From Compliance to Connection: Reimagining Privacy at OSUF-Session One Slides: From Compliance to Trust: How OSU Foundation Built Buy-In for a Privacy-First Future

Session One Slides: From Compliance to Trust: How OSU Foundation Built Buy-In for a Privacy-First Future

Pdf Summary

The Oregon State University Foundation (OSUF), led by CIO Mark Koenig, partnered with Agility Lab Consulting, headed by Elyse Wallnutt, to proactively address evolving data privacy laws impacting nonprofits. Facing a complex data ecosystem and increasing state privacy regulations that limit nonprofit exemptions (e.g., in Montana, Connecticut, Massachusetts), OSUF aimed to anticipate future compliance needs while enhancing transparency and trust with donors and alumni.<br /><br />Key shifts include new requirements for nonprofits to disclose third-party data recipients, expanded definitions of sensitive data (now including inferred behavioral data), and some of the strongest privacy laws, such as Oregon’s Consumer Privacy Act (OCPA), which explicitly includes nonprofits. OSUF viewed these changes not just as legal hurdles but as opportunities to align privacy practices with organizational values and mission.<br /><br />To build internal buy-in, OSUF collaborated cross-functionally—engaging communications, fundraising, IT, athletics, and leadership—to frame privacy as a trust and relationship priority. Agility Lab facilitated gap analysis, stakeholder interviews, workshops, and a shared privacy vocabulary. This led to consensus on "values-driven privacy," encompassing respect for privacy laws, honoring audience preferences through choice, and employing forward-thinking technology solutions.<br /><br />Outcomes included a comprehensive privacy policy reflecting these principles, updated staff best practices, and robust data governance processes ensuring accountability across teams and vendors. OSUF prepared infrastructure for a Privacy & Preferences Center to manage data access and deletion requests effectively.<br /><br />Lessons for nonprofits emphasize privacy and compliance as enterprise risks; treating privacy as a competitive advantage linked to donor trust; ensuring cross-team buy-in; proactively defining privacy values ahead of regulations; and remaining adaptable as laws evolve.<br /><br />Contact info: Mark Koenig at OSUF (Mark.Koenig@osufoundation.org) and Elyse Wallnutt at Agility Lab (elyse@agilitylab.io).

Keywords

Oregon State University Foundation

OSUF

data privacy laws

nonprofit compliance

Consumer Privacy Act

data governance

values-driven privacy

cross-functional collaboration

privacy and trust