Alumni and Donor Data Management

1. Introduction and Background

Alumni and donor data are vital assets to East Carolina University (ECU), supporting engagement, fundraising, and institutional development. Effective management of this data ensures accuracy, security, and compliance with institutional and regulatory standards. This regulation establishes the exclusive use of the University Advancement and/or Athletics official alumni and donor databases to store, update and access all relevant records.

2. Definitions

Alumni and Donor Data: Information pertaining to individuals who have an affiliation as alumni or individuals and entities that have made contributions to ECU, including contact details, donation history, and engagement records as applied to all academic and athletic fundraising. For purposes of this policy, Alumni and Donor Data does not include data of associated entities of ECU.

University Community Member: Any individual acting in a private capacity (including, but not limited to, private citizens, University Employees (permanent, temporary, full-time, or part-time), and students) or entity (including any business entity) that engages with alumni and donor data or provides support for alumni and donor data management.

Shadow Database: Any unauthorized system or repository (e.g. Access databases, Appward, Excel, Qualtrics, Word) used to store alumni and donor data outside the official University Advancement Customer Relationship Management (UACRM) System (i.e. Agilon ONE 2025, Kindsight ascend 2026) and/or Athletics/Pirate Club Customer Relationship Management (PCCRM) System (i.e. Paciolan 2025).

3. Applicability

This regulation applies to all University Community Members and University Employees engaged in managing, accessing or processing alumni and donor data as part of their association with East Carolina University.

4. Coordination of Alumni and Donor Data Management

Responsibility for coordinating alumni and donor data management at East Carolina University is delegated to the Vice Chancellor for University Advancement and the Director of Athletics. The Vice Chancellor and Director are charged with establishing and implementing procedures to ensure the centralized management of alumni and donor data, maintaining data accuracy, security and compliance with relevant policies and regulations.

5. Exclusive Use of the University Advancement CRM

All alumni and donor data must be stored and managed exclusively within the University Advancement Customer Relationship Management (UACRM) System and/or Athletics/Pirate Club Customer Relationship Management (PCCRM) System. The use of unauthorized shadow databases or personal record-keeping systems is strictly prohibited except for immediate use scenarios.

University Employees and University Community Members must request updated data from University Advancement (academic) and/or through Athletics/Pirate Club (athletic) immediately prior to use. No data should be utilized for more than one (1) month without being refreshed.

6. Data Submission and Updates

University Employees and University Community Members must submit any updates or new alumni and donor data to University Advancement or Athletics/Pirate Club within five (5) business days to ensure the system remains current and accurate (e.g. event attendee data, graduation survey responses, alumni outreach bouncebacks).

7. Access Control and Confidentiality

Access to UACRM and/or PCCRM is restricted to authorized personnel based on business needs and role-based permissions. All individuals granted access must sign confidentiality agreements and adhere to data protection regulations.

8. Exceptions

Any exceptions to this regulation must be requested in writing and approved by the VCUA or Director in consultation with the University’s Chief Information Officer and Data Governance Committee. Approved exceptions must include justification, mitigation strategies and a review schedule to reassess the necessity of the exception.

9. Enforcement and Compliance

Violations of this Regulation may result, in accordance with applicable University policy, in disciplinary action against ECU employees, up to and including discharge, and ECU students, up to and including expulsion, and, if a violation of a law, criminal prosecution. The VCUA and/or Director may also take administrative action, including, but not limited to, prohibiting a University Employee or University Community Member from engaging in fundraising activities on behalf of the University. Suspected regulation violations must be reported to the VCUA and/or Director or the ECU Information Security Office. University Advancement and/or Athletics, in collaboration with ECU’s Information Security Office, will conduct regular audits to ensure compliance with this regulation and to detect unauthorized databases.