• Home
  • /
  • Blog
  • /
  • Secure Auctions: Essential Data Protection Considerations

With the many financial transactions that occur within the digital space, your organization needs to make sure its data policies are up to date. Recently, even popular, reputable businesses have experienced data leaks. As your organization continues to comply with general fundraising requirements, take extra time to review data protection regulations as well.

It’s essential to perform the necessary research and make needed security changes to protect your organization and its supporters, especially within an online auction setting

For these events, many organizations partner with an auction software provider. In addition to the rest of your security protocols, review your auction software’s data protection safeguards thoroughly, so you can host a safe and effective online auction.

Let’s take a closer look at data privacy considerations and how they relate to fundraising auctions.

Auction Data Protection: Why it Matters

You might be curious why maintaining data protection matters during your fundraising auction. Whether you’re hosting a school fundraiser or a nonprofit fundraising event, data protection is a necessity since data security measures apply to all fundraising events that use software, including auctions.

More specifically, your organization should implement a data protection policy for the following reasons:

  • To communicate transparency. Your supporters need to know if their personal information is at risk. Data protection policies show them you are committed to transparency regarding how and why their information is collected. When looking for a software provider, choose one with a fully fleshed-out data protection policy.
  • To protect your organization’s reputation. Severe data leaks reflect poorly on your organization and can severely damage your ability to realize your mission. Protect your reputation by putting data protection safeguards in place.
  • To manage risks. Should an unanticipated security issue arise, your organization needs to be prepared so as to not be held liable. Check out your software providers’ liability clauses for a better understanding of how certain circumstances will be managed.
  • To adhere to legal requirements. Organizations are now legally required to include data protection and data privacy communications. As Schoolauction.net’s debrief on California consumer privacy laws states, “If you are a group using software to run an auction, you too are an organization running a website, and you should determine whether your group meets the criteria set up in the new law to require the new disclosures.”

To get started crafting your own data protection practices or vet potential auction platforms’ data privacy measures you’ll need to research the following items: recent legislation, privacy policy, and user agreement policy.

Recent Legislation

As previously mentioned, U.S. data privacy laws have changed in recent years. Stay up to date on the latest legislation and make necessary changes to maintain legal compliance and protect your supporters’ data.

One example is the California Online Privacy Protection Act (CalOPPA) which aims to safeguard “personally identifiable information” and is currently considered to be the strictest data protection law in the country. This means that websites collecting personal data, regardless of if they are California based, must comply with CalOPPA due to the fact that they could attract California residents.

To clarify, personally identifiable information includes:

  • First and last names
  • Email addresses
  • Phone numbers
  • Home or physical addresses

So, what does that mean for your organization’s online auction? In short, you are legally required to disclose how your organization will use personal information within your privacy policy, regardless of your state of residence. Additionally, having a privacy policy is absolutely essential to earn your supporter’s trust and manage risks.

If you’re looking into auction software providers, make sure they’ve taken the necessary steps to adhere to these regulations as well.

Privacy Policy

Your auction privacy policy should be transparent and let supporters know exactly how your website collects, uses, and protects your supporters’ personal information. It should be comprehensive and comply with the relevant data protection regulations.

At a minimum, your privacy policy should include:

  • The types of data you collectThis includes names, contact details, payment information, and any other information you might gather for your auction. By keeping this list comprehensive, you protect your organization from any potential liabilities.
  • How you collect information. List how your organization collects all information, including automatically collected data like IP addresses from third-party sources such as Google Analytics. Other manually collected information, like profile characteristics and login information, should be added as well.
  • How the collected information is used. Collected banking information, for example, would be used to process auction item payments. According to NXUnite’s guide to data enrichment, security measures are critical for maintaining supporter privacy when you integrate your software with any third-party systems. Disclose your third-party access policy within your privacy policy.
  • How your site uses cookies. Cookies help improve your website experience by saving information about how a previous visitor used your website. In the case of an online auction, your organization would use cookies to enable bidders to “save” an auction cart full of items that they can refer to later. However, cookies are also a tracking tool, and some websites sell browsing data collected through cookies to third parties. In your privacy policy, make it clear that your organization does not share this information so supporters will feel comfortable accepting cookies.
  • Privacy policy changes. If your site implements a change to how you collect or use information or if data privacy laws dictate a new change, you must reflect this within an updated privacy policy. Include a clause that states the privacy policy may be amended over time, and send out communications to supporters to keep them in the loop when there is a change.

To keep your privacy comprehensive, refer to other websites’ privacy policy agreements to ensure all major clauses are accounted for. Sites like eBay, Etsy, and Amazon can help give you an idea of which sections to include. Seek legal advice for more information or specifics.

User Agreement Policy

As a final step in maintaining data transparency, be sure to include a detailed user agreement policy or terms of service document. Likewise, if your organization intends to purchase a new software solution, such as an auction platform, review its user agreement policy to make sure your supporters can adhere to it.

Sections covered in a user agreement policy include:

  • User responsibilities: Outline user responsibilities determined by recent legislation. This section could include clauses related to users providing truthful information and avoiding fraudulent activity.
  • Prohibited activities: Prohibit users from listing counterfeit items and engaging in spam or phishing-related activities.
  • Payment disclosure: Explain applicable taxes and fees and discuss acceptable payment methods and how payments will be processed.
  • Intellectual property: Discuss any limitations on how users can reproduce website content, in addition to dictating ownership of trademarked or copyrighted items.
  • Dispute resolution: Determine the course of action users and your organization will take should a dispute arise, such as mediation or arbitration.
  • Termination of user accounts: Discuss under what circumstances a user account may be terminated, such as user agreement violations.
  • Modification process: Outline how users will be notified following any changes to the user agreement policy.

User agreement policies, terms of service, and privacy policies can be included in one document or separated for increased readability. For instance, you might come across a “Terms of Service and Privacy Policy” combination section in a website’s privacy policy. Just make sure to review each item thoroughly.


Online auctions are an effective and popular fundraising tool. To ensure your guests feel comfortable participating, be sure to review data protection laws and partner with a secure auction platform provider. Or, if you’re hosting your own auction site, put the necessary data privacy information in an accessible location.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter

And receive fundraising ideas, how-to articles, and tips for a successful campaign!

Enter your email address below and follow the confirmation prompts. You will be able to unsubscribe at any time through a link in any emails.