Overview
This guide helps nonprofits protect sensitive client information from misuse by generative AI tools, framed around the idea of a “digital data container”—a set of simple processes for understanding what data an organization holds, how it is collected and used, and where it is stored. It walks through five components of that container—secure storage, permissions and access controls, encryption, backups, and policies—and offers concrete first steps like classifying data by sensitivity, anonymizing anything shared publicly, turning on safety features in a CRM, and using a password manager with multi-factor authentication. It places Indigenous data sovereignty at its core, explaining the OCAP principles (ownership, control, access, and possession) and urging organizations that work with First Nations partners to co-design governance agreements grounded in free, prior, and informed consent.
Do you have feedback on this resource?
Thank you for your feedback as we strive to curate and publish resources to help social impact organizations succeed with data.
Related Resources
How to assess an organization’s data asset risk
In this guide, you will learn how to first identify your data assets, and then assess their associated risks.
How to assess an organization’s risk of data breaches through human error
This guide will focus on assessing the risks of human error leading to data breaches within your organization.
How to respectfully use and inform communities about Personal Identifiable Information (PII) collected about them
This guide covers key characteristics of PII, how to request it from communities through informed consent, and best practices in how to manage it without undue risk.
