CHASE COUNSEL
PLLC

Emerging Issues

Artificial Intelligence, Donor Data, and Fiduciary Oversight

October 15, 2024 Chase Sizemore

The Convergence of Technology and Fiduciary Duty

Nonprofit boards increasingly encounter decisions regarding artificial intelligence, data analytics, and emerging technologies. These decisions carry fiduciary implications that extend beyond technology adoption to fundamental questions about data stewardship, privacy protection, and institutional risk.

The board’s fiduciary duty to exercise reasonable care in managing organizational affairs applies to technology decisions. This includes understanding the risks, benefits, and governance implications of AI implementation, data collection practices, and technology systems.

Artificial Intelligence in Nonprofit Operations

Nonprofits are exploring AI applications across diverse functions:

  • Donor identification and prospect research using machine learning models
  • Grant writing assistance powered by language models
  • Program evaluation and outcome prediction
  • Operational efficiency through process automation
  • Fundraising optimization via predictive analytics
  • Volunteer matching and resource allocation

Each application carries governance implications that boards should understand.

Donor Privacy and Data Stewardship

At the heart of many technology decisions is a core governance question: How does the organization protect donor privacy and information?

Data Collection and Use

Organizations must establish clear policies regarding what donor data is collected, how it’s used, and with whom it’s shared. Donors contribute to nonprofits with certain expectations about privacy and confidentiality.

Third-Party Tools and Vendors

When organizations use external AI tools, analytics platforms, or fundraising software, they should understand:

  • What data is shared with vendors
  • How vendors use that data
  • Whether vendors have appropriate data security protections
  • What happens to organizational data if the vendor relationship ends

Cybersecurity and Data Protection

Boards should ensure organizations maintain reasonable cybersecurity practices, including:

  • Secure data storage and transmission
  • Regular security audits and assessments
  • Staff training on data security practices
  • Incident response procedures
  • Regular backup and recovery procedures

Governance Considerations for AI Adoption

When considering AI implementation, boards should ask:

Transparency and Accountability

  • Can the organization explain how the AI system makes decisions?
  • Are there human checks and balances in the process?
  • Who is responsible if the AI system produces biased or incorrect results?

Bias and Fairness

  • Could the AI system reflect biases in training data?
  • Might the system discriminate against certain donor segments, program participants, or communities?
  • How does the organization monitor for and address bias?

Mission Alignment

  • Does the AI application serve the organization’s mission?
  • Could the technology compromise mission integrity or stewardship values?
  • Are there mission-driven alternatives?

Cost-Benefit Analysis

  • What is the true cost of implementation, training, and ongoing maintenance?
  • What genuine efficiency gains or mission benefits result?
  • Are there hidden costs (data security, staff retraining, system failures)?

Oversight and Accountability

  • Who is responsible for the AI system’s performance and compliance?
  • How frequently will the system be audited or reviewed?
  • What escalation procedures exist for problems or concerns?

Regulatory and Compliance Landscape

The regulatory environment for AI and data privacy continues to evolve. Organizations should monitor:

  • Data privacy regulations (GDPR, CCPA, state privacy laws)
  • Charitable solicitation rules regarding data use
  • Tax compliance implications of data-driven fundraising
  • Nonprofit-specific regulations in individual states

Board Oversight Framework

Effective fiduciary governance of technology includes:

  1. Board education on AI capabilities, limitations, and risks
  2. Written policies governing data collection, use, and protection
  3. Vendor management procedures for third-party technology
  4. Regular reporting on technology performance, security, and compliance
  5. Annual risk assessment of technology systems
  6. Staff training on data security and responsible AI use
  7. Transparent communication with donors about data practices

The Forward-Looking Board

As technology accelerates, boards must balance innovation with stewardship. The goal is not to prevent nonprofits from adopting beneficial technologies, but to do so thoughtfully, with appropriate oversight, and in ways that advance—rather than compromise—the organization’s mission and fiduciary values.

The board’s role is to ensure that technology decisions serve the mission, protect organizational assets (including data), and maintain public trust.

← Back to Publications