Should your nonprofit stop collecting demographic information? Three questions to consider

Disclaimer: I am not a lawyer - this is not legal advice. My perspective is that of a researcher with over 15 years of experience in data collection, analysis, and data management. If you have legal questions or receive a letter of inquiry from the federal government, please contact your organization’s legal counsel.

When I was coming up as a researcher, it was given that my team and I would gather demographic information for our program evaluations and other projects. The organizations I worked for always wanted to ensure that we fully understood the populations we served and the outcomes for marginalized populations.

Now, things are very different.

We’re living under an administration that thinks “diversity” is a dirty word and is actively investigating institutions continuing their DEI programs. Also, Congress and the Department of Justice are investigating nonprofits serving targeted populations, including immigrants and the LGBTQ+ community. Data requests can be a part of federal investigations, which could potentially put clients and community members at risk. So what do you do if you are an organization trying to understand the needs of your communities, fulfill demands to demonstrate impact, and protect your people, including your employees?

Here are three questions to consider when deciding if your nonprofit should collect demographic information.

Is your nonprofit required to collect the data?

This may seem obvious, but if your organization is required by law or contract to collect demographic information, then stopping collection could land you in hot water. Also, if your organization receives private grants that require you to collect certain types of demographic data, it is best to continue as usual unless told otherwise. If you receive private grants and are concerned about data collection requirements, engage your funders in a conversation about alternative ways to demonstrate effectiveness while limiting any data privacy risks to program/project participants.

How is your nonprofit using demographic data?

Sometimes nonprofits fall into the trap of collecting data because they think they’re supposed to, but they never end up using the information. Or they use the information in a general way, like a snapshot of intakes by gender, but the data doesn’t really tell us anything about the effectiveness of the organization. As such, it’s essential to reflect on why your organization collects demographic information and how it uses its analyses to inform decision-making and/or prove effectiveness.

Basically, if you’re not using it, don’t collect it.

Take a food pantry, for instance. If the mission is to reduce hunger in a small city, it can demonstrate its effectiveness by:

The number of people who use its services
The amount of food it collects and distributes
Feedback and stories from clients

A breakdown by gender, race, or sexuality isn’t really necessary here.

However, if the food pantry is trying to increase outreach to Spanish speakers, having information about the languages that new clients speak could help them determine if their Spanish-language marketing campaigns are effective. But even here, we don’t necessarily need to know what language clients speak to answer our questions. We can simply ask new clients how they heard about the food pantry and see how many people mention the marketing campaign.

So this question isn’t just about reflecting how we currently collect and use demographic data. It’s also about considering alternative ways to answer our key impact questions in the future.

Does your nonprofit have policies in place to manage and protect the data?

Nonprofits aren’t just under threat from bad actors within the government – they are also at risk of having data stolen by hackers. Why? Typically, it’s because nonprofits tend to use outdated technology and lack the resources to invest in cybersecurity.

Last month, I wrote a blog post with quick tips for protecting organizational data, including using multifactor authentication, limiting who has access to sensitive data, and using VPNs. However, it is also essential that nonprofits have document and data retention policies to ensure that everyone in the organization knows which records to keep and for how long, as well as which to delete and when.

If your nonprofit does not have these policies in place, now is a great time to get started on the process. The DC Bar Pro Bono Center offers more detailed guidance on these policies. If your organization already has these in place, now may be a good time to review them and conduct an audit to ensure your nonprofit is in compliance. Most importantly, DO NOT START DELETING DATA IN A PANIC. That looks suspicious. Create and update your policies and act accordingly.