Online privacy and security practices of the 100 largest US nonprofit organizations

• Although online consumer privacy has been an important issue in the commercial realm for more than a decade, nonprofit organizations (NPOs, or nonprofits, for short) have just begun to address the topic recently. No published scholarly research has examined the online information practices of the largest NPOs with regard to privacy and security issues. The absence of data leaves one unable to empirically gauge the extent of NPO compliance with the Federal Trade Commissions (FTCs) suggested information practices. Such an investigation would be useful not only to US nonprofits but also non‐US nonprofits that are reaching US donors via their web sites.
• This study examines the online information practices of The Nonprofit Times 100 web sites and compares their practices to that of their commercial counterparts. The NPO web sites were found to collect just as much, and in some cases even more, personally identifying information as the commercial sites. The NPO web sites were more likely to display a privacy disclosure and privacy seal. Of critical concern, and not assessed in the commercial samples, is that nearly all of the NPO sites post personally identifying information (of individuals who are not employees).
• The current study provides benchmarks useful for assessing security issues pertaining to the collection, use, and even posting of personal information for NPO web sites. It also proposes actions for improving online security and privacy with the hope of encouraging more discussion of these important issues within the NPO community.

Copyright © 2008 John Wiley & Sons, Ltd.