Prospect Research Links of Interest

Apra Partners in Fundraising

Apra is the premier international organization serving professionals in Prospect Development, the strategic arm of an organization’s fundraising operation. Apra provides leading-edge educational and networking opportunities, establishes and promotes high professional standards and ethical guidelines, and serves as a representative voice for the profession.

Apra Ethics and Professional Standards

Established in 2014, this guide is designed to help each organization develop a tailored system that will ensure the confidentiality and security of information and materials involved in the work of prospect development professionals and the organizations for which we work.

Apra Social Media Ethics Statement

Approved in 2013, The Social Media Ethics Statement was created to assist Apra members in making ethical choices about the use of data gathered from social media in their fundraising research activities. The Apra Social Media Ethics Statement follows immediately after the Apra Code of Ethics on this webpage:

AFP Code of Ethical Standards

Adopted in 1964 and amended in 2014, the Association of Fundraising Professionals (AFP) Code of Ethical Standards is designed to help development officers adhere to the highest standards of ethical behavior in their fundraising work. These standards include treatment of confidential and proprietary information.

ANA (Association of National Advertisers)

Ethics & Compliance Resources

  • The Direct Marking Association (DMA) and the Association of National Advertisers (ANA) merged to form one association (ANA). The association provides resources regarding email marketing regulations:
    • Marketing permissions guidance, including usage of email addresses, can be explored here.
    • Additionally, the ANA Nonprofit Federation website provides Ethics & Policy Resources for Nonprofits, including an update on privacy and data usage legislation, such as GDPR and the CCPA.

CAN-SPAM Rule, Federal Trade Commission

The CAN-SPAM Act requires the Commission to issue regulations “defining the relevant criteria to facilitate the determination of the primary purpose of an electronic mail message.” The CAN-SPAM Act applies almost exclusively to “commercial electronic mail messages.”


The United States’ Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information (PII) maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage. Title II of HIPAA establishes policies and procedures for maintaining the privacy and the security of individually identifiable health information, outlines numerous offenses relating to health care, and establishes civil and criminal penalties for violations.


The Family Educational Rights and Privacy Act (FERPA) is a United States Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Under FERPA individuals can request that their directory information not be released to third parties. Universities are allowed to define “directory information,” so check your university’s policies to find out which data elements are covered at your organization. Individuals who have blocked their directory information from release should be clearly flagged in databases and users should be educated in the protection of this information.

Digital Impact

Managing and governing digital data in ways that advance your mission and respect the rights of the people you serve is a core capacity of foundations and nonprofits. While digital data hold tremendous promise for how we do our work in the social sector, they also raise new challenges. Digital data should be viewed as both an asset and a liability. This site, produced by the Stanford Center on Philanthropy and Civil Society, allows an organization to explore its necessity for various data policies. 

The Privacy Act of 1974

The Privacy Act of 1974 establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual.


Personally identifiable Information (PII) is defined as "information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc."

Donor Bill of Rights

The Donor Bill of Rights was created by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute: Leading Consultants to Non-Profits. It has been endorsed by numerous organizations.

The Donor Bill of Rights was created by the Association of Fundraising Professionals (AFP), the Association for Healthcare Philanthropy (AHP), the Council for Advancement and Support of Education (CASE), and the Giving Institute: Leading Consultants to Non-Profits. It has been endorsed by numerous organizations.

Additionally, AFP established the eDonor Bill of Rights to address concerns and challenges arising from Internet charitable giving.

United Nations Conference on Trade and Development, Data Protection and Privacy Legislation Worldwide

The United Nations Conference on Trade and Development has assembled a website which keeps track of all data protection and privacy legislation around the world. One can download links to all of the legislation from each country. The site also provides an interactive world map.

California Consumer Privacy Act

The California Consumer Privacy Act of 2018 (CCPA) grants California residents rights with respect to the collection of their personal data. While nonprofit organizations are currently excluded entities, the CCPA does impact third-party data vendors. The CCPA applies to businesses whether or not the business is physically located in California.

EU and Canadian Links

Apra Canada

Apra Canada has prepared links to a number of privacy guidelines used throughout Canada and its charitable organizations. The guidelines were compiled by a privacy working group from Apra, AHP (Association for Healthcare Philanthropy), AFP (Association of Fundraising Professionals), and the CPP (Canadian Centre for Philanthropy, Imagine Canada). To access these Canadian privacy documents, please go to the Apra Canada Privacy Tool Kit.You do not need to be a member of Apra Canada to access this kit.

CASL Canada’s Anti-Spam Law


Personal Information Protection and Electronic Documents Act, PIPEDA is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents.

Advancement Services in the European Market


How to keep track of what’s new with GDPR

Additional Resources:

The ICO recommends conducting a Data Protection Impact Assessment ((DPIA) to better understand how your organization uses and processes personal data and to identify any weaknesses in GDPR compliance and practices that needs to be addressed. The ICO has produced some guidance on conducting DPIAs below:

ICO (UK) Information Commissioner’s Office

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The Institute of Fundraising (IOF); The Code of Fundraising Practice

The Code of Fundraising Practice represents the standards expected of all Institute of Fundraising members, set by the fundraising community through the work of the Institute of Fundraising’s Standards Committee.

Researchers in Fundraising (RiF)

Researchers in Fundraising (RiF) is a Special Interest Group of the Institute of Fundraising and is the leading representative body for prospect researchers in the UK.

EU & the Privacy Shield

The US Federal Trade Commission, which regulates the Privacy Shield, does not have jurisdiction over most nonprofits.

The Freedom of Information Act

The Freedom of Information Act provides public access to information held by public authorities. Public authorities are obliged to publish certain information about their activities; and members of the public are entitled to request information from public authorities.

The Guide to Data Protection

Here is a guide for those who have day-to-day responsibility for data protection.