we can make use of our synchronous or real time experience. So we can make meetings shorter. There’s research from Microsoft that shows that if you have stacked back to back meetings without taking a break your level of stress just stays the same throughout the day. And so if organizations were reflective, knowledgeable

[00:37:07.39] spk_0:
and kind of prepared, they

[00:37:16.17] spk_2:
Would have looked at and said, Okay, so let’s look at how we can, you know, stick to a culture of maybe a 20 minute meeting with 10 minute break in between or have a zoom number per day that we know that we’re not going to schedule more than x number of meetings, which would then think to how do we rethink our work? Um So it’s not just the technology, that’s true, the technology doesn’t create the dividend of time. It’s a combination of the technology with thoughtful leadership, reflective leadership as we’ve been saying, that can then change the culture.

[00:37:41.25] spk_0:
Yeah.

[00:37:51.31] spk_1:
And let me let me let me build on that tony So we have an entire generation of digital technology That was intended to make us go faster, right? That was that’s what it has done. We are at a point now, we’re checking your email on average, 74 times a day is quote normal, right?

[00:38:04.53] spk_0:
We’ve gone from uh let’s say facts to email, to texting to to to um slack.

[00:39:36.27] spk_1:
We we we get that this technology, smart tech ai automation is not that technology, it is a fundamentally different kind of technology that’s intended to do things instead of people not to have us do more, But as Beth just said, it’s only going to do that. If we implement it thoughtfully, right, if we end up in the same place where we are checking on the box 74 times a day shame on us. The stuff has the potential to relieve us of so much administrative wrote work that just eats up everybody’s day. And if we can co bott well and have the bots do what they’re supposed to do and the people do what they they’re supposed to do, we can actually re humanize work. But as you know we’re just at the beginning of this process a lot of this is theoretical and that’s again is why we wrote this book instead of jumping in and grabbing the stuff and adding it onto your existing dizziness, frantic nous culture, we need you to stop and think and figure out how to do this. Well you know

[00:40:34.55] spk_2:
there’s some research that’s from M. I. T. Sloan school that looked at the effectiveness of this technology and um and where it is effective is if people don’t just focus on the efficiency of it that is to, okay well we can get all of these tests done way more efficiently because people aren’t cutting and pasting from different spreadsheets. Um But we’re not gonna fill up people’s with more work to do so it’s not to go faster, it’s really to be more effective and so if this technology can be implemented and it can kind of relieve some of that stress and pain of overload then that has an impact on morale and people feeling good about where they work and there is a synergistic impact that the study found that where efficiency and kind of effectiveness, let’s work together. So there’s so that can have more people feel better about their work, they do better, they get better results, they’re less likely to quit, there’s less likely to be turnover and the organization moves forward in a in a better way with better outcomes.

[00:41:09.01] spk_0:
Right, Okay. Alright. And that’s that’s if if it’s adopted with leaders consciously being human centered, knowledgeable, reflective, prepared. Uh and we’re gonna get to trust and empathy. Um All right, well you may have moved me from skeptic to uh cautious optimist.

[00:41:16.14] spk_2:
I was gonna say, what are you still are you still a little uh

[00:41:34.32] spk_0:
you know the history, the history has not has not borne out that leaders have adopted the new technology reflectively thoughtfully and prepared. Lee um It’s just so I’m just basically,

[00:41:36.18] spk_2:
pardon

[00:44:17.51] spk_0:
Me, they never had its 2022. Now they have the book, they didn’t have it when we went from facts to email or email to slack or email the text and text. Alright, Alright. No, no it’s okay. Um so leaders please uh keep listening. It’s time for Tony’s take to debunk the top five myths of planned giving, that’s my free webinar coming up. It’s Tuesday october 18th at 10 a.m. Pacific one o’clock Eastern I say free webinar but it’s not free for everyone. It’s free for you because you’re gonna use checkout code tony T. O N Y couldn’t be simpler. I think you have to put it all in caps too. I’m not sure about that part but do it all in caps to be safe. So I’m gonna be talking about debunking these insidious, pernicious top five myths of planned giving, I hate them, I loathe them, they are loathsome, that’s why I loathe them because they keep people away from planned giving like the one that says plan giving is gonna ruin all your other fundraising. It’s going to take away from your annual gift and your major annual giving and major giving. Debunk. We’re gonna debunk that and for others as well. So join me very simple to sign up. Of course. You go to our gracious host site. We are thoughtfully hosted by N. P. Solutions. So you go to N. P. Solutions dot org. You click workshops, you’ll find me in the list and then when you’re checking out use that code tony do it in all caps and it’ll be free for you. Not for everybody, but for you, I hope you’ll be with me. Let’s debunk these Hateful Top five Myths. That is tony stick to we’ve got boo koo but loads more time for the smart non profit with Beth Canter and Alison fine. Let’s let’s talk some about the leadership. That’s perfect. So you mentioned the three things I really want to talk about trustworthy empathy uh, and curiosity and I have to get this in. If you had an H then you could have spelled out tech trustworthy empathy, curious, high minded

[00:44:18.40] spk_2:
human, human centered,

[00:44:26.89] spk_0:
human centered. You need, you got the T. E. C. In the book. I was looking where’s the H. All right. Uh, what does it look like for leaders to be to be trustworthy? To adopt Trust?

[00:44:34.88] spk_1:
Who

[00:44:38.64] spk_0:
who who’s the best, who’s the most trustworthy explainer of of trust?

[00:44:43.00] spk_1:
I

[00:44:43.18] spk_0:
don’t care. It could be either one. Okay, Allison Trust is yours. We got to go in order and then if we can come up with an H uh centered, but that you already have that in the in becoming a smart non profit That’s that. You already covered that one. So you can come up with another one. Um Herculean, heroic, heroic, Herculean, Right. Trust Alison, Why why is this trust?

[00:46:58.76] spk_1:
Important? So organizations are making a bond with people in their communities, right? We are, we are asking them to come along on a journey with us, uh, to be clients to be donors, to be volunteers, to engage with us in some way and trust is the stuff that’s sticking us together, right? It is social capital. It is thinking that an organization has your best interests at heart, not just their best interests at heart. And um, I feel like for 20 years, so many organizations have been going moving so quickly on this hamster wheel advised by people who make a lot of money off of transactional fundraising and transactional engagement online and have lost sight of the fact that unless and until people out there trust that you are doing the right stuff in the right way, nothing else matters. And we’re all trying to scale way too quickly, tony without really understanding the fundamental D. N. A. Of making sure that we are entirely values aligned from what we want to do to what we’re actually doing to the outcomes. And again, you know, beth and I feel so strongly that the nonprofit sector is such an incredibly special place, right? We are the epicenter of the world for you know, providing human services and doing advocacy work and it is such an incredibly brave, difficult work and yet we still have a ways to go in asking are the leadership of organizations both C suite and the boards to raise the bar to be more transparent uh to to ask more questions about how they’re doing, to measure their outcomes, to uh take care of their people internally and externally better. And so that’s why we put trust so high up on the scale of what we want organizations to be focused on.

[00:47:19.32] spk_0:
I think leaders feel when they’re there

[00:47:24.02] spk_1:
falling

[00:47:24.70] spk_0:
short in in in in in the aspirations that you just described. I think I think folks feel it it’s just but they’re on that hamster wheel and it’s, it’s hard to take, it’s hard to take that step back and and acknowledge what you’re feeling and be introspective as an organization.

[00:49:01.87] spk_1:
Let me, let me, let me describe something though. That’s really important. tony that we as a sector don’t talk nearly enough about. And that’s what Beth and I called the leaky bucket in fundraising. Right? So year one, you get 100 donors by year two, you’re down to 25 of those. You’ve lost 75% of those donors Because you’re so busy filling up the bucket again because you’ve lost 75% the year before and all you’re doing is this transactional fundraising, the email, the direct mail to fill up the bucket again. All of the measures of fundraising success are front loaded, right of did we hit those, you know, revenue targets for this year? Very few organizations are really focused on donor retention and how to increase it. It’s never been at a board table for discussion that I have been at in many, many years, many, many organizations of being on the board and that is where the panic comes in. And it feels terrible to staff and you know, my heart just goes out to all of those people who are in a panic about hitting those revenue numbers knowing that what they’re working with is hemorrhaging donors every single day and that’s where, you know, just in my heart of hearts tony I just want everybody to stop, just stop and take a step back and figure out how to improve your relationship with donors more. So they stay longer with you and you’re not in this panic every day.

