How to Overcome Your Database Demons Ensure good data through oversight, policies, and training Robert Weiner - February 17, 2016 Whether you have recently survived the selection and implementation of a new donor database or have been using your database for years, you need to confront hidden demons. The demons, which lurk in every organization and in every database, want to turn your data into a pile of unusable garbage. To fight the demons, you need to plan for the ongoing health of your data through oversight, policies, procedures, training, and vigilance. Where do you start?1. Someone Needs to Be in Charge of the DatabaseThat person could be a database manager, a CRM administrator, a gift processing director, a development associate, or an office manager. The title does not matter; the role does. Think of this person as the database's owner. (This term will be used throughout the article.)This does not necessarily need to be a technical role, such as a database administrator or IT director. The focus should be on training, user support, data management, and data quality. At a small organization, these tasks may be a small part of someone's job. At a large organization, this person may manage a big department. The bottom line? If no one is in charge of your data, the demons have already won.2. Develop Data Entry Policies and ProceduresThe database owner needs to work with colleagues to develop relevant policies and procedures.For example:Which titles and abbreviations are acceptable?Who should have the ability to see, enter, and delete which types of data?Where and how will you store data that don't fit naturally? For instance, depending upon your database, this could include photos, URLs, Twitter handles, seasonal addresses, or links to proposals and gift agreements. If you don't have rules about these things, the data will be stored in multiple formats and places, and over time, it will become impossible to retrieve it consistently.Assuming your database provides multiple ways of entering data, how will you handle couples? Will they be tracked in a single household record or in separate, linked records?What if they are involved with or donate to your organization separately (for example, one is a board member and one is a volunteer)?If you use separate records, how will you track their combined giving?3. Make Sure Everyone Who Can Update Your Data Has Been TrainedAnyone who can update data must be trained on your policies and procedures.In addition, staff and volunteers who cannot update data should know where to send updates.4. Run Your Database on a Need-to-Know BasisGive staff and volunteers access to only the data they need to see or change to do their jobs, but make sure that they can access the data they need.5. Ensure Your Database Has Enough Security Options — and Use ThemYou should be able to provide read-only access.You may want to have the ability to provide read-only access to just a portion of your data, such as names and addresses but not gifts.You should be able to allow staff to update only certain portions of your data, such as updating addresses but not entering gifts.You should be able to restrict access to such functions as committing a gift batch, modifying posted donations, or importing donations.You should absolutely be able to restrict the ability to globally update data or delete records.6. The Database Owner Must Monitor Data IntegrityThe database owner should routinely run reports to look for common errors:In most cases, names and addresses should not be lowercase (although some lowercase names are valid).Names and addresses should not be all uppercase.It shouldn't be possible to mail to people with blank or invalid addresses.It also shouldn't be possible to send mail to dead people.Gifts and payments (as opposed to pledges or expected payments) shouldn't have dates in the future.Dead people shouldn't have open pledges (unless the pledges are attached to estate records).In most cases, dead people shouldn't be assigned to a solicitor.The pledge status on fully paid pledges shouldn't show as "active."At least in the United States, a record should have only one spouse relationship.If the relationship field on a linked record shows "married," the spouse's record also should show "married."If you use a separate email system, the database owner will need to develop a method for keeping updates, bad emails, and unsubscribe requests in sync.The database owner should routinely run a report to identify duplicate records, which then should be merged.7. Identify Staff Members Who Repeatedly Make ErrorsThe database owner should identify staff members who repeatedly make errors and provide additional training.If the errors continue, the organization must be willing to take away that person's data entry permissions.8. Send Your Data out for Updates on a Regular ScheduleAt a minimum, if you send postal mail in the United States, you are required to run your data through the National Change of Address (NCOA) system quarterly. You may also want to purchase additional address updates, as well as updates for phone numbers, email addresses, deceased people, employment, and ages.9. If You Use a Mailing house, It May Be Running Updates on Your BehalfUnfortunately, your mailing house may not be sending you those updates, or you may not be importing them into your database. If so, you could be paying for updates on the same people at every mailing. Finally, if the change of address data gets too old and is removed from the NCOA database, you won't be able to send mail to those people.When you import NCOA updates, don't overwrite the current address. NCOA is not always right, and you risk losing good addresses. Some databases can archive the old address for you automatically.10. Think Through the Pros and Cons of Decentralizing Data EntryThis is important if you work for a large organization. It is much easier to train a single person or department and monitor their work. However, centralizing data entry can create a bottleneck and discourage broad ownership of the data. Decentralizing data entry can give departments more control and get data into the database faster, but it requires ongoing training and monitoring of data quality.11. Make Sure You Run Backups Religiously and Test Them PeriodicallyPeriodic testing of your backups is key to make sure you can recover data.Follow the "3-2-1" rule for backing up any critical data: Keep three copies of important files, use two different types of media to back up the files, and store one copy of the files offsite.12. Don't Let Staff Download Sensitive Data to Laptops or Flash DrivesDo all you can to prevent staff from downloading sensitive data — Social Security numbers, credit card data, and so forth — to laptops or memory sticks.Use encryption on your laptops and memory sticks. Tools such as Identity Finder, SENF, and OpenDLP can scan your computers for sensitive data.13. Require Strong PasswordsDon't share passwords.Don't allow staff or volunteers to share accounts.Change passwords regularly. When staff or volunteers leave your organization, be sure to disable their ability to log in to your network and database.14. Excel Is Not a Substitute for a Donor DatabaseFinally, remember that while Excel is great for adding up numbers, it is not a substitute for a donor database.In fact, Excel may be one of the leading causes of bad donor data. It is difficult to enforce data entry standards in Excel (such as allowing only legal U.S. state codes), and anyone who can update your spreadsheet can see and delete anything. This article was originally published in the Association of Fundraising Professionals' spring 2015 edition of Advancing Philanthropy. Copyright © Association of Fundraising Professionals (AFP). Advancing Philanthropy® is the quarterly publication of AFP, which promotes philanthropy through advocacy, research, education, and certification programs. All rights reserved. Reprinted with permission.