It used to be that WordPress Website Security was the number one problem confronting Website Developers. This is primarily due to the army of hackers who are using ever more sophisticated code to break into WordPress websites. However, an excellent Meetup by Andy Mcllwain and Brent Kobayashi – Not For Profit Websites Donation Page Best Practices – put the spotlight on Personal Data Privacy as a rising issue for WordPress Developers.
It all started innocently with speaker Amanda Gorman underlining the fact that users of her GiveWP donation plugin had the advantage that all the donor and recipient data was organized and stored on the NFP user website – thus backup and security measures were under the NFP’s primary control.
However, two issues came up regarding meeting GDPR standards of personal data privacy and how GiveWP helped the NFP site to manage the review and control requirements for European donors.
Another issue raised was that like medical and therapeutic websites, NFP sites have to be wary of the use of messaging services which market subscriber data to third parties. In addition, GDPR-like User privacy protections are coming to North America. So a little Googlizing was advocated and here are 4 relevant articles:
1)GDPR has a huge impact on handling private data giving clients much more review and control of data collected by a website. See details in tongue and cheek style here.
2)Inkblot Analytics is one several “Analysis” firms that sell “aggregated and anonymized” personal data from MailChimp, Aweber and other email messaging firms to other 3rd parties. But see immediately below the problem with the security of aggregated and anonymized personal data.
3)MarketWatch reports a worrying theory after Equifax and Facebook settlements — aggregated data is NOT enough to protect your privacy. A new study says it’s possible to ‘reverse engineer’ anonymous data to identify individuals. Here is another commentary.
4)Popular WordPress Chat and Push Notification plugins sell personal data to to 3rd parties. Some, like OneSignal are frankly open about what they do as seen here.
One of the attractions of the GiveWP plugin is that all of the personal data and transactions are stored on the NFP web server. But this personal data protection may be compromised by use of various messaging support services as noted above, The bottom line is that personal data privacy is rapidly becoming a front and center political as well as technical issue. It will be even more so for NFP organizations.