[00:49:25.83] spk_0:
Allison, we’re gonna come back to you for for curiosity beth let’s talk about empathy,

[00:49:29.41] spk_1:
I’m

[00:51:40.41] spk_2:
sure. And I think the empathy is, needs to be turned within first before it gets turned outside to the donors to solve um, what what Alison was just talking about. But so empathetic leadership means the ability to understand the needs of others and being aware of their feelings and thoughts. And unfortunately it’s viewed as kind of like a soft skill. Um, and it’s not always linked to performance, um, indicators, right? And so I think it’s really important, especially with what we’ve been through in the pandemic, um, that organizations really need to have clear expectations with their managers to lead in a way that is supportive of, of employees and that supports and contributes to their overall well being and they can do that and still get work done. Um, and I think that like don’t get me started on well being, but um, well being has to be put center and it has to be raised up and given as much importance as fundraising metrics or, or other financial metrics, especially given what we’ve been through. And so this includes checking in training people to like actually observe on their staff and making sure that their, um, you know, caretakers for each other’s well being. And it’s, you know, like a one on one check in isn’t just about, hey, where’s that report? Where’s that proposal? But it’s also how people are feeling what their energy is. Like what their job experiences like what could be improved, which gets us closer to that conversation around technology. So, um, the types of skills and competencies that make for a culture of care or empathy or self awareness and self regulation, adaptive skills, active listening coaching with powerful questions, observing for signs of burnout. Being able to give and receive feedback in a way that doesn’t cause stress, disrupting microaggressions, inclusive facilitation, having those difficult conversations sometimes, which is too nice. But there’s ways to have those conversations that aren’t devastating and genuine perspective, taking. Being able to see it from other people’s points of view. And it doesn’t, I don’t think that makes us weaker. I really think it makes us stronger.

[00:51:54.81] spk_0:
You know,

[00:52:05.03] spk_2:
it’s not a bunch of, you know, reaction when I wrote the happy, healthy. Yeah. Right. We get the, you know, that’s a bunch of hippie crap. Yeah.

[00:52:07.04] spk_0:
I didn’t say that when I talk to you. You

[00:52:08.92] spk_2:
didn’t say that. Of course you wouldn’t say that. You’re too smart.

[00:52:25.83] spk_0:
Thank you. Well, you hardly know me, but thank you. I’ll take it anyway. Um, I know a lot of what you’re describing to is vulnerability. And I think vulnerability is a sign of uh is evidence of confidence that you’re, that you’re strong enough to be vulnerable where lots of people think it’s a sign of weakness that you’re showing, you know, you’re, you’re showing your human side and you know that I think that’s terribly misguided. Um alright, if we’re gonna, we’re gonna, I’m gonna keep you uh not beyond our allocated time. Let’s go to Alison for for curiosity.

[00:52:48.83] spk_1:
Why is it important?

[00:52:50.46] spk_0:
Yes. Why is, why is curiosity a valued trait for leaders?

[00:54:31.33] spk_1:
Uh, you know, the world is moving really fast tony and we have um, a lot of organizational leaders who think tech is not their thing, right? Tech is for somebody else and it can’t not be your thing. If you’re running an organization right now, it’s too important. It’s threaded throughout everything that your organization is doing and you can’t just lean back, You need to lean into it and to do that? You need to be genuinely curious about in our case for smart tech, What is this stuff and why is important and how is it different from the last generation of technology and what could we actually accomplish if we didn’t spend three quarters of our day responding to emails? What is possible out there in the world. And you know, my heart breaks for so many of the nonprofit folks that beth and I talked to who have such good intentions and are so deeply unhappy with how stressful their jobs are or how unrecognized they are by the C suite um or how um pressurized they feel. So it is just uh innately important for organizational leaders to be genuinely curious about, where do we go from here? Right. The world broke two years ago in so many fundamental ways the political economic stress of this moment is wearing people down but we can’t stay here tony we need to go somewhere and we genuinely believe that the family of technologies we call smart tech creates an opportunity to be different in the future to make work joyful and much more meaningful and rewarding and you can only get there if you’re genuinely curious and engaged in understanding the technology

[00:54:58.39] spk_0:
and I think curiosity and empathy are interrelated to curiosity about your people as beth was for all the, in all the ways Beth was describing. That’s

[00:55:08.56] spk_1:
exactly right

[00:55:12.54] spk_0:
alright. Um I don’t suppose the beth I don’t suppose you on the fly came up with an H for to spell out tech for us. Did you?

[00:55:23.89] spk_2:
You

[00:55:24.77] spk_0:
Have that one already?

[00:55:27.02] spk_2:
Humility

[00:55:28.26] spk_0:
Humility is a good one. There you go.

[00:55:29.86] spk_2:
So let’s riff on that humility in

[00:55:31.81] spk_0:
the second edition, you can add, you can add humility and spell out

[00:55:35.20] spk_2:
text and then we’ll footnote and say suggested by tony

[00:55:44.65] spk_0:
Thank you. Yeah, humility. Right. Isn’t that simple? Yeah, related to being empathetic leaders don’t need to know everything, do they?

[00:55:49.85] spk_1:
Oh gosh

[00:55:50.62] spk_2:
no listen

[00:56:15.01] spk_1:
we you know the reason why we wrote the network on profit tony was to take that idea of the hierarchical model of leadership and organizations out of the equation and say the point is somebody else in your network has the answer. You don’t have to have the answer yourself. You just have to know how to go about getting it right and and that of of flattening your organization and your worldview is so important to being able to survive all the uncertainties of what’s happening right now.

[00:56:52.37] spk_0:
Since we started with Allison, Beth I’m gonna let you wrap us up please. There’s so much more in the book. There are use cases, you know, we don’t the book, we can only scratch the surface here. You gotta get the book. That’s the point. You get. They talk about increasing program capacity, fundraising, back office automation, including a lot of talk about human resources. Um you just you gotta get the book which is the smart non profit but beth why don’t you leave us with inspiration and wisdom?

[00:58:30.19] spk_2:
Okay. Um we’ve been through a lot the sector has been through a lot. I mean the world’s been through a lot in the last 22 plus years with the pandemic and accompanying other crisis is and as Allison is outlined and I think we’re we are like at a precipice where we could just either go down the rabbit hole of you know a human capital crisis and spiraling out and people leaving the field and organizations just, you know, stopping business and, you know, leaving lots of people who are vulnerable who need their services. I mean, that’s we can’t go there. We have to pivot. And I think that um, smart tech is part of the tools that can help us get there. But again, their tools, they also need this empathetic leadership that we’ve been talking about and we who can also steer and change the culture to put people first. Um, and um, and I think if we can have all of these things together, working for the organization, the Smart Tech plus the culture plus the leadership, uh, we’ll be able to move forward in a post pandemic world with much better outcomes with happier staff, with staff doing a better job with donors, feeling seen and heard and wanting to, you know, um write bigger checks if you will with clients who are receiving the services that they need and we’re on a path to a better world. It’s not gonna be easy, but uh, we believe that non profits can do this.

[00:58:48.89] spk_0:
That’s beth cantor at Beth Kanter and Beth Kanter dot org co author Alison Fine at a fine and Allison Fine dot com. The book is the smart non profit you can find it in either of their two sites,

[00:59:00.00] spk_1:
Beth

[00:59:00.35] spk_0:
and Allison, thank you so much. Thanks for sharing

[00:59:03.70] spk_2:
genuine

[01:00:00.00] spk_0:
pleasure next week. Eric Sapperstein returns after many years. Let’s talk about waking up excited and going to bed fulfilled. If you missed any part of this week’s show, I Beseech You find it at tony-martignetti dot com. We’re sponsored by turn to communications pr and content for nonprofits. Your story is their mission turn hyphen two dot C O and by fourth dimension technologies I. T. Infra in a box, the affordable tech solution for nonprofits. tony-dot-M.A.-slash-Pursuant four D. Just like three D. But they go one dimension deeper. Our creative producer is Claire Meyerhoff showed social media is by Susan Chavez. Mark Silverman is our web guy and this music is by scott stein, Thank you for that. Affirmation Scotty, you’re with me next week for nonprofit radio big non profit ideas for the other 95% go out and be great.

