Staying lean starts with asking yourself, do I need this data to provide the value I’m trying to deliver to members?

  • If you don’t need a piece of data, don’t collect it.
  • If you need a piece of data, keep it for only as long as necessary and anonymize the data before you store it.

A. What data do you have?

Understanding what data you actually collect is easier said than done. Often, it turns out that organizations have more data than they think they have.

Consider the following. Do you have any of this data?

  • Names
  • Emails
  • Addresses
  • Phone numbers
  • Birthdays or birthdates
  • Social media accounts

Dig deeper, and you’ll probably find you have much more data than you thought. Such as:

  • IP address
  • Date of account creation
  • Date of last account activity
  • Members’ interests and activities (e.g. petitions & pledges signed, newsletters subscribed to, events attended)
  • Dates of donations
  • Amounts of donations
  • Credit card numbers (or last four)
  • Passwords

Now ask:

  • Do you actually use this data?
  • Have you used this data in the last 12 months?
  • If all of this data is stored together, does it paint a picture of real people and the causes they support?
  • If this information were compromised, could it be used to target your membership with phishing attacks?

Example: First and Last Name

When asked, many organizations do not actually need a member’s first and last name. First name is often nice to personalize emails – but have you tested whether it lifts your response rates? Last name is often never used, yet it hangs around in records. If your membership list is compromised, a third-party will have a list that identifies specific people, instead of a list that includes multiple people named Bob.

Your members might not actually give a hoot about personalized emails. So why not give them the choice whether they prefer to receive an email that says “Hi Bob” versus an email that starts with “Hi friend” or “Dear supporter.”


B. How do you collect your data?

There are probably multiple ways in which you collect data. Consider the following channels of data exchange:

  • Survey
  • Petition
  • Online sign-up
  • Event sign-up
  • Email subscription
  • Donation
  • Interviews
  • Conference
  • Social Media

Depending on the tools you use for data collection – whether they are 3rd-party platforms or your own – multiple different people and different organizations will have access to that data, and you can’t always supervise their security procedures. This means that your membership data may be leaving a digital footprint that is larger than you thought.

Consider the tools you use for data collection and management:

Data Collection

  • What data will the company behind the tool collect or access?
  • Does it include personally identifiable data like full name, address, phone number, email address?
  • Does it include additional profile data like gender, race, ethnicity, religion, political interests?

Actionable Need

  • Do you/vendor have a legitimate need that will lead to an action for all the data?
  • Can you make a change to the vendor’s standard template to reflect your needs and your higher data standards? Vendor templates are often over-inclusive for data collection.

Alternative with less impact?

  • Can the vendor aggregate the data or convert it into an anonymous or pseudonymous format?

Example: Signing a Petition

Petitions often ask for the full home address of the signatory, when perhaps only the city, state, and zipcode (or zip +4) are needed to target action alerts.. When petitions collect more data than they need, the third-party tool often has access to that data as well. If your goal is to amplify the voices of those who want to make a political statement, why not make sure you’re prioritizing their privacy at the same time?

Chances are, if they’re signing your petition, they are either already a part of your membership or they follow your work closely. (And the odds are also high that their browser can, based on the first few characters typed, quickly pre-fill form fields on a petition page – making it unnecessary for you to store and pre-populate that information.)


C. Why are you collecting this data?

Answering “why are you collecting this data?” is the most important part of data collection. You should always have a well-reasoned plan to support each piece of data. In Example 1, we concluded that a person’s last name is unnecessary without sound reason. Consider the following questions for each piece of data collected:

  • Does having this data contribute to your theory of change?
  • Is there an alternative means to collecting the data you need, which better protects your membership base?
  • How long do you need the data? Are you keeping it for a short time or forever? If the latter, is there a point at which it will no longer be valuable?

D. When do you delete the data?

Delete the data when it’s no longer relevant. This will always depend on the specific data set and its purpose.

It’s always worthwhile to consider this before you collect the data. In some cases, it may be very obvious that you only need the data for a certain number of days or months (for example, if you specifically collect home addresses to send donation premiums, you probably don’t need that data after the shipments are sent). In other cases, you may want to schedule a reminder to check whether the data set remains relevant, and if not, you can delete parts of it.

  • Emails: To keep your list relevant, it’s useful to check if there are any emails that have not engaged with your content for 12 or more months. If so, sending out a reminder or two and asking that they “opt in” again could be helpful. If they don’t respond in a certain period of time, those emails should be deleted. Data that’s been deleted can’t be compromised!
  • Survey Results/Data: What will you do with the actual dataset after you collate the results? In many cases, the raw dataset is no longer needed or used within 3-6 months after collecting; consider deleting the survey results to keep your data relevant and timely.
next: Build in Security