Tuesday, July 27, 2010

Assessing Associations' Identity Theft Red Flags and Risks

I love getting articles from the attorneys at Venable.  Many times the content is something I've never thought about, like this one...association identity theft red flags and risks.  So many nonprofits have online options for paying dues or making donations, which leaves donors or members vunerable to identity theft.  Or perhaps they have paper or electronic records of sensitive donor information such as credit card and bank account numbers, security codes, etc.  Have you done a risk assessment of your nonprofit?  Not just the possibility of your nonprofit accounts and identity being stolen but how safe is the identity and information of your donors?  Bunnie

Update: On May 28, 2010, at the request of several Members of Congress, the Federal Trade Commission announced it is further delaying enforcement of the “Red Flags” Rule through December 31, 2010, while Congress considers legislation that would affect the scope of entities covered by the Rule. If Congress passes legislation limiting the scope of the Red Flags Rule with an effective date earlier than December 31, 2010, the FTC indicated that it will begin enforcement as of that effective date.


The Identity Theft Red Flags Rule (the “Rule”), 16 C.F.R. Part 681.2, was developed by the Federal Trade Commission pursuant to the Fair and Accurate Credit Transactions Act of 2003. Under the Rule, financial institutions and creditors with covered accounts must have identity theft prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft.

While many associations meet the Rule’s definition of a “creditor” because they accept payments over time for good/services provided, such as membership dues, publications, events, etc., many of these associations will not meet the Rule's second prong for coverage, which is having a “covered account.”

An account is “covered” under the Rule if it is for personal/household use. If not, the account can still be “covered” if there is a reasonably foreseeable risk of identity theft to either the account holder or the association, based on past experience in the opening, accessing or transactional use associated with the account.

Therefore, it is crucial to first conduct a risk assessment to see whether or not the association’s risk of identity theft regarding customer accounts (including those of both members and non-members, whether corporate or individual) is reasonably foreseeable; if not, then the association does not have “covered accounts” and is not within the scope of the Rule. In that case, the association should keep a copy of this written risk assessment on file, and update the risk assessment at least annually, as evidence of Rule non-coverage.

If, on the other hand, the risk assessment indicates a reasonably foreseeable risk of ID theft and hence Rule coverage, then the association's Identity Theft Prevention/Red Flag Program must also include a written Policy and Procedures. The following risk assessment tools are one possible way to weigh some of the various facts that might go into such an assessment. But each association must consider its own facts and experiences in dealing with customer account information, to arrive at its own particular assessment of the ID theft risks.

Finally, it is important to remember that there are numerous other laws and regulations, at both the federal and state levels, that may cover associations' privacy and information security practices, depending on the type of information obtained, used, sold/transferred, and retained and/or disposed. Associations, therefore, must consult legal counsel to determine their specific coverage and compliance issues with regard to privacy and information security practices.

* * * * * *


Number of Customers, during the period from 1/1/XX to date: ______________
Number of Customer Transactions, from 1/1/XX to date: __________________

[Appropriate time frame for risk assessment: past 3-5 years preferable, past 2 years minimum. Customers includes both members and non-members, whether corporate or individual]

Risk Assessment Key


A=Access (view balance; change personal information; change payment method)

T=Can conduct transactions (make a payment; transfer funds; obtain products)

“Experience” indicates whether association has had previous experiences with identity theft with respect to each specific type of account.

Risk ratings* are “High” (H), “Moderate” (M), and “Low” (L).

*Explanation for risk ratings: Risk ratings are based on the association’s size in terms of customers and annual transactions, the number of individuals authorized to access each customer's account, and the association's existing policies and procedures (such as Internet security, account oversight, account agreements, etc.). The risk also depends on the types of products/services normally sold to each customer, the accessibility of the customer account, the association’s experience with identity theft, and how susceptible the offered products and services are to fraudulent activity.


Monday, July 19, 2010

Great Opportunity! The Nonprofit Technology Leadership Academy

Whenever I can, I like to post opportunities for training on this blog, and I especially like it when the training is free!  This is a terrific opportunity to move your organization ahead technologically.  So often nonprofits and associations find it difficult to carve out training in their budgets, but with this Technology Leadership Academy, you don't have to, all you have to do is apply.  The application deadline is July 30th, 2010.  Bunnie

Now more than ever, nonprofit leaders must understand the potential technology has to help them meet their missions. You require effective ways to manage technology and lead others to use the available tools to your best organizational advantage.

That's why we're thrilled to invite your organization to apply for the Technology Leadership Academy, our 9-week online training program designed to help nonprofit leaders do just that.