Nonprofit Radio for May 8, 2020: Data Privacy Practices

I love our sponsors!

WegnerCPAs. Guiding you. Beyond the numbers.

Cougar Mountain Software: Denali Fund is their complete accounting solution, made for nonprofits. Claim your free 60-day trial.

Turn Two Communications: PR and content for nonprofits. Your story is our mission.

Get Nonprofit Radio insider alerts!

Listen Live or Archive:

My Guest:

Jon Dartley: Data Privacy Practices

Let’s have a romp through the fields of data privacy and cybersecurity, musing as we frolic on just how important the right practices and policies are to your nonprofit. My guest is Jon Dartley, Of Counsel at Perlman+Perlman law firm.

 

 

 

Top Trends. Sound Advice. Lively Conversation.

Board relations. Fundraising. Volunteer management. Prospect research. Legal compliance. Accounting. Finance. Investments. Donor relations. Public relations. Marketing. Technology. Social media.

Every nonprofit struggles with these issues. Big nonprofits hire experts. The other 95% listen to Tony Martignetti Nonprofit Radio. Trusted experts and leading thinkers join me each week to tackle the tough issues. If you have big dreams but a small budget, you have a home at Tony Martignetti Nonprofit Radio.

Get Nonprofit Radio insider alerts!

Sponsored by:

Cougar Mountain Software logo
View Full Transcript
Transcript for 488_tony_martignetti_nonprofit_radio_20200508.mp3

Processed on: 2020-05-09T00:45:18.281Z
S3 bucket containing transcription results: transcript.results
Link to bucket: s3.console.aws.amazon.com/s3/buckets/transcript.results
Path to JSON: 2020…05…488_tony_martignetti_nonprofit_radio_20200508.mp3.92969305.json
Path to text: transcripts/2020/05/488_tony_martignetti_nonprofit_radio_20200508.txt

[00:00:12.00] spk_0:
Hello and welcome to tony-martignetti non profit radio

[00:02:19.07] spk_2:
big non profit ideas for the other 95% on your aptly named host. This is our second non studio show produced using a dizzy audacity and zoom Oh, I’m glad you’re with me ID break out in Wall Dyer’s ring If I had to say the words you missed today’s show data privacy practices Let’s have a romp through the fields of data privacy and cybersecurity, musing as we frolic on just how important the right practices and policies are to your non profit. My guest is John Darkly of counsel at prominent Pullman law firm tony. Take two. Take another breath were sponsored by wegner-C.P.As. Guiding you beyond the numbers wegner-C.P.As dot com by Cougar Mountain Software Denali Fund. Is there complete accounting solution made for non profits? Tony-dot-M.A.-slash-Pursuant Mountain for a free 60 day trial? And by turning to communications, PR and content for non profits, your story is their mission. Turn hyphen two dot ceo. It’s a pleasure to welcome John Darkly to the show he founded and operated involve the Web application, development and design firm that pioneered online peer to peer fundraising list building and advocacy campaigns for non profits involved was acquired by Can. Terra. John probably made a lot of money there when Cantero was acquired by Blackboard John probably make money again, but he was also named senior deputy general counsel and information governance chair. Besides all that, he has more than 15 years experience representing nonprofit organizations. He’s of counsel at Perlman and Perlman law firm in New York City. The firm’s at Perlman and perlman dot com. And at tax exempt lawyer John Darley. Welcome the non profit radio.

[00:02:21.64] spk_5:
Glad to be here. Thanks for having me.

[00:02:23.19] spk_2:
Good to have you. That was, uh, that sounds like it was quite a run with involved in terra and black bod.

[00:02:29.54] spk_5:
It was definitely an interesting path. I like this day. It gave me a lot of kind of real world experience. Great to work on. Both sides. Both work on the software side now, back on representing clients. Yeah. Yes, it was interesting.

[00:02:43.11] spk_2:
How many years was that from? Like from the time from founding involved to being appointed senior deputy general counsel at Blackboard,

[00:02:52.74] spk_5:
right? About seven or eight years. And when I start with the ball off again, we working with some very large, not pop. It’s doing Web applications. This was like the first kind of friends asking, friends type approach on. Then we just kind of built out organically, like working with a non topic clients and eventually bought and bought again, as everyone knows a lot. Elation.

[00:03:26.39] spk_2:
Yeah, good, Wonderful. It’s a good trip. So it isn’t practicing law now. Boring. Without all that, you don’t have a let’s start up excitement and challenge and all those obstacles and frustrations.

[00:03:27.92] spk_5:
The grass is always greener. So, you know, when I was at that sign, it seemed like just being a lawyer would be very comforting. Now you’re like sometimes you miss the excitement. But I hope my clients and we have some smaller clients that are building, you know, interesting brands that you’re saying. All of this s o. I feel like I’m so not sure. I’m just advising my clients

[00:03:46.69] spk_2:
without without All the agita is the once removed once room from, uh, from rounds of rams of financing, et cetera,

[00:03:56.25] spk_5:
where you are like wearing having to pay painful, easy,

[00:04:32.40] spk_2:
right, Get back and I make right. Can I make the Yeah? Can I make salaries this week. Right? Right. So, um all right. Data data, privacy, cyber security. I think people probably understand, in our current environment, I’m not having to do with Corona virus, but just living in 2020. I think a lot of people are conscious of at least cybersecurity issues. Maybe not so much data data, privacy. But But let’s make sure, you know, give us some, uh, motivation for why data, privacy and cybersecurity should be paint paid attention to

[00:05:16.39] spk_5:
Yeah, I’m often accused of scaring people, and I think that’s a good thing, you know, frankly, I work with four profit stonework with non puppets now primarily. And from, you know, I was a non profit yourself 5 to 6 years behind the for profit world and taking privacy of cyber security. Seriously. Just, you know, in the for profit world is now a C suite. You know, job is open, it’s cheap. Obviously, Officer, there’s teams of people working on things, not hop it, and they are starting to learn the importance of taking the practices and putting these policies in place. But a lot of times is an infrastructure is do. The manpower is too but just to kind of take a context every year, the amount of breaches grow. Last year, $2 in 19 the amount of damages increase by about 17%. And just in the context of what that costs, the average reach across an organization almost $4 million now, given there are some very large reaches, so that kind of skews the results. But in terms of a per record, So think about donors. How many donors you have, Basically an average of $150 for every record loss is what you’re gonna pay in regulatory fees and other finds. Another kind of charges. So that’s, you know, a real real thing.

[00:05:44.28] spk_2:
Now, what about the comparison between, you know, corporate and non profit breaches mean? Well, I’m thinking off the top of my head of, ah, Marriott. Uh, you know, I don’t 100 million records or whatever. West maybe was only 10 million. I don’t remember, but many millions of records um, there have been other big corporate breaches, but have there been breaches? Maybe they’re just not as, uh as publicized on the non profit side.

[00:06:21.42] spk_5:
You’re actually exactly right. Uh, small and mid sized nonprofits are actually being increasingly target if they don’t have to sophisticated protocols in place to kind of to protect against some of these of these hacks. We don’t hear about the malls and not the big build. Another Facebooks of the world on an ID only they’ve been. Actually, some studies done is not evident. It totally they’ve been some studies done that, not pump it actually hurt more than four profits for data breach. I’ll give you an example. You know, Facebook gets breached. How many people actually got off Facebook and stop using it, right? Not pop it in a way, are more fungible. Some donors with donate more to more than one organization, studies have shown. If there’s a data breach at a non profit, donors are less likely to come back next year. Donate. I’ll just choose another organization. So in some ways, the bar and the risks are even higher for nonprofits,

[00:07:03.52] spk_2:
right? All right, right. I’m I’m more committed. I’m pretty committed to my Marriott Marriott Bon voy points. No, I don’t. I’m gonna keep using the brand because I’ve got a couple 100,000 points with them.

[00:07:29.30] spk_5:
Exactly. The reputational harm I have to say, tony, ITT’s organizations don’t think about that. But these days, I think we all were all more sensitive to write. Our data’s being treated. Yeah, they’re a lot more regulations out there which out there they will talk about. But the reputational harm can last for years, especially when organization is seen as either not doing the right things, not taking kind of, you know, appropriate precautions that could really be devastating.

[00:07:40.49] spk_2:
All right, since you mentioned regulations, um, uh, you know, we heard a lot about GDP. Are when? When that was knew. What was that, like, two years ago or so that

[00:07:50.44] spk_5:
that May of 2018 will into effect.

