A cross-team data governance and privacy strategy package

The Data Autonomy Framework™ is my flagship engagement and the recommended starting point for organizations that need to establish shared clarity around how data is collected, governed, and used across teams before making technology or vendor decisions.

Designed for fundraising, marketing, operations, legal, and product stakeholders, this package helps organizations align on definitions of risk, consent, and acceptable use so privacy decisions support growth, audience and cross-team trust, and long-term strategy.

What teams walk away with:

• A shared, documented definition of acceptable data use across teams
• Clear privacy tiers and consent models that guide everyday decisions
• Alignment on risk tolerance, inference boundaries, and mitigation strategies for PII and sensitive data handling
• A practical privacy governance roadmap leadership can approve and stand behind
• Reduced friction and rework when privacy or compliance questions arise
• Increased confidence that data practices support donor trust and long-term growth
• Clear preference management principles that respect constituent intent and prevent data misuse across teams and third-party vendors
• A clear view of where privacy risk shows up in day-to-day operations — including tracking, data sharing, internal documentation, and third-party tools — and what to address first

This engagement delivers:

• Comprehensive current-state assessment: Cross-team interviews and structured review of data collection points, consent flows, tracking and tagging practices, internal data use, vendor sharing, and consumer-facing transparency, resulting in a strategic analysis of your practices and risk exposure
• Facilitated alignment workshop: A full-day working session with interviewed and impacted teams to establish shared definitions of risk, values, inference, and acceptable use that reflect your organization's values and operational reality
• Documented privacy infrastructure roadmap: A step-by-step strategic roadmap for execution that leadership can approve, teams can implement, and your organization can stand behind
• If needed: Ongoing strategic guidance for tools, vendors, and technology integrations as you implement the framework

The Data Autonomy Framework™ is grounded in values alignment and mission accountability, ensuring privacy decisions reflect not just what is allowed, but what is appropriate based on how data is actually used across your organization.

When this engagement makes sense:

This is the right starting point if your organization lacks documented privacy principles, teams have conflicting interpretations of acceptable data use or consent signals, or you need foundational alignment before making major technology investments or vendor selections.

Organizations typically begin here before moving into enterprise roadmapping, AI readiness assessments, or ongoing advisory support. It establishes the shared language and governance foundations that make subsequent technology and vendor decisions faster, more confident, and better aligned with your mission.

Embedded partnership for organizations navigating ongoing privacy governance decisions

For organizations navigating ongoing decisions about data use, consent, technology, and regulation, I offer retainer-based strategic advisory that functions as privacy product management.

In this role, I help organizations maintain clarity and continuity across teams, ensuring privacy and data governance decisions are prioritized, documented, and aligned as tools, regulations, and internal needs evolve.

This work provides structure and long-term context, without functioning as internal staffing or day-to-day execution.

Teams benefit from:

• Ongoing clarity and continuity across privacy and governance decisions
• A maintained and prioritized privacy framework and implementation roadmap
• Faster, more confident decisions about tools, vendors, partners, and initiatives
• Ongoing risk assessment and mitigation strategy to prevent data misuse as tools and practices evolve
• Reduced internal ambiguity about ownership and accountability
• Strategic interpretation of new legislation in operational terms
• Leadership confidence that privacy governance is actively stewarded

Support may include:

• Maintaining and evolving privacy and data governance roadmaps
• Reviewing proposed tools, vendors, and initiatives to assess risk, transparency, and alignment with consent expectations
• Tag management governance and approval workflows to prevent piggybacking and unapproved tracking
• Conducting DPIAs and vendor assessments for new partnerships as they arise
• Guidance and risk assessments for complex data-matching partnerships with vendors
• Opt-out experience testing and optimization to ensure compliance and user experience quality
• Ongoing compliance monitoring and optimization using tools like ObservePoint
• Pressure-testing assumptions and surfacing cross-team implications
• Supporting leadership and board-level decision-making
• Partnership with analytics and product teams to configure consent banners, measurement logic, and downstream data use

This engagement is intentionally scoped and cadence-based, allowing teams to benefit from sustained strategic oversight.

Architecting your privacy-forward technology and compliance stack

For large nonprofits, universities, and federated organizations with complex technology ecosystems, privacy decisions quickly become infrastructure decisions.

For organizations that have established governance foundations but need to translate those principles into technical reality, this engagement focuses on setting the vision for your privacy technology stack and orchestrating the stakeholders who will execute it.

Organizations gain:

• Strategic vision for privacy and consent architecture across systems, domains, and platforms
• Clear roadmaps bridging governance principles to technical execution — clarifying what needs to happen and who needs to be involved
• Business-case justifications for added staff or technology resources
• Understanding of data flows, tracking risks, and what compliant infrastructure looks like for your specific context
• Stakeholder alignment on roles, responsibilities, and decision-making authority
• Stronger readiness for audits, regulatory inquiries, and third-party requirements
• Executive-ready documentation for technology investment planning and vendor negotiations

Common focus areas include:

• Consent management platform selection, evaluation, and onboarding strategy
• Cookieless analytics transitions and server-side tracking migration roadmaps
• Compliance monitoring tool strategy and selection (ObservePoint, etc.)
• Cross-team alignment when consent behavior, tooling, and reporting requirements conflict
• Strategic planning for major technology transitions or vendor consolidations

This work is advisory and strategic in nature. It does not include tool implementation, but provides the clarity teams need to move forward with confidence.

Preparing your organization for AI, without compromising privacy, trust, or values

AI readiness is not about adopting tools quickly. It’s about ensuring your data, consent practices, and governance structures are strong enough to support responsible use. This includes assessing whether existing data practices align with stated values, mission accountability, and audience expectations around transparency.

This engagement helps organizations evaluate readiness, define guardrails, and establish shared expectations for how AI tools may — and, importantly, may not — be used across teams.

Organizations are able to:

• Determine whether existing data and consent practices are appropriate for AI use
• Establish clear guardrails to prevent data misuse and define acceptable and unacceptable AI applications
• Confidently evaluate AI tools without defaulting to blanket bans or unchecked experimentation
• Align staff experimentation with privacy, legal, and ethical expectations
• Reduce reputational and compliance risk as AI use expands
• Move forward with AI adoption grounded in trust and governance

This work may include:

• Assessment of data quality, consent, transparency, and risk mitigation readiness for AI use
• Guidance on appropriate AI use cases by role or function
• AI tool evaluation and internal approval frameworks
• Staff guidance balancing experimentation with safeguards
• Alignment with privacy law, donor trust, and ethical considerations

AI readiness often serves as an entry point into broader governance or enterprise advisory work.

Operationalizing privacy-aligned decision-making across teams

I offer targeted trainings designed to help teams apply governance principles in their day-to-day work. Trainings may be delivered as standalone sessions or embedded within broader engagements.

Common trainings include:

• Privacy-Forward Contact Report Writing
• Donor & Constituent Identity Verification
• Consent Management & Preference Centers
• Responsible AI Tool Use for Nonprofits
• Data Redaction & Internal Communications
• Audience Data Ethics & Inference Boundaries

Participants leave with:

• Clear guidance on what belongs in systems of record and what does not
• Practical, role-specific examples they can apply immediately
• Increased confidence handling sensitive or ambiguous data situations
• Reduced risk of over-collection or internal oversharing
• Shared language across teams for discussing privacy and data use