A client can give informed consent to a referral in one conversation and withdraw consent in the next. If your system can’t keep up, trust breaks fast. This is where many partner networks get exposed. Personal data moves across staff, forms, inboxes, and outside organizations. One missed update can turn a routine handoff into a […]
A Safer Consent Withdrawal Process for Partner Referrals Read More »
The fastest way to create privacy risk in the client intake process is also the most common. While the client intake process should be efficient, email remains a high-risk vector. Someone asks a client to email a photo of a driver’s license, then that file starts moving through inboxes, phones, downloads, and forwarded threads. If
Client Intake Rules That Keep IDs Out of Email Read More »
A forgotten service account can sit in your systems for years, retaining authentication privileges that let it keep moving data, calling APIs, or giving a vendor quiet access long after the original project ended. That is a real risk for justice nonprofits, because your systems often hold sensitive client, case, and partner data. A simple
The 30-Day Service Account Register for Justice Nonprofits Read More »
Shared drive permissions sprawl in Google Workspace rarely looks urgent until the wrong person opens the wrong file. In a justice nonprofit, that can mean client harm, funder concern, and a hard board conversation. Most teams didn’t create the mess on purpose. Access grew one request at a time, through staff turnover, urgent deadlines, and
A 30-Day Shared Drive Permissions Cleanup for Justice Nonprofits Read More »
A personal phone feels harmless until it becomes a pocket archive of client risk. If your staff text clients from their own devices, speed goes up, but so do risks to client confidentiality, recordkeeping gaps, and leadership blind spots. That tension is common in justice nonprofits. You want fast, humane communication. At the same time,
Client Texting Policy for Justice Nonprofits Using Personal Phones Read More »
You lead a legal aid or justice organization. Intake forms pile up with details you rarely use. Staff ask the same questions twice. Client data spreads across tools. Privacy risks grow quietly. Boards and funders notice the scramble in reports. You lose time, trust, and focus on real cases. Over-collection creates drag. It slows triage.
Stop Over-Collect at Intake: Your Data Minimum Standards Read More »
The intake queue is exploding. A partner needs records today. A funder report is due, and your team is already stretched thin. In the middle of that, digital security can feel like an extra project. For civil justice system organizations and civil society organizations (legal aid, court self-help, navigator programs, justice-support nonprofits), it isn’t. Cybersecurity
Cybersecurity for Civil Justice Organizations (Board-Ready Oversight for Sensitive Data) Read More »
A survivor reaches out from a borrowed phone. Your intake team moves fast, because timing matters. Then a simple mistake lands hard: an advocate auto-forwards an email thread, it goes to the wrong address, and suddenly a client’s location and case details are exposed. In civil justice work vital to access to justice, data loss
Board Ready Data Protection Strategy for Civil Justice System Organizations Read More »
Your navigator team didn’t get hacked, but a vendor did. Now your intake tool is down, texting is unreliable, or a cloud folder with client documents might be exposed. This sparks an incident response scramble. Staff are asking what to say. Courts and partners want answers amid the incident response pressure. Clients are scared, and
If your legal aid intake queue is exploding and a funder report is due, nonprofit cybersecurity can feel like a “later” problem. Until an account takeover locks you out of email, a ransomware note freezes a shared drive, or a data leak puts a client at risk. Minimum cybersecurity controls for nonprofits means the smallest
Minimum Cybersecurity Controls for Nonprofits (A Practical Baseline) Read More »