[00:07:53.86] spk_2:
Okay, pretty good. Usually I’m bad about the estimating time. All right, so it was two years ago this month. All right, um, so GDP are But you can acquaint us with that. What? I mean for a U. S. Charity? What? What do we need to be conscious of their

[00:08:44.74] spk_5:
Yeah, it’s funny when you came. In fact, it seemed like a few months, like just everyone was talking about it. Remember, a Woody Allen movie would talked about. He said soon will be, the Renaissance will be painting. Thing is like, I think soon it was like That’s all we’re talking about a CPR. It’s like literally a few months s. The only emails I got from clients was like, What is this thing with GDP on what I need to do now? It’s two years later, we’re still talking about it, But there are other regulations ever come into a factory plucked out as well. A general data protection regulation does affect not Klopp, which came into effect in 2018 and has very specific department. So does it affect your not profit? Some of listening? If you have a website, it probably does right. Judy PR affects anybody collecting any information from someone residing in the European Union between the UK, including Switzerland. So B e a, uh, and you know, if your only collecting a few names from from those countries I wouldn’t be is concerned. But if you collect a little bit more than that, then it probably makes sense to comply with GDP. Are

[00:09:39.37] spk_1:
it’s time for a break? Wegner-C.P.As. They have a bunch of covert 19. Resource is on their site. Tax questions related to Cove in 19. We received RP PP funding. Now what? Developing your 13 week cash flow forecast. Internal controls. Covitz style. What about cash? How are you controlling cash in a virtual environment? This is all at wegner-C.P.As dot com. Click resource is

[00:09:45.17] spk_2:
Okay. So, John, it’s only it’s only if you’re collecting data. Not not if you citizens or Swiss citizens are visiting your website merely visiting your website.

[00:09:55.14] spk_5:
But really, it is because what he has done has lowered the bar. What personal information is right? We all care. We were going to use the term sometimes P I I personally identifiable information. And so Jeannie pr is concerned about is if you collect P II. According to Judi pr and I key address. Right. We’ll have computers. We access a website. We have an I P. Address a stash. Consider P I So, technically, anybody accessing your website if you collect their i p address with, most people do automatically. You’re you’re technically subject that GDP are

[00:10:27.29] spk_2:
okay. Wait. All right, So you’re saying most web? Most websites automatically preserve the i p address of a visitor.

[00:10:36.34] spk_5:
Most do through, like, Google analytics or, you know, at least. Yeah, All these the analysts people use automatically get life he addressed with someone visits your website.

[00:10:43.64] spk_2:
Okay. And that then is an entering argument for GDP are to apply to your your website your your non profit

[00:11:34.01] spk_5:
Exactly. Just counsel our clients that you should really only be concerned if you’re collecting and be getting. Don’t you collecting information more than I p addresses to get it? It’s kind of Ah, it’s a risk reward. Be only getting a few I p addresses. You’re not doing anything with it. The odds are of GDP are becoming an issue on the regulators Looking at your not profit. Probably small, but okay, a lot not talk. But in this country that either have offices early, you or have people access routinely. So I’ll give you an example. We worked with a large, well known museum and when people come from your they often want to visit this museum in Manhattan. So they have ticketing and they’re having thousands of people not really least used to when people are travelling but museum tickets. Judy pr squarely applies. They have to comply.

[00:11:48.48] spk_2:
Okay, So beyond the beyond the this sort of perfunctory the i p address else. So if we don’t have ah location that people are buying tickets to come to, what other kind of data would would trigger the GDR for us?

[00:12:30.11] spk_5:
Any name and email address, you know, collecting that anybody resigned. And when I say the word residing, you don’t have to live there. So, technically, tony, if I went Teoh London and then made a donut, patients were not topping the US JD. Power applies to me with that trip is action. I’m now residing in the EU state token of somebody from the U is in the U. S. Exit donation to a non profit. Even though there are you sitting this in a transaction takes place in the U. S. GDP. Ours doesn’t apply. It’s a little bit complicated, but like I said it that today those

[00:12:30.46] spk_2:
those those are the exception. So let’s just deal with

[00:12:33.43] spk_5:
that at

[00:12:33.87] spk_2:
the mainstream. You got a new resident transacting from from the European Union. Um but let’s just assume all that you residents are in the the European Union for this conversation, right? None of them, they’re here. So

[00:14:01.36] spk_5:
So yeah, so replies just kind of get the kid like some of things you want to do. I say, like the low hanging fruit fidgety you are applies. The first thing is website privacy policy. I’m gonna talk about that a little bit more later in terms of a general privacy policy, the importance of it. But Virginia PRD is separate. Basically, GDP are notice that needs just list specific information. Uh, two people from the EU learning them of their rights. And some of the remedies they have, I’ve tell organizations of GDP are applies. The first thing you do is put a put a speeding car notice on your website. That’s something a regulator is the first thing they don’t look at. If you have, that is already one box check. That’s great. Thea. Other hurdle for a lot of non profit we work with is how to get, uh, what when someone wants upped and there’s no more opt out. Everything has to be in Upton and has to be a very specific and home up then, and this is probably the biggest challenge for a lot of non profits. It’s a much higher bar for consent. I’ll give you an example. No longer than you have to have a check. The box and the box says we are signing up to get email campaigns, periodic newsletters and other promotions, even if they check that box. Wegner Judy PR Let’s consider too broad, right? Every request for permission need to be very specific. You need to be clear and affirmative and very moment, one of the biggest challenges for Not

[00:14:10.45] spk_2:
question. So give me an example of of a consent that is properly worded.

[00:14:21.74] spk_5:
I hereby consent to the processing of my personal data for the price Rose Christ or period, not email newsletter, not general marketing purpose for a specific purpose. A price store. You could also say I’m I’m a I hereby consent to the processing of my data for your monthly newsletter. Now let’s say three months later, you have a new newsletter or different what you can no longer send them both newsletters. You don’t have to stand for that. You now have to go back to get the scent. You get one try. They don’t respond. You can’t go back to them again.

[00:14:47.79] spk_2:
Cannot. You can’t go back to them again.

[00:14:49.92] spk_5:
No. Cannot. And there’s no grandfather clause either. So you know a lot of people. At least couple years ago, I had all these names. They were wondering, what do we do? And you got one shot Thio going going to these folks and say, Hey, GDP, our allies way like to use your names. This way, please respond. Have you to get a response That said you can no longer market to these folks.

[00:15:30.84] spk_2:
Okay. All right. So you get one chance per each channel. Sort of. You don’t have to do it for each individual newsletter. I mean, individual mailing of the same newsletter. But But as you said, if you if you start a second newsletter on a different topic related to a different program, you’d have to get permission for that

[00:16:00.79] spk_5:
exactly right. And then the people that you do have kind of on your roster that you’re allowed Teoh work with the U there certain rights they have and these rights have to be passed on to the benders that not puppets work. With these age, everything’s in the cloud off. The odds are they’re using other folks that kind of help processes data. But anybody from the EU has the right of access. They have the right to know what you have about them. They have a right to a racer. They’re gonna ask you to delete their data at any time. You must comply with a certain period of time. They have the right to restrict processing. Yeah, you can use my data eat to give me a newsletter. But I don’t want to be in a cooperative where you’re sharing my name. Uh, they have the right the right to data portability. Give me everything you have and provide. Give it to this new provider on. They have the right to object to anything you’re doing with their data. And when we talk about the Jodi or notice the privacy policy, the privacy policy needs to kind of lift all these rights for EU people. You usually

[00:16:28.40] spk_2:
all right. And that policy needs to be on your website.

[00:16:31.95] spk_5:
Yeah, just like a regular privacy policy. But it needs to be a separate notice. It needs to be on the website prominently displayed.

[00:16:48.14] spk_2:
Okay. When you get consent for the processing of data around a particular purpose, do you need to remind people about their rights? Give them all these reactions, toe portability and the ratio, et cetera, or just one time on the website.

[00:16:55.11] spk_5:
No, No need to be part of your privacy notice. You don’t need to remind them proactively, but it needs to be listed in your GDP are profit privacy notice

[00:17:02.48] spk_2:
Privacy notice on your website.

[00:17:04.34] spk_4:
Yeah, right. Okay.

