Data Autonomy Framework™

A cross-team data governance and privacy strategy package

The Data Autonomy Framework™ is my flagship engagement for organizations seeking shared clarity around how data is collected, governed, and used across teams.

Designed for fundraising, marketing, operations, legal, and leadership stakeholders, this package helps organizations align on definitions of risk, consent, and acceptable use — so privacy decisions support growth, trust, and long-term strategy.

What teams walk away with:

• A shared, documented definition of acceptable data use across teams
• Clear privacy tiers and consent models that guide everyday decisions
• Alignment on risk tolerance, inference boundaries, and mitigation strategies for sensitive data handling
• A practical governance roadmap leadership can approve and stand behind
• Reduced friction and rework when privacy or compliance questions arise
• Increased confidence that data practices support donor trust and long-term growth
• Clear preference management principles that respect constituent intent and prevent data misuse across teams and third-party vendors
• A clear view of where privacy risk shows up in day-to-day operations — including tracking, data sharing, internal documentation, and third-party tools — and what to address first.

This package typically includes:

• Cross-team interviews and a structured review of data collection points, consent flows, tracking and tagging practices, internal data use, vendor sharing, and consumer-facing transparency, resulting in a current-state practices and risk assessment.
• A facilitated workshop (typically a full day) with interviewed and impacted teams to agree on shared definitions of risk, inference, and acceptable use
• Delivery of a documented, step-by-step roadmap for execution
• If needed, ongoing governance guidance for tools, vendors, and technology integrations

The Data Autonomy Framework™ is grounded in values alignment and mission accountability, ensuring privacy decisions reflect not just what is allowed, but what is appropriate based on how data is actually used across your organization.

It often serves as the foundation for enterprise roadmapping, AI readiness, or ongoing advisory support.

Enterprise Privacy & Technology Roadmapping 

Architecting your privacy-forward technology and compliance stack

For large nonprofits, universities, and federated organizations with complex technology ecosystems, privacy decisions quickly become infrastructure decisions.

For organizations that have established governance foundations but need to translate those principles into technical reality, this engagement focuses on setting the vision for your privacy technology stack and orchestrating the stakeholders who will execute it.

Organizations gain:

• Strategic vision for privacy and consent architecture across systems, domains, and platforms
• Business-case justifications for added staff or technology resources
• Clear roadmaps bridging governance principles to technical execution — clarifying what needs to happen and who needs to be involved
• Understanding of data flows, tracking risks, and what compliant infrastructure looks like for your specific context
• Stakeholder alignment on roles, responsibilities, and decision-making authority
• Stronger readiness for audits, regulatory inquiries, and third-party requirements
• Executive-ready documentation for technology investment planning and vendor negotiations

Common focus areas include:

• Consent management platform assessment and optimization, or CMP selection, evaluation, and onboarding strategy
• Cookieless analytics transitions and server-side tracking migration roadmaps
• Compliance monitoring tool strategy (for tools like ObservePoint and nearest competitors)
• Data flow mapping and tracking risk assessment
• Guidance and risk assessments for complex data-matching partnerships and vendor management
• Tag management governance and pixel infrastructure oversight
• Vendor assessments, DPIAs, data processing agreements, and contracting considerations
• Cross-team alignment when consent behavior, tooling, and reporting requirements conflict

This work is advisory and strategic in nature. It does not include tool implementation, but provides the clarity teams need to move forward with confidence.

AI Readiness & Responsible Adoption

Preparing your organization for AI, without compromising privacy, trust, or values

AI readiness is not about adopting tools quickly. It’s about ensuring your data, consent practices, and governance structures are strong enough to support responsible use. This includes assessing whether existing data practices align with stated values, mission accountability, and audience expectations around transparency.

This engagement helps organizations evaluate readiness, define guardrails, and establish shared expectations for how AI tools may — and, importantly, may not — be used across teams.

Organizations are able to:

• Determine whether existing data and consent practices are appropriate for AI use
• Establish clear guardrails to prevent data misuse and define acceptable and unacceptable AI applications
• Confidently evaluate AI tools without defaulting to blanket bans or unchecked experimentation
• Align staff experimentation with privacy, legal, and ethical expectations
• Reduce reputational and compliance risk as AI use expands
• Move forward with AI adoption grounded in trust and governance

This work may include:

• Assessment of data quality, consent, transparency, and risk mitigation readiness for AI use
• Guidance on appropriate AI use cases by role or function
• AI tool evaluation and internal approval frameworks
• Staff guidance balancing experimentation with safeguards
• Alignment with privacy law, donor trust, and ethical considerations

AI readiness often serves as an entry point into broader governance or enterprise advisory work.

Privacy Product Management (retainer)

Embedded partnership for organizations navigating ongoing governance decisions

For organizations navigating ongoing decisions about data use, consent, technology, and regulation, I offer retainer-based strategic advisory that functions as privacy product management.

In this role, I help organizations maintain clarity and continuity across teams, ensuring privacy and data governance decisions are prioritized, documented, and aligned as tools, regulations, and internal needs evolve.

This work provides structure and long-term context, without functioning as internal staffing or day-to-day execution.

Teams benefit from:

• Ongoing clarity and continuity across privacy and governance decisions
• A maintained and prioritized governance roadmap
• Faster, more confident decisions about tools, vendors, and initiatives
• Ongoing risk assessment and mitigation strategy to prevent data misuse as tools and practices evolve
• Reduced internal ambiguity about ownership and accountability
• Strategic interpretation of new legislation in operational terms
• Leadership confidence that privacy governance is actively stewarded

Support may include:

• Maintaining and evolving privacy and data governance roadmaps
• Reviewing proposed tools, vendors, and initiatives to assess risk, transparency, and alignment with consent expectations
• Pressure-testing assumptions and surfacing cross-team implications
• Supporting leadership and board-level decision-making
• Partnership with analytics and product teams to configure consent banners, measurement logic, and downstream data use

This engagement is intentionally scoped and cadence-based, allowing teams to benefit from sustained strategic oversight.

Training & Enablement

Operationalizing privacy-aligned decision-making across teams

I offer targeted trainings designed to help teams apply governance principles in their day-to-day work. Trainings may be delivered as standalone sessions or embedded within broader engagements.

Common trainings include:

• Privacy-Forward Contact Report Writing
• Donor & Constituent Identity Verification
• Consent Management & Preference Centers
• Responsible AI Tool Use for Nonprofits
• Data Redaction & Internal Communications
• Audience Data Ethics & Inference Boundaries

Participants leave with:

• Clear guidance on what belongs in systems of record and what does not
• Practical, role-specific examples they can apply immediately
• Increased confidence handling sensitive or ambiguous data situations
• Reduced risk of over-collection or internal oversharing
• Shared language across teams for discussing privacy and data use