Description

Your nonprofit may be sitting on a data liability it doesn't know it has.

Carolyn talks with Ian Gottesman, CEO of NGO ISAC, about data retention and why the question of what your organization keeps - and for how long - is more urgent than ever. Ian has been studying this topic for 30 years, and he makes the risks concrete: e-discovery requests, contractual disputes, subpoenas, and the exposure that comes from mixing personal and organizational data on staff devices. Most of the time, the threat isn't a headline-making congressional hearing - it's a vendor dispute or a board member's outside legal trouble that pulls your email and files into a lawsuit you didn't see coming.

Ian walks through how to build a data retention policy, who in your organization needs to lead it, and why now. With AI tools beginning to ingest your file servers and inboxes, now is exactly the right moment to get serious about data hygiene.

This episode covers:

•       The most common data retention risk for nonprofits isn't congressional testimony — it's a contractual dispute, a board member's outside legal matter, or a vendor conflict that pulls your organization into e-discovery.

•       Your backup retention schedule must align with your data retention policy. Backups that outlast your retention window are still discoverable — and that trunk of old backup tapes will find its way into a lawyer's hands.

•       Start your retention policy implementation with the most transitory data first: instant messaging and Slack, then email, then files. Automate deletion as much as possible, and make saving intentional and manual.

•       The hardest part of implementation isn't the policy, it's change management. People love their old emails. Enlist a senior leader (CEO, general counsel, COO) to champion the rollout, not just IT.

•       Clean data makes AI tools work better. If your file server is full of outdated drafts and duplicate documents, your AI tools are ingesting noise. A retention policy is the foundation of good data governance — and good AI outcomes.

Resources Mentioned:

•       NGO ISAC

•       NTEN Course: Data Minimization and Retention — Ian Gottesman

•       Sample Not-for-Profit Document and Data Retention Policy — AICPA & CIMA

•       Document Retention Policies for Nonprofits — National Council of Nonprofits

•       Nonprofit Legal Defense Network (We the Action)

Additional resource: Podcast: Prep Your File Permissions for AI Tools — Community IT Innovators

_______________________________
Start a conversation :)

• Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/
• email Carolyn at cwoodard@communityit.com
• on LinkedIn 
• on reddit/r/nonprofitITmanagement
• on the Community IT website

Thanks for listening.