[00:17:05.86] spk_5:
And the fines are extremely high again for small missiles. Nonprofits to a very low interaction. I’m not concerned. Larger non puppets should be a little bit more aware and look concern. And, you know, one of the things you also need to be aware of. 1/3 party vendors GDP are now makes nonprofits directly responsible and liable for the axe or or emissions of the vendors that holding the state on your behalf. So you now need to give all these vendors specific provisions. Your mandated by GDP are specific. GDP are provisions that buying these benders to basically support your efforts to comply with GDP are so this is another hurdle.

[00:17:52.44] spk_2:
Okay. Um, all right, I would presume the largest vendors are acquainted with this by now, but you

[00:17:53.35] spk_5:
must have their own. Yeah,

[00:17:55.63] spk_2:
but you need to be proactive about ensuring that your vendors all do, whether small or large,

[00:18:00.84] spk_5:
Yeah, a lot profit use. It’s more of the small amount outside vendors, and they may have one in place, and the one they have a place might not be. You know, listen, that everyone takes a different approach. The vendor who supplies they’re all will be much more friendly towards them, so they should still be reviewed and negotiated.

[00:18:16.79] spk_2:
All right, so you’re asking, Are they GDP are compliant when you’re querying your vendors?

[00:18:23.40] spk_5:
Exactly. That May should also bishop. There needs to be the denim toe. Any contract that you have in place just not to get too technical, but the non profit who collects it. Who’s collecting? The data is called a data controller, right. They control the data, their vendors who helped process the data. So maybe a C. R M system, a black box, for example. They would be considered a data processor. Ben should be processing the data on behalf of the non profit who owns the data. So I’ll pop. It is data controller has kind of a much higher bar of requirements to me.

[00:19:03.14] spk_2:
All right. As long as you defined your terms, you keep yourself out of jargon. Jail on. All right. Um uh, Okay, well, there’s a New York law, but, you know, New York Shield, But our listeners are nationwide. So you want to just be much briefer about New York Shield just for our New York listeners?

[00:19:49.27] spk_5:
Yeah. Although New York still, tony, just like today PR, it doesn’t make a difference where you are. You collecting information from New York residents? It applies to you And I would argue is actually, it’s more important because the Jeep car that’s still question how the you will force it against a non profit who does not have offices in the U By how that happens. Nobody has seen yet. But but let’s put that aside, the New York Shelled Act gives the attorney general a public right of action. And certainly in New York, the New York Attorney General has a much further reach to go after not profit, whether they’re in New York or anywhere in the US, because we’re talking about the same country. So I would be as a non profit, more concern about New York Shield at this moment. First import most and then worry about you need your necks.

[00:20:01.72] spk_2:
Oh, all right, do other states. California is a pretty activist state. Do they have something similar that applies to all their residents?

[00:20:33.26] spk_5:
California has one called CCP A, but right now it does not apply to non profits. It only would implicate non profit ever have a four profit wing or Division A? Are there working with a four profit where, for example, be getting data from a company that’s getting from messages in CCP? A. The non papa should be concern at that vendor. Who’s providing you That data has complied with CCP A. But other than that, it doesn’t really apply to non profits.

[00:20:35.61] spk_2:
Okay, any other states.

[00:21:29.34] spk_5:
Massachusetts has had something for a long time, not too dissimilar from New York. But you need me. I think people are kind of and there are other unless there are other ones in the works. Colorado has won about us looking to pass something at some point. That’s in Kobe. 19 is for a lot of things on the back burner, but at some point we could have federal legislation, and you know what I counsel with non clap? It’s even which university BR came out and they said it doesn’t apply to me. I said, Even if it doesn’t, it probably makes sense of trying to comply his first ball. Everything’s moving towards greater accountability. Donors. Employees are getting more sensitive about Heather Data’s being used and starting to follow some of these protocols. Just make makes the non hop. It’s better stewards of the information they collect another day. We want to do like by these donors wanted to do right by our employees. The data were collected. So following somebody particles and they don’t apply is a smart practice because nothing wants unauthorized access to their systems.

[00:21:37.88] spk_2:
Okay, Okay. Um, the Massachusetts law is that limited to credit card information?

[00:22:05.54] spk_5:
No, let me call it. It’s a lot of different kinds of personal information, but has not been. I have not seen it really in forced on. A lot of organizations already have policies in place that kind of meet somebody obligations. And certainly if you’re if you start to meet the New York Field Act, which I think will be will be unless they enforce more vigorously, you’re probably OK on the on the Massachusetts

[00:22:10.22] spk_2:
front and the messages from Okay, so Yeah, that’s that’s true. In a lot of cases, like if you can comply with the New York law, you’re covered in a lot of other states because New York is so stringent. Um,

[00:22:22.40] spk_5:
I always say that you can make it here. You can make it anywhere. That was

[00:22:28.69] spk_2:
okay. Uh, yeah, but hey was intact. Think Sinatra was intending much more favorable. And the privacy compliance. All right, so what about New York Shield? You want toe? Give us an overview of that. What? What we should be concerned about this thing, This is if we’re collecting data from New York residents, that right?

[00:24:00.98] spk_5:
Exactly. Yeah, but I would argue I would take my most nonprofits to do any kind of real online access and gather data or getting donations. You probably have a, you know, at least amount from New York. But you know, many what may have a lot So certainly ones working on the East Coast would probably have a lot of New York residents accessing about side and giving information. So that’s about one of things. It expands. What constitutes a data breach, Uh, basically lowers that bar as well. So in terms of when you have to report a data breach, let’s put that piece of side. But this happened the most important thing for nonprofits to keep in mind. Now where? Why was them that says it may an individual one. Employees are pleased to coordinate data security program. This is key because most organizations don’t have one. This is the old saying. If you don’t know where you’re gullible, roads will take you there, and I’ve always counselled we have my non profit clients. If you don’t have somebody in charge of privacy, odds are nothing’s really happening on that front. So that’s good. This is a great example of even if you’re not collecting information of New York residents, you shouldn’t have a point person. Um, and what that point was it needs to do is he needs to look at, based upon your size and attack the information to collecting uh, that they have played a physical security tech technical security attacks, a compliance programs doing training were supposed to looking at Bender agreements and assessing risk. And now New York requires you to have certain provisions. Reasonable provision in every vendor agreement that makes me binds those vendors for doing the right things, that appropriate things in terms. Protecting the data you collect euros exposes, sensitively destroyed data when you no longer needed. And again, I know for many clients this ridiculous some of my clients and many non prop assistants in daunting. It’s not as hard to comply as they might think. And for some of our clients, I’m acting as that point person. It doesn’t have to be. And employees. It just needs to be somebody. So I’ve come in organizations. I’ve looked at the left look of the vendor agreements. Let’s see how things are being protected. Let’s look, if you’re doing training, just let’s look at the your overall approach to privacy and even and give a kind of annual advice that would get them a long way to comply. Europe show.

[00:25:04.84] spk_2:
Okay. Okay. Um, all right. And you know, good point also is you know, you said a few times Ah, it’s worthwhile to comply with these to the extent you can, even if you feel it doesn’t apply to you that the law may not apply, but it’s gets good practices.

[00:25:17.34] spk_5:
Yeah. I mean, listen, reaches typically happen from third party vendors That’s usually the case, because these days most people are using cloud providers or using third party vendors to kind of hold this data. If a breach occurs, a vendor’s Onley obligation is to tell you their client that the breach occurred. Your obligation under law. Is it now? No. Divide all the donors who stayed it might have been compromised. They could be credit monitoring costs. There could be legal costs that could be certain regulatory fines. So it’s it’s so example. New York, she’ll requires you to look at these vendor agreements and have certain terms in there. That’s just a smart thing to do. Third party vendor agreements are woefully one sided in favour of the vendors. They’re the ones drafting it on. And it just makes sense to review negotiate these agreements. We can certainly talk about you like five or six, uh, terms that should be in every vendor agreement you

[00:26:10.88] spk_4:
have. All right,

[00:26:11.21] spk_2:
You’re not gonna get to two. Ah, legalese on this. Are you mean I haven’t practiced? I haven’t practiced law since 1994 so

[00:26:19.35] spk_5:
I’m not

[00:26:20.09] spk_2:
gonna get technical for the non lawyer. The 99% of listeners who are not lawyers, right? Okay.

