RE NXT user who's access is restricted to records with 2 specific constituents codes only is able to send NXT Email marketing to lists with records that don't have those constituent codes
Our organisation has a fundraising side and a membership side. We use NXT and DBV (hosted solution) as the CRM for our fundraising activity, but we'd also like to use it to hold our member data too.
I want to keep this as separate as possible and have setup separate security groups in DBV for staff who work on the membership side, and I have restricted their access to the 2 membership constituent codes only. In NXT I have also created separate roles for membership accounts.
I've been testing to ensure that membership people don't have access to fundraising supporter data (records that don't have the 2 membership constituent codes) through some of the NXT features.
I've found that membership accounts can see and open lists that select records without those 2 membership constituent codes, but the records don't appear when the records are listed on screen, so that seems good.
However, I was testing NXT email marketing and I've found that if a list that selects fundraising records was accidently selected as the recipient list for a marketing email, then the email will still get sent to constituents on the list despite the membership account not having access to those records and them not appearing when the list is opened.
Seems to me there is a risk (maybe small) that if membership selected the wrong list, we could email fundraising supporters an email they shouldn't receive.
We don’t use NXT for our fundraising supporter email comms and we’re in the UK, so we need to ensure we are only emailing supporters who have explicitly consented to email marketing.
Seems to me there is a risk (maybe small) that if membership selected the ‘wrong’ list, we could email fundraising supporters an email they shouldn't receive because it was meant for membership and we could actually send to fundraising supporters who haven’t consented to email marketing (we don’t give them an opt out solicit code unless they’ve actually unsubscribed in our mass email tool or contacted us to ask to change their consent).
We can reduce the risk with good user processes and double checking the list selected when sending an email to the membership audience, but I’d rather have a systemic way of reducing this risk too. Does anyone know a way I can do this?
Comments
-
It seems clear that you already have a policy in place that Membership lists must always include those 2 constituent codes. There is no other structural way to completely exclude the possibility of selecting the wrong group of people. All you can do is add additional policies to reduce the likelihood.
A couple of additional policies you can implement:
- All list criteria should be reviewed by one staffer before they are sent. At our org, we also have a membership constituency that most users are not allowed to see. However, all outgoing lists are processed by one person, who is responsible for (and has access to) all database segments, including that membership. We have never allowed our fundraisers or marketing staff to pull their own lists, because they simply don't have the nuanced knowledge to customize lists/queries optimally for our highly segmented communications.
- You can change the email types that are allowed in your NXT emails. You could give Membership constituents a unique email type (called “Member email” maybe?), and then all marketing staff would know to select that type when sending communications. See options to filter by email type in NXT email designer:
- You could even go a step farther and make RE automated restrictions work for you. You say that you don’t use NXT for your fundraising supporter emails. If you send fundraiser emails through a disconnected third-party (such as Mailchimp), then you could conceivably mark all fundraiser email addresses “Do Not Email” or “Inactive”, knowing that you can bypass that code when pulling fundraiser email lists through Query, and knowing that you can use the Consent box to track actual permission preferences. With either of those two boxes marked, NXT's automatic filters should exclude them from email communications without user input (although I have only tested this in OLX, not in NXT). The caveat with this is that you will want thorough procedural documentation to prove to future staffers why it's okay to email to someone marked “Do Not Email” in their record.
1
Categories
- All Categories
- 6 Blackbaud Community Help
- 209 bbcon®
- 1.4K Blackbaud Altru®
- 394 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 359 Blackbaud eTapestry®
- 2.5K Blackbaud Financial Edge NXT®
- 646 Blackbaud Grantmaking™
- 563 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 934 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.4K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 243 ResearchPoint™
- 118 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 238 The Tap (Just for Fun)
- 33 Blackbaud Community Challenges
- 28 PowerUp Challenges
- 3 (Open) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 779 Community News
- 2.9K Jobs Board
- 53 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)