In the wake of a shifting federal landscape, nonprofits across the country are grappling with uncertainty. Recent federal executive orders have raised new questions about nonprofit data privacy, funding streams, and digital security. Executive orders (EOs) have emerged as powerful tools used by presidential administrations to reshape national policy—often bypassing Congress —and their sweeping impact can ripple quickly through the nonprofit sector. These directives can affect everything from funding streams and workforce regulations to nonprofit data collection practices and community engagement protocols. For nonprofits committed to equity and justice, this moment demands not only awareness but preparedness.
At Co.act Detroit, we recognize that policy changes—particularly those enacted through executive orders—can create confusion, concern, and a critical need for support within the nonprofit ecosystem. That’s why we are committed to ensuring that organizations across Southeast Michigan are informed and empowered. In response to this dynamic and often precarious environment, we work to help nonprofits navigate legal uncertainty, strengthen data protection practices, and protect themselves and the communities they serve.
Shifting Decision-Making and Sharing Power through Participatory Grantmaking
To further promote a democratic and equitable philanthropic culture, Co.act has convened a vibrant community of local participatory grantmakers. This community of practice is more than just a working group—it’s a movement to put decision-making power back into the hands of communities.
Participatory grantmaking is defined as “the practice of transferring grantmaking power to affected community members and constituencies.” It acknowledges the built-in power imbalances in traditional philanthropy and intentionally works to correct them by involving those most impacted by funding decisions.
In this shifting environment, grantmaking processes must also reflect transparency and trust, which is why participatory approaches are crucial.
The goals of our Participatory Grantmaker (PGM) Community of Practice are:
- Build a diverse community of practice around community-driven grantmaking
- Promote co-creation and shared power in philanthropy
- Support nonprofits through shared learning and critical resource connections
- Increase equitable access to community-based funding
- Help shift structural power to people and organizations with lived experience
Through this group funders and practitioners are not just imagining a new philanthropic landscape—they’re actively building it.
Data Protection and Digital Preparedness in a Time of Uncertainty
Recognizing the urgency of the moment, Co.act recently hosted a timely panel discussion that brought together legal, IT, and data experts to offer practical guidance on nonprofit data safety and nonprofit resilience in light of recent federal actions. The panel featured:
- Michelle Busuito, attorney at Blue Cross Blue Shield of Michigan
- Terri McKinnon, Director of Managed Services at NEW
- Noah Urban, Co-Executive Director of Data Driven Detroit (D3)
These leaders addressed how executive orders and broader policy shifts may impact the data that nonprofits collect, store, and share—and what organizations can do to protect themselves and their communities.
The conversation was rich with strategies and actionable insights. Here’s what we learned from the panel, and what your organization can do now to improve data security and readiness. Please note that these tips are not legal advice, and that it is important for you to meet with a lawyer if your organization has more specific questions or needs. You can learn more about free legal resources available with Michigan Community Resources.
1
Data Inventory and Minimization
- Know what data you collect, where it’s stored, who has access, and whether it is subject to specific laws (like HIPAA or state privacy rules)
- Follow the principle of “minimum necessary”—only collect and retain the data that you truly need
- Establish deletion processes for outdated or unnecessary information
- If your funders are asking for specific data, consider saving it at an unidentified aggregated level, rather than keeping data that is identifiable at an individual level
- Sometimes, aggregated data can be reverse engineered to access certain responses. Depending on the context, you may want to consider data suppression tactics to best protect your community
2
Robust Policies and Procedures
- Develop and document clear data use, retention, and breach response policies
- Create a plan for responding to data requests from outside entities, including government subpoenas or warrants
- Identify a point person and practice your response to potential data request scenarios through tabletop exercises. This will help you to stay calm and organized in an actual data request event that may be stressful or scary
- Unless you are a first level government contractor, there is generally no basis for your data to be shared without a warrant
3
Technical and Organizational Protections
- Implement strong security measures:
- Physical (e.g., ID badges for access)
- Technical (e.g., firewalls, password management, encryption, multi-factor authentication)
- Contractual (e.g., NDAs)
- Organizational (e.g., regular staff training and scenario planning)
- Many small nonprofits lack the internal capacity for data security and compliance. Funders could best support by investing in their infrastructure, not just programs
- Sharing best practices and offering guidance or resources (such as policy templates or trusted tech support) can significantly reduce risk across the entire ecosystem
4
Artificial Intelligence (AI) and Data Ethics
- With artificial intelligence on the rise, be cautious about what data you allow AI tools to access and learn from
- Ask questions of yourself, your team, and relevant partners about consent and responsible use—especially if you’re sharing data with external vendors or platforms
- Don’t rush to use generative AI when simpler, more secure tools might suffice
- Generative AI is a sub-category of AI that can create media such as text, video, audio, or images, based on user created prompts
- If you’re exploring AI tools for nonprofit operations, ensure that your team understands the ethical implications of data sharing and algorithmic bias
Looking Ahead
Building a Culture of Preparedness and Care
The nonprofit sector is increasingly being targeted for data breaches—due to its often limited digital defenses and access to sensitive community information. That’s why Co.act and its partners are urging organizations to take a proactive stance.
Our panelists emphasized that even in times of fear or uncertainty, the best protection lies in preparation. Whether it’s conducting internal audits, crafting airtight data policies, or running staff through mock data breach scenarios, these steps build the muscle memory and strategic foresight needed to weather future challenges.
At Co.act Detroit, we believe this moment is not just about survival—it’s about transformation. By fostering collaboration, sharing resources, and embracing participatory models of decision making, we can ensure that nonprofits are not just protected, but empowered.
Resources and Support
Michigan Community Resources (MCR)
Legal support for nonprofits
Nonprofit Enterprise at Work (NEW)
IT and infrastructure support
Data Driven Detroit (D3)
Community data collection and guidance
For more on how to join or support the Participatory Grantmaker Community of Practice, visit Co.act Detroit’s website or reach out to our team at grants@coactdetroit.org. We’re excited to shape a more just, secure, and community-centered future together.