[00:27:12.94] spk_5:
You know, I can keep it. Very simple, just like. And I actually have a great checklist. I’m happy, you know, share with you, tony. People could reach out to me of things to keep in mind. But again, when you instill Ryan, you know, hopefully 98% of time, everything felt swimming. Well, it’s never an issue, but what they still wrong kind of pull out the contract. And again, these contracts very one sided, I joke because I mentioned before I used to work for a very large software company where I drafted a portion of their their client agreement. And then lately, I’ve had the opportunity to negotiate that agreement on behalf of clients. And I wind up rewriting the entire agreement and adding an extra 10 pages and and general counsel at this one company said, John. But you wrote the agreement, your last changing. But I’m on the other side of the deal. It’s a whole, uh, so it’s not just what’s in the agreement. That count

[00:27:20.67] spk_2:
doesn’t. That doesn’t make you That does not make you a hypocrite. People need to understand your allegiance at that time was different than your allegiance at the second time when you were rewriting the agreement that you were drafted in the first time. You’re not a hypocrite.

[00:27:29.68] spk_5:
No, no, no. We’ve fallen advocacy,

[00:27:31.74] spk_2:
advocacy. That’s what we call it. I have forgot that.

[00:27:34.82] spk_5:
Yeah, I’m advocating, but recognizing. I

[00:27:59.74] spk_2:
mean, you’re advocating. Okay. All right. Wait. So let me before you start taking these things off, just tell listeners eso if they would you want to reach you? If somebody wants to get this this checklist that you have He’s John J O N at Kerman and perlman dot com. And Perlman is p e r l m a n not like the, like, the gem or the stone. Whatever that. Whatever pearls are, it’s not like that. Okay, John, at prominent perlman dot com. Okay, you got 45 whenever five things, six. And

[00:30:18.68] spk_5:
get that quickly. Yeah, The 1st 1 is just the privacy of charity. You know, typically will be one of two sentences. We’ll take commercially reasonable practices, know in this day and age and with New York Shield when GDP are there apartments that they need to get a lot more meat on the bone in regard to how company will protect your information. So one of the elements you want to do is simply insert a lot of language that raises the bar again of what we spend it’s supposed to be doing and that they don’t do that. And there’s a breach. Now you have some kind of remedy, uh, to go back from limitation of liability. Every contact has it typically limits what a non topic can get. If there is any kind of loss or damage, anything goes wrong. So open just six months of these. Can’t you have to always negotiate that? They kind of data breach a date of event that we should be untapped direct at Mage is a but not profit is fully covered. The’s terms old Ausubel. I open get it, But you have to ask for it. You don’t ask for your not getting getting it. Uh, uh, rich notification really important. So if there’s a breach, I always put a section in that gets you both quick notification and get you all the credit monitoring and all the other costs. Regulatory fines cover. I’ve never had a better save. Noted that in the end it may take a few back and forth, you know, negotiations. Always a dance, but having a breach notification and uncovered cause it is essential to be two more transition service is when you want to leave the vendor. It’s very hard to leave fried when you’re working with somebody like relationship kind of know who who see the is added. That might broker but becomes very difficult. But transition service’s basically bond and surrender toe work with you for six months and with your new better of choice to make that transition seamless, very important to have that obligation in there. And finally, I would say, is, You know, during the court, in stage with when you’re working with a vendor, you get a whole types of promises. You’ll get lots of marking material. Here’s how the functionality hero features you got everything spray when you signed the contract, you’ll notice that almost there’s no mention just nowhere to be found. One of the biggest things I find my clients about difficulty with is where someone over promises and under delivers. How do you prove that it was not part of the contract? So all those kind of shining marking materials. All those handouts, all those things that give you. You have to attach that to the agreement reference, is it? So when I get things, don’t work out his plan. Now you can show why there’s a beach and what you can get out of the agreement. Very important.

[00:33:11.64] spk_1:
We need to take a break. Cougar Mountain Software. Their accounting product Denali, is built for non profits from the ground up. So you get an application that supports the way you work that has the features you need an exemplary support that understands the way you work. They have a free 60 day trial on the listener landing page at tony-dot-M.A.-slash-Pursuant. Now time for tony. Take two. Take another breath, doubling down on my advice from last week that you take some peaceful time. Um, whatever it is for you if it’s napping, if it’s walks. Um, I’m not thinking of exercise. Exercise is important, but I’m not thinking of runs right now or home workouts. I’m thinking of peaceful, relaxed, calm time putting your mind at ease. I’m talking like I’m tryingto get bring you down right now. I’m not. I’m just trying to give some ideas. This is not a meditation. That’s not a meditation minute. I did try meditation class. I loved it, Actually did something online with a woman who’s giving free meditation classes. Um, and for an hour, I was I was under hypnosis. Almost at almost. I was, uh, focused on breathing where the breath comes in, where I feel it very valuable. Eso maybe for you. It’s meditation, and I have never done that before. So that was unusual experience for me. But I loved it, and I hope to do some more with her. Whatever it is for you, you know you know what it is. Take it, Do it. Take the time for yourself. There’s a lot being asked of us that is unusual. And even if it’s more routine now than it was 456 weeks ago, it’s still stressful. We’re out of our routines, so be good to yourself. Self care, right self care. Take care of yourself. Do it each day. You deserve it. Please do it. That is tony. Take two Now back to data privacy practices.

[00:33:22.92] spk_2:
All right, if you were on both sides of this arguing because you said it’s a dance right so suppose you were on both sides. Which side would you? Which side would you give in and which side would win?

[00:34:09.68] spk_5:
You know, it’s funny, because I do represent, we have. We have clients that are often vendors. I think I’m very fair in Middle Road. I think, you know, given eight hours of myself come help with very for both sides. But you, tony, that’s a great example of Give you an answer. The limitation. Liability. I always think there should be reasonable carve outs. It shouldn’t be a car about unlimited liability again. It’s what offended would owe you. Something goes wrong. It shouldn’t be that anything goes wrong no matter what, Even if it’s not their fault, they should pay you. So, for example, a visit data peach. But they did everything they were supposed to do when they were so got hacked. That should not be uncapped. But I wait at my rivers, my clients, I I agree with that. But if they do something wrong and there’s a reach, their full, that’s beyond cat. What side of the Delamontagne? I’m always gonna push for both those.

[00:34:25.18] spk_2:
Okay. Okay. Eight hours with myself. I don’t know. I don’t know where I would go. I don’t want Oh, it’s not for public consumption, I’m sure. Um all right, so so is it. Is that what you say?

[00:34:36.09] spk_5:
I was thinking apocalypse. Now, that’s what happens when you have too much time on your

[00:34:44.04] spk_2:
OK. All right. Well, I was only r rated. All right, um, so it sounds like the difference. Maybe I’m getting too legalese now. It sounds like a different dream. Negligence, gross negligence and recklessness or something like that.

[00:35:21.99] spk_5:
Yeah, way. We’ll definitely end illegally. So I won’t go there. But those things are just sink. Since the name that contact get the most important thing for anybody listening is you need to have somebody review these agreements. Just don’t sign them. They’re always negotiable. Hopefully, you want somebody. And here is my biggest right. When I was at a black bond. Other companies that sometimes a lawyer who did not know understand technology, I wouldn’t really know what to ask, wouldn’t know had a mark up the agreement, make sure whoever you work with understands, right? They need to know what you’re getting. What the solution is to hopefully kind of protect your interests. So that would be like, he just have somebody who knows what they’re doing with you negotiating on your behalf.

[00:35:37.56] spk_2:
Okay. Cool. All right. Um, what else could we be looking at in this in this arena that can can protect us.

