Doing good while reading good — join the Nonprofit Good News-Letter.
50 Reasons Why It Is Hard to Run a Nonprofit — Challenge 28: Volunteer Errors
A volunteer at a social services nonprofit is at a community fundraiser. She's been with the organization for years — helps run the annual gala, knows everyone, gives generously. Someone at her table asks what the organization actually does, and she tells a story. A real one. A client who came in desperate, got help, turned things around.
She uses the client's first name. She mentions the neighborhood. She describes the situation in enough detail that anyone in the room who knows the client could identify her.
The client is a domestic violence survivor.
No malice. No profound carelessness, even — the volunteer was proud of the work and wanted people to understand why it matters. But a confidentiality line was crossed, and a person who trusted the organization with her safety is now potentially exposed.
What does the executive director do?
If you've led a nonprofit long enough, you already know the answer. Probably nothing. Or at least nothing proportionate to the risk. Because the volunteer is a major supporter, and confronting her feels like punishing someone for caring.
Volunteers make mistakes. The difficulty specific to nonprofits is that the culture around volunteering makes it extraordinarily hard to address those mistakes when they happen.
The Urban Institute's research on volunteer management practices found that training for paid staff in working with volunteers is the least common practice among nonprofits — and adoption fell 19 percentage points between 2003 and 2019. The organizations aren't even training their own staff to work with volunteers, let alone training the volunteers themselves.
Volunteers operate without clear expectations, without formal role descriptions, and often without any confidentiality training. When they make errors — and they will — nobody has established the framework for addressing it.
And the errors aren't small. They include confidentiality breaches like the one above. Data entry mistakes that corrupt donor records and jeopardize grant reporting. Unauthorized communications that create PR problems. Financial mishandling by volunteers entrusted with donations or event proceeds.
If you read the previous post in this series on volunteer danger, the legal framework will look familiar. The Volunteer Protection Act of 1997 shields individual volunteers from personal liability for harm they cause while acting within the scope of their responsibilities.
Your organization is not shielded.
The same Act that protects the volunteer who makes the mistake leaves the nonprofit fully exposed to liability through vicarious liability — the legal doctrine that holds an organization responsible for the actions of people acting on its behalf.
In Challenge 27, we looked at this from the volunteer's perspective: the org is liable when volunteers get hurt. Here, it's the other side: the org is liable when volunteers hurt someone else.*
The volunteer who breaches confidentiality walks away protected by federal law. Your organization faces the lawsuit.
Confidentiality breaches are one category. Financial mishandling is another — and it comes with criminal consequences.
Todd Anthony Holland served as volunteer treasurer of the Ford River Fire Department in Michigan. He embezzled approximately $70,000. He was convicted and sentenced to jail time with restitution ordered.
Charles Ameer was volunteer treasurer of the Weston Soccer Club in Massachusetts. He pleaded guilty to wire fraud, having stolen $890,000 from a related organization and at least $38,500 from the soccer club itself.
These aren't aberrations. According to data compiled by the Association of Certified Fraud Examiners, organizations that provide fraud awareness training detect fraud more than 2.5 times faster than those that don't — and lose significantly less money when fraud occurs.
The pattern in both cases is the same: a trusted volunteer, minimal oversight, no financial controls designed for the volunteer role, and years of undetected theft.
The reason nonprofit leaders struggle to address volunteer errors isn't a mystery. It's a straightforward psychological bind.
Volunteers are giving their time for free. They're doing it because they care. Correcting them feels like punishing generosity.
And when the volunteer in question is also a donor, a board member, a community figure, or the person who chairs your biggest event — the cost of confrontation feels catastrophic.
So the organization absorbs the error. Staff quietly clean up the data entry mistakes. The ED has an awkward but vague conversation about the confidentiality breach. The finance committee adds a review step but doesn't tell the volunteer treasurer why.
The problem compounds. Other staff see that volunteer errors go unaddressed and lose confidence in leadership. Other volunteers — the good ones who want to do well — never receive the feedback that would help them improve.
The organization develops a two-tier accountability system: one set of standards for paid staff, a lower set (or no set) for volunteers.
Accountability doesn't drive volunteers away. It retains them.
Research on volunteer management consistently shows that volunteers are more likely to sign up and remain engaged when organizations provide clearly defined roles with written descriptions and explicit expectations. Clear expectations improve role fit, satisfaction, and retention.
Good volunteers want to do well. They can't do well if nobody tells them what "well" looks like.
Treating volunteers like adults who can handle feedback is more respectful than treating them like fragile gifts you can't risk offending. The organization that won't correct a volunteer isn't being kind. It's being condescending.
Written role descriptions with explicit expectations. Before the volunteer starts, not after an error occurs. What are they responsible for? What are they not authorized to do? Who do they report to? What information is confidential?
This is the same logic as the board agreement from Challenge 26 — the conversation is easy at the point of invitation.
Confidentiality agreements for every volunteer who touches sensitive information. Not just organizations covered by HIPAA. Even nonprofits outside HIPAA's scope have a legal duty under state privacy laws to protect individuals' privacy.
A signed confidentiality agreement does two things: it makes the expectation explicit, and it creates a reference point if the expectation is violated.
Financial controls that apply to volunteers, not just staff. Dual signatures on accounts. Segregation of duties — the person who receives donations shouldn't be the person who deposits them. Regular audits of volunteer-managed funds. These are the same controls you'd apply to employees handling money. Volunteers shouldn't be exempt because they're unpaid.
A documented feedback and correction process. Not "firing" volunteers — a graduated approach: verbal conversation, written expectations reminder, reassignment to a different role if needed, separation as a last resort. Having this process written down before you need it makes enforcement feel procedural rather than personal. Guardrails, not troopers.
Pick your highest-risk volunteer role — the one where an error could breach confidentiality, lose money, or harm a client. Does that role have a written description? A signed confidentiality agreement? Clear supervision?
If the answer to any of those is no, fix it this week. Not because your volunteers aren't trustworthy — but because trustworthy people in ambiguous roles make avoidable mistakes.
*As with other posts, I'm an attorney and think about these things a lot, but I'm not providing you legal advice. Hopefully, I'm raising awareness.
This is part of an ongoing series exploring the 50 challenges outlined in Managing Your Nonprofit for Resilience (Wiley, 2023). Subscribe to Nonprofit Good News Premium for implementation tools and deeper analysis.