Article

Closing the Gate: A Nonprofit’s Guide to Data Sovereignty and AI Safety

A practical guide to protecting client data from AI risks, built around a simple "data container" and Indigenous data sovereignty.

Overview

This guide helps nonprofits protect sensitive client information from misuse by generative AI tools, framed around the idea of a “digital data container”—a set of simple processes for understanding what data an organization holds, how it is collected and used, and where it is stored. It walks through five components of that container—secure storage, permissions and access controls, encryption, backups, and policies—and offers concrete first steps like classifying data by sensitivity, anonymizing anything shared publicly, turning on safety features in a CRM, and using a password manager with multi-factor authentication. It places Indigenous data sovereignty at its core, explaining the OCAP principles (ownership, control, access, and possession) and urging organizations that work with First Nations partners to co-design governance agreements grounded in free, prior, and informed consent.

Do you have feedback on this resource?

Thank you for your feedback as we strive to curate and publish resources to help social impact organizations succeed with data.

Send us a note

Related Resources