[00:37:17.21] spk_5:
Yeah. I’m gonna get you less than every non profit. If they don’t have, they should do immediately. That you have to think about updating. Are just checking in One is a plot privacy policy website. Privacy policies. Still a lot of non profit don’t have them if you have them. They’ve all from two drafted years ago. They have been updated. So the number of persons do is looking a privacy policy. Make sure it’s been updated. Last year, I would say it’s the transparency is the most important key. Do when you say it. Say what you do. Uh, in terms of the data you collect, you could almost almost do anything you want with it. If you’re transparent about it, you want to add you want oh, care with advertisers? Sure. You want to do you a cooperative? Fine. You want to even sell it? That’s often be possible. But you need to disclose that when somebody gives you the data, so having enough today, privacy policies really key if something goes wrong and people looking for privacy policy and you didn’t just close some of the ways you were sharing, and that’s where the data was lost to be a very big not only legal ramifications. Bobby CPR head. Andi even if we have a privacy policy and they need to be updated because things change all the time. What you were doing for years to the day, both in the back again in terms of how you’re analyzing in the front end has changed GDP. Ours would be an example in Europe shield. A lot of these things require certain statements in the privacy policy. Is your number one. Get a privacy policy. Make sure it’s updated. Make sure it’s accurate. Number two. You should also, in terms of use, terms of service that basically protects the organization, the views and don’t sweep it, then join your website. Very important, Uh, you know, what does that come from? Our what

[00:37:19.77] spk_2:
does that cover in terms of use in terms of service for website were just what does that cover what kind of

[00:37:24.71] spk_5:
anything anybody might do on the Web site in terms of making donations. When the rules, if you have a block, people post content. Or they can take your content, things that can and can’t do in the protection organization from a lot of different kind of legal planes. Just a kind of a standard document every non profit should

[00:37:40.00] spk_4:
have. Okay, Okay. Is that

[00:37:42.11] spk_2:
public to Is that on the website turned

[00:40:12.61] spk_5:
to use an exit privacy policy. Okay. Okay. Now a lot of charity navigator, uh, recommends that you actually have a separate donor profit privacy policy. Just why I read their privacy policy typically only covers when you collect online, they recommend to get the four stars that you have a separate donor privacy that speaks specifically to the information you collect from donors both offline and online. So some might want Consider whether it makes sense to have a separately for a daughter policy and a separate link for a privacy policy. Just like just why there, uh, we talk about bad nerves being an issue. So way kind of crossed that box. Look, pull out all your vendor agreements, see if you’re covered. It’s not when they come up for dual negotiate, I would say annually, no. Once a few years, you should do a privacy audit That’s more formal process where I typically even organization lots of different questions. All their different practices later the cyber security and privacy. And we see where the gaps are. But, you know, one thing I do is kind of a simple one is kind of member. The five W’s in the h. You’re kind of doing news. Recording the five question the six questions asked. They call the five W’s. What? Remember the what? Why, who, where, when and the how. So what is what data we’re collecting? A lot of organizations don’t understand all the data they’re collecting, so get a handle. What data is your collecting? Why, why? You clicked on the state of more many organizations like more David, I need more data. You have the work more risk. You have rights. Onley collected data you need who has access to the data again. People should only have access to the P I. I personally identifiable information you collect who need to have that access. More people have access. The more things that could go wrong. Where? Where’s a dork? Data store. It’s an offline. Are they locked in? Cabinets are there, you know, with vendors. Have it. Are there volunteers? You have access to it. So where is the data stored? When? When is the day to delete it? We’ll talk about that a couple minutes. But you should only keep dating for Florence. You needed and know lots of non profit clients get data for years and years. Even if somebody, for example, is and donated 10 years. The more data you key, the more risk of presidents a loss. And then how House of Data being protected, like in terms of all that, when the data’s being kept, How is it being protected? Really important question You kind of answer all those questions is initial step. You’ve already gone a lot further than a lot of organizations and and kind of being better stewards. That information you collect, uh,

[00:40:13.35] spk_2:
on the, um made 12th 7 dubbed 17 70 on the May 12th 2017 show, I had a guest on talking about cybersecurity insurance.

[00:40:27.61] spk_5:
Yeah,

[00:40:35.61] spk_2:
so now, so listeners could go back to that 5 12 17 show. You can get a lot more detail there because we spent the whole half hour talking just about insurance. But what? What are some key things you want to say about what cyber insurance could protect you against?

[00:42:00.94] spk_5:
You should definitely have a cybersecurity policy with two things. You should make sure your vendor has a cyber security policy. It should be large enough to protect you if something went wrong. So for these bigger vendors, that should be a minimum five million anywhere from 10 to 20 million. You should be named as what they call an additional assured on the benders policy. So you have a direct right and claim against their policy. Putting that aside you non toughest wanna have their own cyber security policy. Okay, they won’t have a policy that basically match the company’s risk that organizations risk that kind of work. They do. You need to make sure has the specific terms that that cover that organization. I’ll give you a great example. We have one plane, very large non profit. Had a head of non had a cyber security policy. They were paying over $100,000 a year for I read through it my joy is released. Things it didn’t apply to them. It was a sign of security policy for a service provider, not for a organization using service providers. So they had to get a new policy. Has something happened? They would have been covered. So I know people hate these policies along their involved, but somebody should read them before you sign them. Work with a good agent that have your attorney be the policy. But every organization listening should have their own cyber security policy a minimum of one million up to depends on the amount of data collecting, uh, you know, on an annual basis in the kind of transactions were doing.

[00:42:23.60] spk_2:
We all hate insurance, but you know, whether it’s auto or homeowners air, I got flood and wind, and but, you know, it’s peace of mind. So and all the you know, all the headlines we see. I mean, this stuff can apply to you as well. Like like we’re talking about. So, uh, you’re not You’re not. Yeah, you’re not. You’re not free because you’re not profit or you’re not, uh, safe.

[00:43:15.62] spk_5:
Yep. It’s all over. When There That you should have one is a data retention and destruction plan. And, you know, this goes back to some of the questions we’re talking about. A data audit you only want keep Davis, or as long as you need it and you want to make sure get rid of it the right way right away. That really destroys the data. So if you have your organization doesn’t have one. You really want a formal data retention destruction plan? By the way, if I didn’t mention it to your killer app requires you that have that a place. So again, you need to think about it. It’s a good practicing of New York shoulders, and if I every organization should have it. Also, business continuity plan. You know, this has come up a lot with Kobe. 19. You know, organization should have a plan in place when something China’s for profit happens, it would. You know, this pandemic was challenging forgiven organizations who had a plan. And I think now we’re over advising plans to take into account the sites of things. But you should have a planet. You know, one of your critical providers goes down. If there’s a data breach, who do you call? You know. How do you respond? New York Shield activity are required Response in a very short period of time. Tony, Order Gate to kind of mitigating organizational damage is the damage that can occur. You need to do the right things early on. So having that in place to support

[00:43:43.94] spk_2:
is this is this the same is a disaster recovery plan. Is that what

[00:43:47.66] spk_5:
you say? Yeah.

[00:43:48.11] spk_4:
Okay.

[00:44:07.99] spk_1:
Time for our last break. Turn to communications. They’re former journalists. So you get help getting your message through it is possible to be heard through the Corona virus cacophony. They know exactly what to do to make it happen. The turn hyphen two dot ceo we’ve got but loads more time for data Privacy practices.

[00:44:51.06] spk_2:
I had a whole show Are I have to show half an hour on disaster recovery plans. I don’t remember the date, but, um, the guest was dar d a r v vor ca v e v e r k a dar viveca choose from one of the non profit technology conference shows. So if you go toe tony-martignetti dot com when you’re looking for the 5 12 17 show on cyber insurance that when I did. I did get the date on that one. This? Ah, this one don’t have the date. But the guest was Dar v Barca on disaster recovery plans, including including sometimes that alternate locations. Even depending how bad the disaster is. You might need a backup location. Do you have that in place?

[00:44:59.89] spk_5:
Yeah, and usually that’s for the benders. Using someone hosting they should have that in place. But released are non profits. It’s more cola called when something bad happens. You know what the weather sex you take to mitigate into remedy.

[00:45:16.49] spk_4:
Okay. Okay. Um

[00:45:17.46] spk_5:
and then, tony, one other thing I’ll add is, you know, a lot of people in this goes to people working from home. It’s even more important. But a lot will use their own devices. Your own PC, sometimes accessing work stuff. You want to have what they called the wild, deep policy. Bring your own device to work one of the views. And, Jones, if you’re accessing information from your personal phone from your computer, what are you allowed to do when you What is it you shouldn’t do? A lot of this is just good training.

[00:45:53.59] spk_2:
Yeah, whether right. Whether even allowed to use your own device. But then there has to be a non profit provided advice and all right, what about? So this is you mentioned that? What about other? We have other data privacy concerns. I’m sure we do around, ah, distributed workforce. And, you know, I think they’re gonna be changes to do work life, and there may There may be a lot more remote employees going forward Then we’re accustomed to just two months ago. So what about this? Having a more distributed workforce and around data privacy?

