Don’t include SSNs on Form 990 & 5 other ways to combat identity theft

In the spirit of full disclosure that governs the Form 990 for nonprofit organizations, some social security numbers (SSNs) are inadvertently exposed. Here are some of the identities that may be compromised:

–         Donors

–         Employees

–         Directors

–         Trustees

–         Scholarship recipients

–         Tax preparers

If your organization has published SSNs on documents that can be viewed by the public, the best thing you can do is to notify the individuals of their exposure to identity fraud. This is not an easy conversation, but a necessary one to help limit the organization’s exposure.  In 2008, the IRS changed their forms so they no longer request potentially damaging personal information such as officer and employee personal addresses and social security numbers.   However, some organizations are still putting this information on the tax returns.

Going forward, examine all documents that have the potential for public viewing to make sure that identity-compromising information is not included on the public version. The IRS does not have the authority to remove the personal information provided by the organization.

Here are 5 other ways to protect the personal information of your stakeholders:

  1. Shred all documents that contain identifying information prior to throwing it away
  2. Change computer and/or online passwords when employees quit or leave the organization.
  3. Change building security such as locks if keys are missing.
  4. Don’t leave personal information in view such as donor checks or credit card numbers.
  5. Have a Privacy Policy and train the employees regarding the contents and need for privacy.

Nonprofit organizations thrive on relationships with donors and other stakeholders. Be sure to take the precautions necessary to preserve all personal information.