Nonprofit Board Confidentiality Policy

Nonprofit boards have much work to do in setting up their articles of incorporation and bylaws. The bylaws are usually a work-in-progress. One of the topics that boards often put on the back burner is creating a confidentiality policy. Nonprofit boards don’t often give their attention to writing a confidentiality policy until a crisis situation rears its ugly head. That puts board members in the unfortunate situation of scrambling to manage a tenuous situation without a roadmap to follow. These events can also trigger a knee-jerk reaction on the part of the board to form a new confidentiality policy in haste.

Maintaining confidentiality is one of the fiduciary responsibilities that every board member has. It will be easier for board members to fulfill this responsibility when they have a formal, written policy to rely on.

Confidentiality Is a Fiduciary Responsibility

Fiduciary responsibilities mean that board members must act honestly and put the best interests of the organization ahead of their own interests.

It also means that they must avoid or acknowledge conflicts of interest, and abstain from voting when such a conflict exists. Board members also have limits on how they can share information and with whom they may share it.

Maintaining confidentiality also means that board members must maintain the confidentiality of any personal or sensitive information they acquire during their service to the board.

Situations Relative to Board Confidentiality

A breach of confidentiality can happen for a variety of reasons. Three of the most common ones are: the disclosure of confidential information discussed at a board meeting, the disclosure of personal information and conflicts of interest.

Nonprofit board meetings are usually open to the public. However, board members may want to discuss certain issues privately. The board may go into executive session and ask board guests to leave during this part of the discussion. Reasons for moving into executive session may include the need to discuss employee discipline, an employment contract, or performance or compensation matters.

During their board work, board members sometimes have access to personal or sensitive information about their membership and fellow board members. Sensitive information may include health, employment, finances or other personal information. In keeping with their fiduciary duties, board members shouldn’t disclose information that they’ve received as part of their position on the board.

Board members usually have a large network of constituents, network associates or other individuals to which they have some degree of loyalty. While this is a good thing, it often causes a conflict of interest when a board member shares information that they’ve gained as part of their employment or position or when board members rehash matters outside of board meeting time that the board has already decided.

Developing a Confidentiality Policy

Fiduciary responsibilities should be enough on their own to prevent problems with confidentiality, but there are several reasons for instituting a formal policy. A confidentiality policy clarifies expectations for board members and explains the context of how to apply it. Such a policy could form the basis of more detailed procedures if they become necessary, and may govern future decision-making or actions. If those reasons aren’t good enough, having a confidentiality policy is part of best practices for boards.

Writing the Confidentiality Policy

The first step in writing a confidentiality policy is to identify the reasons the board needs it. The next section should state who the policy applies to, which may include board members, staff, committee members who are not on the board, the advisory board and others.

The policy should include a statement of the directors’ duty of confidentiality and explain that they are not to disclose or discuss confidential information about the organization’s matters with another person or entity, or use it for their own purposes, unless the board authorizes them to do so. This section should include not making statements to the media or to the public without prior board authorization.

A confidentiality policy should specify what matters are considered confidential. Since nonprofit organizations vary substantially in their missions and activities, this content will be unique to the organization. Boards should also clarify the process in writing that board members should take if they want or need to obtain authorization to release confidential information.

Boards should state in the confidentiality policy whether they allow audio or video recordings, along with the circumstances in which they are — and are not — allowed.

Rather than starting from scratch, it helps to use a template from another nonprofit organization as a starting point.

Final Steps in Implementing a Confidentiality Policy

Once the board completes the confidentiality policy, they will need to formally approve it at a board meeting. The board secretary should link it to or combine it with the organization’s privacy policy and conflict of interest policy. The policy should be written into the bylaws and filed in all copies of board member handbooks.

The board secretary should include information about the confidentiality policy during board member orientation, and ask new board members to sign a statement saying that they’ve read it and agreed to abide by it.

Staff members should also have a signed statement agreeing to the confidentiality policy in their personnel files.

Consequences for Breaching Confidentiality

Board members, individuals or nonprofit organizations may suffer consequences if a board member or staff member breaches confidentiality, whether it happened unknowingly or not. Direct consequences may vary depending on the circumstances of the breach.

One of the components of good governance is full and frank disclosure of information in the boardroom. When board members can’t trust each other to keep confidences, it has a negative impact on the nonprofit’s governance.

The board needs to be sure that board members fully understand that once the board approves a decision, it becomes a decision of the whole board. All board members must comply with it. If any board members disagree with a decision regarding confidentiality, they may register their dissent. Members who are seriously at odds with the confidentiality policy, or any other policy, may choose to resign from the board.

Fiduciary responsibilities are the core responsibilities of board members, which is why board members should devise a confidentiality policy as soon as possible. Issues with confidentiality don’t come up often, but when they do, they can damage the organization’s reputation. In turn, a bad reputation will have a negative impact on donations, so it’s worth taking the time to write and implement a confidentiality policy before such a time comes when the board must rely on it.