[00:47:38.88] spk_5:
Yeah, exactly. I kind of when I think about over 19 have been speaking about There was a philosopher and physicist, Thomas Kuhn, and he had a term paradigm shift that, you know, once in a while once a couple 100 years is that is a paradigm shift that changed the way we think of the world. You know, Not Newton Newton’s right. What was a paradigm shift? Mechanics. The paradigm shift and you don’t usually know is a paradigm in ship until after it happens. Kind of like a recession. You can’t look back. I certainly think over 19 at least in the short term and made the lumber could be, you know, paradigm shift The way we’re approaching work when we approach our our lives outside of work has changed dramatically. And there’s challenges with that. Sure, only people working from home, uh, heightens the risk associated with with data breach and unauthorized access. I’ve talked to my colleagues that been studies. The amount of research that happened have gone up dramatically. I don’t know about you, tony, but literally every week I get emails from CBS Chase Bank Wal Mart over Me gift card. Tell me to click on a link. It looks like it’s CBs dot com, but look, the sub tomato. It’s nothing like that. Exactly. When people working from home, they’re not. They just can’t be a safe. So there are a lot of things digital kind of a 10 to Now that we have a remote workforce, Uh, like what? What’s that?

[00:47:39.46] spk_2:
Yeah, OK, I think we’re gonna go onto something else. Yeah, Like what?

[00:48:06.94] spk_5:
I don’t know. I can tell you. So you want to review if you have policies in place, review them. You don’t have policies in place. You need to kind of tell folks what’s expected of them when I’m working from home. Uh, need to communicate. You can’t over to communicate on these types of things. Training annual training would be helpful, but you’re a few of the things that could go wrong. Ah, lot of folks transfer, transfer organizational data to their email accounts and seventh and cells. A commercial email pound has a lot more protections in a personal email account. If they’re sending things from the from of the organization and downloading from emails, they should delete that email as soon as they get the day that they no longer need it. So don’t keep that in your emails that that could be hacked later on, uh, using personal cloud stores storage. Is that not all the same? Make sure the ones they’re using our secure physical document management. You know, we always think about digital data, but a lot of people bringing things from their office home and as a physical document, how is that being capped it when it’s all over leading houses being destroyed, it should be left in a car to be shredded. So let’s not. Let’s not forget about the security of physical documents, unsecured connections to employers if they’re not using BBN, that could be a problem. You need to make sure that people are accessing organizational information in a smart way.

[00:48:56.27] spk_4:
Yeah, that one.

[00:48:56.95] spk_2:
That that’s you. That’s where you have to look to your Internet service provider, right for the for the security that they’re providing on on your connection.

[00:49:42.97] spk_5:
Well, here’s the thing. That’s that’s about your home router. Personal public routers. Let’s talk about personal people have personal. Rather, you come into my home and you access trying to access my Internet. You need a 13 digit pass code. Most people don’t do that when they’re working from home. A lot of people keeping unsecured network. So would you recommend anybody work home should basically activate their round of firewall and, you know, and utilize malware on their computers and and make make everything password protected. So that’s a great example of you. Don’t people think I’m hold? Who’s gonna access my information? That could be easily hacked your home router?

[00:49:48.43] spk_2:
Yeah, okay. On our malware protection so that I mean, that’s something that the employees would have to subscribe to.

[00:49:55.27] spk_5:
Well, yeah. So we’re talking about non working shooters, right? Way are Yeah. You’re

[00:50:12.35] spk_2:
in your home? Yeah. I’m not writing home. I have next ride to where the company has got. The organization has to pay me to subscribe to, uh, malware bytes or something. One of the malware protection companies. Well, we’re in three Norton, 3 60 policies. Something like

[00:50:16.50] spk_5:
that. Yeah, well, working organization. But some of these things, like every router, comes to the ability to put put a password on it. So some of these things are just reminding employees and training them on best practices. Are you working from home here? Like the 10 tips you should be keeping in mind Remind them about from time to time. A lot of a lot of unauthorized access and data breaches. A large percentage could be avoided with just some kind of smart polluting practices.

[00:50:58.80] spk_2:
Okay. Okay. Yeah, there’s I think they’re gonna be a lot more people working from home. Ah, year from now than there were in 2019. Um, I mean, including on the employee side. I’ve heard from a few people that they like working from home. No. And there have been there. I just saw. I just saw study some research like yesterday or something, but were more productive when we’re working from home

[00:51:08.93] spk_5:
back. I

[00:51:45.12] spk_2:
don’t. Well, there’s a lot of reasons. Plus, it’s better for the environment. You save commuting costs, you save gas or public transit. We’re keeping people off the roads. It’s safer. Better for the environment. Yeah, there’s a lot of advantages. All right. Um, I’m you know, I’m a neo fighting all these things, but I know how to read. I can read and regurgitate. I’m like, I’m, like, a like a billboard that you put something on my forehead and then you can read it off my forehead. That Z that’s my role. Um, all right, so we got, like, another three minutes or so, Roughly. You want to leave us with? Yeah, I think you have some. Some resource is tools you can recommend.

[00:51:51.86] spk_5:
You know, I actually I have a lot of different checklists. You said you’re a billboard on a checklist maker s. So I have a variety demand check checklist related to both data data. Privacy on its GDP are policies which should be in there. Your privacy policy. What elements should be in there? No. People always ask me tony can you just give me privacy policy and, like, know who’s that? Privacy policy describes what you do. You know the worst thing that you take somebody else’s privacy policy from another wet side. A is copyright infringement, but it never fits where you’re doing. So I can give you a list, for example, elements that need to be every province in policy. But how you address those, for example, depends upon what your organization is doing with the data. How is it looking at in the back? It? How is this sharing what third party better is really working with? So a lot of my re sources are kind of best practices and tips. I’m happy. I know you get my email just before I’m strictly looking access. But what’s like? I’m happy to kind of, you know, give me some people toe, depending on their needs. Anything we talked about today, there’s a checklist for that.

[00:52:51.88] spk_2:
Uh, these aren’t on the check the silent on the Perlman website, though

[00:52:56.55] spk_5:
I don’t think we posted on the website. Typically, I like to hear what the client needs. Just before, I kind of threw out checklist because, you know, sometimes a lot of information to be overwhelming.

[00:53:14.11] spk_2:
Okay, so, John, at permanent perlman dot com. Um, all right, John. I mean, uh, is there anything you want, toe? I’ll give you a chance to close. And you want to close with?

[00:53:20.65] spk_5:
No, this is again. Thank you for the opportunity I started. I think our conversations saying that you know what I’ve seen? It’s not profits have really kind of lagged for profits and kind of, you know, taking some of these precautions. A lot of things you talk about are simply achieved. It takes a little time, little commitment, but taking some of these small steps, go a long way and come and you know you can never take it. You know, data breach on the north rise access off the table. But you can certainly kind of mitigate risks and be better stewards of the data you’re collecting on behalf of her donors. So I hope this was helpful again. And I love kind of counseling our clients on these types of information the sets of policies of because I know it puts them in better stead.

[00:54:46.34] spk_2:
Yeah. All right. John Janet Perlman and roman dot com. Thank you. very much for doing that, John. Thank you for sharing my pleasure. Next week. Maria Simple returns, plus a 20 NTC panel. If you missed any part of today’s show, I beseech you, find it on tony-martignetti dot com were sponsored by wegner-C.P.As guiding you beyond the numbers. Wegner-C.P.As dot com by Cougar Mountain Software Denali Fund Is there complete accounting solution made for nonprofits tony-dot-M.A.-slash-Pursuant Mountain for a free 60 day trial and by turned to communications, PR and content for nonprofits, your story is their mission. Turn hyphen. Two dot ceo Creative producer

[00:55:27.10] spk_0:
is clear. Meyer off. I did the postproduction. Sam Liebowitz managed The extreme shows Social Media is by Susan Chavez. Mark Silverman is our Web guy, and this music is by Scott Stein of Brooklyn. You with Me next week for non profit radio big non profit ideas for the other 95% Go out and be great talking alternative radio 24 hours a day.

NextGen:Charity Interview With Andrew Noyes

Wonder what it’s like to work for Facebook? Andrew is their Manager of Public Policy Communications, creating and managing strategic relationships in official Washington D.C.

We started off talking about Facebook’s interests in the capital and moved around to privacy management and “optimizing your Facebook experience.” Watch our conversation here.