Defending American rights, this nonprofit organization is no stranger to going against the grain. But as politics have become more polarized, charged issues often make its staff and volunteers targets for threat actors.
For the information security team, personal threats against individuals and the organization made it increasingly important to prevent staff and volunteer personally identifiable information (PII), including their personal phone numbers and home addresses, from falling into the wrong hands. This information was becoming frighteningly easy for threat actors to find online—often through little more than a Google search query.
To mitigate the operational security risks created by PII exposure and protect the people behind its mission from personal threats, the nonprofit needed a way of finding and stopping PII from appearing online. With millions of supporters, the nonprofit also needed a way of doing so at scale and without placing an extra burden on individuals.
The Solution
The nonprofit’s security team understood that they couldn’t rely on training alone to mitigate threats such as harassment and social engineering campaigns.
They knew that data brokers constantly collect and distribute publicly available PII from their staff and volunteers without their permission. While individuals could attempt to remove their information themselves, it would just reappear online unless they did so repeatedly.
To fight back, the nonprofit needed to give its supporters and employees access to a proactive and trustworthy PII search and removal service that takes data offline automatically. The nonprofit chose DeleteMe. With over 12 years of experience helping NGOs, charities, and nonprofit organizations protect staff PII, DeleteMe was able to provide this nonprofit staff with a bi-monthly automated PII search and removal service that covered various online sources of PII exposure. Volunteers were also given access to the same service at a heavily discounted rate, subsidized by the nonprofit.
Results
Soon after deployment, PII removal became a core security tool for the nonprofit and a benefit for the organization’s staff. The staff felt supported and valued because their leadership took their privacy and security concerns seriously. Through monthly removal reports, DeleteMe delivered a measurable privacy improvement for covered individuals.
Staff and volunteers could see how each month, DeleteMe found and removed more of their information from the web, making it harder for threat actors to find where they live, what their family situation is, or how to contact them.
How does DeleteMe privacy protection work?
Employees, Executives, and Board Members complete a quick signup
DeleteMe scans for exposed personal information
Opt-out and removal requests begin
Initial privacy report shared and ongoing reporting initiated
DeleteMe provides continuous privacy protection and service all year