New York Times technology correspondent Saul Hansell recommends trying the following exercise:

• Search for "lawyers" on Google. Take a look at the ads on the right side.
• Now, search for "malpractice".
• Finally, search for "lawyers" again. Notice the change in the ads.

As Mr. Hansell notes, this limited implementation of behavioral targeting isn't too bad:

"So far this is largely harmless. It’s hard to imagine any violation that comes from Google having access to what you did 30 seconds before. What’s interesting is what comes next. As Google moves to place advertising on sites like MySpace, which have no natural advertisers, there is ever more pressure for it to use other sources of information to raise the prices at which it can sell those ads."

This is precisely the morass Facebook waded into with their creepy Beacon advertising program. The NYT has a great blow-by-blow of the changes Facebook has made to Beacon over the past 5 weeks, highlighting its slow acceptance of the privacy issues inherent to behavioral targeting.

As nonprofits and advocacy groups collect more and more information from the people that use their websites, strong and well communicated privacy policies - disclaimers that explain just how organizations will use this information they collect - become very important. In fact, a survey by the Customer Respect Group found that 22% of people won't provide personal information if a website doesn't have a privacy policy, and 26% go as far as to a leave websites with privacy policies they don't find acceptable.

We asked the NTEN community for advice on how to write exceptional privacy policies. Here's what you had to say:

Dan Michel, America's Second Harvest
"Work in concert with a legal person to make sure that the policy is tailored to your specific organization, mission, and most importantly audience. Also keep in mind if the policy works for the website and for your online donation efforts."

Nowadays everyone's heard at least a story or two about how a lost laptop or a cracked firewall put thousands or even millions of people's personal information into the wrong hands. That kind of loss can be disastrous for the individuals affected and for the organization behind it.

As nonprofits and advocacy groups continue to gather more and more information about their constituents, we all need to be aware that along with collecting and analyzing this data, we need to protect it. But figuring out how to do this well and cost effectively can be a challenge. Tomorrow we're hosting a webinar that will outline the steps every organization needs to take to secure the data they collect and how they can foster an environment that takes security seriously. You can register here.

With its Healthy and Secure Computing Campaign, TechSoup is doing a lot to help nonprofits crack down on the data they collect and has some great resources to help organizations set up a secure technology infrastructure. Read on for an article about the campaign, reprinted with permission.

Katrin Verclas, NTEN Executive Director

Happy New Year, NTEN Community!

To start the year off right, our January issue of NTEN Connect focuses on privacy and security - issues that affect every nonprofit and that are only becoming more important as we move more data and information about clients, employees, funds, and services online. 2006 was a fairly quiet year for big security glitches - no Nimda, no Katrina. Of course the press reported widely on the privacy glitches chronicled on sites like the Privacy Right Clearinghouse, where many nonprofit educational institutions litter this hall of shame. But sadly, privacy breaches are almost a matter of course these days. So to help you NOT be listed there, read on to find out how you can improve your security and maintain your constituents's privacy. And the best way to do this is through good people management and creating policies that are a part of organizational culture, not just words on a website.