Learn more and apply to the Technology Leadership Academy here:


The Academy will be a unique opportunity to learn and interact with your peers while creating a tight network of nonprofit leaders working toward a common mission: to use technology to create more social change. Thanks to the generous support of Microsoft, we're able to offer the Technology Leadership Academy at no charge to qualifying organizations. You must apply for acceptance to the Academy, and there are, of course, some application requirements.

But oh, will it be worth your time. Your instructors during the weekly core sessions will be top nonprofit leaders like Beth Kanter, Katya Andresen, and Edward Granger-Happ. You'll also have the opportunity to interact with field experts like Charlene Li, Founder of Altimeter Group and Author of Open Leadership, in Ask the Expert sessions. The online sessions will take place weekly from September 29th through November 22nd. You can see the full schedule here.

At the end of the 9 weeks, you'll be able to:

Articulate the value of technology in your organization for yourself, your staff, funders, and other key stakeholders.

View technology as integral to every department in your organization.

Recognize options for funding IT projects in your organization.

Staff technology effectively.

Manage the organizational change that technology can produce.

At the end of the course, you will receive a certificate of completion from NTEN and Microsoft. Space is limited, however: for this pilot effort, we will only be able to accept 50 organizations with annual budgets under $2 million.

So, yes, the Academy will require commitment, but, knowing our community, we don't expect that will be a problem for you. Please take some time to review the application guidelines, gather the necessary materials, and apply to the Technology Leadership Academy before July 30th. (By the way, participants will be able to earn points toward some special software donations from Microsoft, free 2011 NTC registrations, and more.)

Learn more and apply to the Technology Leadership Academy here:


We look forward to reviewing your application and learning more about your plans to use technology to help your organization meet its mission,

Brett Meyer
Communications Manager
NTEN: The Nonprofit Technology Network
brett at nten dot org
Twitter: brett_meyer

Sunday, July 11, 2010

Country's Largest Charity Evaluator Expands Analysis

The folks at Charity Navigator do incredible and important work by evaluating the stewardship of donor dollars.  Every nonprofit should follow their guidelines for what information to provide the public regarding the organization's management, structure, income, expenditures, etc.  Getting a good rating from Charity Navigator is important because it will assure your donors that you are responsibly and ethically using their money for good.  Bunnie

Country's Largest Charity Evaluator Expands Analysis

Charity Navigator's Enhanced Service Helps Donors Assess a Charity's Commitment to Accountability and Transparency

Donors will be in a better position to make informed giving choices now that Charity Navigator, America’s largest and most utilized charity evaluator, has expanded its analysis.

Since launching its service in 2002, Charity Navigator’s free financial evaluations --- which examine how a charity functions day to day and how well positioned it is to sustain its programs over time --- have changed the giving habits of the general public. But financial metrics are just the starting point in choosing a charity to support. Donors must also have access to information that considers a charity’s accountability and transparency practices and assesses its effectiveness and results. Starting this month, Charity Navigator is deepening its analysis by rolling out new metrics that examine the accountability and transparency component.

“Smart donors should require evidence of accountability and transparency from the charities they support,” said Ken Berger, President & CEO of Charity Navigator. “They should require this evidence because charities that are open about their performance and follow best practices in areas such as governance and donor privacy are less likely to engage in unethical or irresponsible activities and, as a result donations to such charities are a less risky investment.

“Charity Navigator was created with the goal of advancing a more responsive philanthropic marketplace, in which donors and the charities they support work in tandem to overcome our nation's most persistent challenges. We are thrilled to go beyond our financial ratings and take our analysis to the next level. By reviewing each charity’s commitment to accountability and transparency, we can help donors make even smarter giving choices.”

When examining the accountability and transparency of charities, Charity Navigator’s new methodology seeks to answer the following questions:

Does the charity follow ethical and best practices?

Does the charity make it easy for donors to find critical information about the organization?

Specifically, the methodology, which was developed in partnership with Charity Navigator’s staff, Board, Advisory Panel (http://www.charitynavigator.org/advisory), donors and nonprofit leaders, tracks the following:

1) A review of the charity’s website to determine if

Board members listed

Key staff listed

Audited financials and Form 990 included

Privacy policy posted

Inclusion of information about effectiveness and results

2) A review of the newly expanded Form 990 to determine if

The charity has made loan(s) to related parties

There has been a material diversion of assets

There are minutes for Board meetings

Copies of the Form 990 were provided to organization’s governing body

The charity has a conflict of interest policy

The charity has a whistleblower policy

The charity has a records retention policy

The charity disclosed its CEO’s name and salary

The charity has a process for determining CEO compensation

The Board is paid

The audited financials were prepared by independent accountant

An audit committee exists

As soon as the accountability and transparency data is gathered on a particular charity, it will be posted on its ratings page. However, no charity’s rating will be impacted by the results of this richer analysis until the data has been collected for all 5,500 charities in Charity Navigator’s database. For more information about Charity Navigator’s new Accountability / Transparency Methodology, please visit: www.charitynavigator.org/accountability. And to see a sample of a charity that has been reviewed for its accountability / transparency data, please visit: www.charitynavigator.org/accountability/list (more charities will display this data in August).

