From Compliance to Trust: Privacy-First Constituent Control
From the Nominator
In 2025, the Oregon State University Foundation (OSUF) led an initiative to establish a privacy-first approach to constituent engagement, data stewardship, and regulatory compliance. The goal was twofold: to comply with consumer privacy laws, including the new Oregon Consumer Privacy Act, and to empower constituents with control over their personal data. This work resulted in three outcomes: a new privacy policy; a web-based Privacy and Preferences Center; and the adoption of organization-wide best practices. Rather than treating privacy as a compliance exercise, OSUF framed this effort as an organizational transformation requiring changes in mindset, practice, and accountability. The initiative prompted a reexamination of data and marketing practices, encouraged a more intentional approach to personalization and trust, and challenged the organization to demonstrate the value of staying connected at a time when opting out is easier than ever. The results showed that respecting privacy enhances—rather than limits—engagement. Within the first two months following launch, use of the center showed strong engagement without widespread opt-outs, validating the strategy and easing early concerns. A dedicated cross‑functional team (“Team Privacy”) drove success. Volunteer leaders participated in testing, staff were prepared to support constituents post-launch, and trainings helped teams navigate the new regulatory environment.
From the Judges
Provides a replicable framework for other organizations that will no doubt face this issue. Impressive approach not just to the "why" of the change, but the "how."