The comment period is closing Dec 16th on an IRS donation reporting rule proposed in September that would allow nonprofits to send donor information directly to the IRS rather than send a donor acknowledgment letter to the donor.  You may have heard about this from your state nonprofit association or the National Council of Nonprofits. The proposed rule would require nonprofit organizations that opt in to this reporting to store and transmit donor Social Security Numbers (SSNs) to the IRS. This would serve to simplify filing for donors, because their donation of over $250 would already be linked to their SSN and would automatically become part of their online file.
Community IT doesn’t advocate for or against IRS rules, but it is interesting to observe the outpouring of bipartisan sentiment against a) imposing the burden on nonprofits of keeping SSN#s secure, b) asking donors for their SSNs or c) believing the IRS would keep the SSNs secure given recent breaches.  It’s gratifying that the nonprofit community is taking security to heart, and doesn’t underestimate the difficulties of linking personal data with SSNs throughout the life of these transactions.
If you too are concerned about IT security for nonprofits – whether or not you store SSNs or may be asked to in the future – please join us January 21st for IT Security Threats to Nonprofits – our first free webinar of 2016, when we’ll discuss the many many ways hackers are trying to control your network and what can stop them.
And check out our other resources on data storage options and security.