How Technology Misuse and Abuse Can Harm Your Nonprofit

Technology can be a tremendous asset for nonprofits. It powers modern communications, fundraising, and marketing, and generally can help a nonprofit team operate more efficiently and effectively. But there can be a darker side to technology.

While we may not like to think about it, the potential exists for people (inside or outside the nonprofit) to misuse or abuse technology in ways that may harm the organization. Here are some technology-related activities to be aware of that may harm your organization:


Online trolls are those who like to stir up trouble by posting inflammatory content in an effort to denigrate an individual or organization and/or provoke a reaction. There may be a temptation to badmouth a competitive or opposition organization, but the best policy is always to show respect. Even if you think you may score some political points by trolling another organization, it will only come back to hurt your organization by damaging your own reputation, and you run a risk of turning off supporters and even creating sympathy for the other organization. Similarly, if your organization is trolled, it’s best to take the high road and respond with respect.

Bogus donation attempts

It’s not uncommon for thieves to make a series of donations or attempted donations for a small amount — say $5 or less — to test if stolen credit card numbers are working so they can use them elsewhere or re-sell them. This can cause accounting issues for your organization by making it appear that you have raised more than you actually have. It also causes illegitimate charges to unsuspecting people, and adds people to your email list that did not intend to make a donation.

You can help reduce these bogus donations by adding CAPTCHA tools that help block automated form completions. You also can increase the minimum donation amount; just be sure not to set it so high as to turn away legitimate donors.

Bogus email form submissions

These days, bots can enter hundreds of email addresses into an organization’s online forms. Internet bots, also known as web robots, or simply “bots,” are software applications that run automated tasks (scripts) over the internet. These bots can comb sites to fill out forms in an attempt to send you spam and perform other malicious actions. This practice is not only annoying, but it also can create bogus constituent records that have to be cleaned up at some point (and may even cost your organization money if your database has a pay structure based on number of records). Implementing tools such as CAPTCHA and reCAPTCHA, which help block automated form completions, can help prevent such bots from being able to submit to your forms. 

Misleading donors with default check boxes

You’ve likely seen this before: You’re filling out a form, and there’s some sort of box that’s pre-checked and you must un-check it to not be contacted or added to the organization’s email list. For nonprofits, this approach may take the form of defaulting a check box to “cover transaction fees,” effectively charging the donor more than initially intended. Another example: defaulting a checkbox to a “recurring” donation, putting the onus on donors to uncheck the box if they intend to make only a one-time donation.

These approaches may seem tempting as your nonprofit looks for ways to increase donations. But they may end up causing donors to lose trust in the organization, ultimately harming your organization’s reputation and future fundraising potential.

Failing to respect donors’ privacy

Modern technology allows us to collect and use an enormous amount of data. That’s one reason why data privacy laws continue to evolve. But organizations move beyond typical data privacy issues when they actively violate donors’ privacy. Some examples include:

  • Selling donor email lists to email marketers, including other nonprofits
  • Sharing personal information — even beyond basic contact information that the organization gathers via survey, quiz, or fundraising campaign
  • Using donor-submitted content in other ways without their permission

Not de-duplicating the donor database

Failing to de-duplicate the donor database on a regular basis means that a nonprofit may continue to send email communications to donors even after they’ve opted out. For example, if a donor has five contact records in the database, and has opted out once, they would have to opt out four more times to truly be removed from the “mail to” list in the database.

Beyond annoying the donor by neglecting to respect his opt-out, the results of failing to de-dupe can tarnish the donor’s view of your organization and harm the organization in multiple ways. Here are some example scenarios:

  • Your development director is talking on the phone with the donor and quotes the donor his giving history for the year. The amount is incorrect because it represents only the amount associated with one contact record versus all five contact records.
  • The organization sends year-end tax statements, and the donor receives five instead of one.
  • Many duplicate records may result in the organization paying their database vendor for more records/storage that is actually needed.

Using misleading opt-out verbiage

In the same vein as not de-duplicating the donor database is creating opt-out verbiage that leads a person to think they’re opting out of all emails from an organization, when in reality they’re only opting out of a single email communication type, such as the organization’s email newsletter. Eventually, the person will receive more emails from the nonprofit.  The result: the person’s view of the organization may be tarnished, ultimately harming the organization’s relationship with that person.

Whether intentional or due to a lack of knowledge about best practices, it’s important for nonprofits to be aware of these possible misuses and abuses of technology that may harm their organizations. Be sure to have safeguards in place to reduce the likelihood of harm caused by those outside your organization. Inside your organization, make your team aware of possible tech misuses, and implement rules and guidelines that ensure your organization treats your constituents and donors as you would want to be treated.

Leave a Reply