About Charity Navigator (http://www.charitynavigator.org/)

Charity Navigator is the largest charity evaluator in America and its website attracts more visitors than all other charity rating groups combined. The organization helps guide intelligent giving by evaluating the financial health of over 5,500 charities. Charity Navigator is a 501 (c)(3) organization which accepts no advertising or donations from the organizations it evaluates, ensuring unbiased evaluations. Charity Navigator, can be reached directly by telephone at (201) 818-1288, or by mail at 139 Harristown Road, Suite 201, Glen Rock, N.J., 07452.

Media Contact
Sandra Miniutti, Vice President, Marketing
(201) 884-1051

Tuesday, July 6, 2010

Nonprofit Tagline Awards!

You may have missed it last year...but now is your chance to enter this year...it is the 2010 Nonprofit Tagline Awards!  Nancy Schwartz of "Getting Attention" has kicked off this year's competition.  And if you want to know what the Tagline Report looks like, here's 2009, it is awesome! 2009 Tagline Awards Report  I think it is often difficult for a nonprofit to come up with an effective tagline, especially one that conveys the mission of the organization.  And that may be because we hang on to mission statements or even programming that is no longer relevant.  Read the 2009 report and you will be inspired to look at your tagline with a fresh prespective.  And then...enter the 2010 Tagline Awards!  Bunnie

Three New Categories Launched As Annual Nonprofit Tagline Awards Open

Great Words Promoting Good Causes—Organizations Everywhere Invited to Enter

The Getting Attention Nonprofit Tagline Awards Program (a.k.a. The Taggies), the world’s largest collection of nonprofit taglines, opens its third award season this week with the addition of three new categories.

Now, nonprofits everywhere will be able to enroll their organizational tagline in the annual program, plus any taglines they’ve created to support programs, fundraising campaigns and special events.

“The tagline is a critical element of any nonprofit’s message platform,” says Nancy E. Schwartz, president of Nancy Schwartz & Company and blogger at Getting Attention (www.gettingattention.org), the award program’s organizer.

“Adding these three new categories gives more organizations a chance to showcase their best efforts to effectively reach and communicate with their target audiences.”

In addition to the new categories, libraries have been added as a section of the organization tagline category.

Organizations can enter their nonprofits’ taglines via an easy-to-complete entry form at http://bit.ly/cQjUsw

Winners will be chosen in 13 organization fields of focus and one each in programs, fundraising and events, says Schwartz.

The deadline for entering an organization’s tagline is July 28.

This year’s award program finalists will be selected by a panel of 16 judges, including representatives from two winning organizations from last year’s program.

In late August, the finalists will be notified before voting for the tagline award winners begins in September.

Award winners will be announced in late October. The 2010 Nonprofit Tagline Report and updated database will be released in November.

Schwartz says a strong tagline does double duty – working to extend an organization’s name and mission while delivering a focused, memorable and repeatable message to its base.

All entrants will receive a free copy of the fully-updated 2010 Nonprofit Tagline Report. It’s the only complete guide to building an organization’s brand in eight words or less. There are now more than 2,500 taglines compiled and organized in the report, and that number will grow significantly with 2010 award submissions.

Twitter users can follow the 2010 Nonprofit Tagline Awards via the hashtag #taggies.

The Getting Attention Nonprofit Tagline Awards Program has four generous sponsors this year: Blackbaud, sponsoring the fundraising campaign category; Event360, sponsoring the special event tagline category; and general sponsors Eventbrite and See3 Communications.


The annual Getting Attention Nonprofit Tagline Awards program came about when so many powerful taglines were submitted to the Getting Attention survey on nonprofit taglines, and is designed to motivate and guide nonprofit organizations to put effective taglines to work.

A list of 2008 and 2009 award winners can be found here: http://gettingattention.org/nonprofit-taglines/award-winners.html


The Getting Attention Nonprofit Tagline Survey, implemented in 2008, investigated styles, usage trends, what’s working and what’s not in nonprofit taglines based on data provided by 1,900 nonprofit communicators working in organizations across 11 vertical sectors and countless locations (mostly in the United States).

Survey findings are available in the 2009 Getting Attention Nonprofit Tagline Report



The Getting Attention blog and e-update http://www.gettingattention.org/ are no-charge, high-value sources of ideas, tactics, and tips for nonprofit communicators focused on helping their organizations succeed through effective marketing.

Nancy E. Schwartz provides marketing services to nonprofit organizations and grantmakers via Nancy Schwartz & Company and is the publisher of Getting Attention.