Non-Profits and Data Privacy Issues

I really went back and forth for awhile on this one, especially since I volunteer with a non-profit organization. Initially, my ethical thought was absolutely not, which was completely biased just on my own feelings. Then as I started to find different sources about data and understanding it more, I changed my mind. The struggle of fundraising for non-profits is a real one and I know at the non-profit that I am with, the technology and funding is just not there to make any of the data about clients secure. Everything is still hand written on paper and filed in a locked file-cabinet. This is also not efficient to use for any kind of analysis, which makes it likely that high quality decisions are not always being made by the organization. 

I think in an ideal world, we'd like to think the mortgage company just wants to engage in their community and help people, but they are a for-profit business and $10 million is a significant amount of money. It doesn't seem unreasonable for them to want something in exchange for that and I think the idea of waiting for a more aggressive investor to come along who thinks the data is more valuable could present a potentially unethical situation. To me that seems as though the non-profit is actively seeking out the selling of their client's data to the highest bidder, rather than an opportunity being presented to them with a company that from what is stated in the initial post, wants to provide services that would be useful to their clients. If bankruptcy of the non-profit was a concern, perhaps an ethical dilemma could be avoided by renegotiating the terms of the partnership for the data sharing to be for a specific amount of time to allow for continued partnership with the company in the future, if each organization is finding the partnership to be mutually beneficial, rather than shopping for another investor.

 The firm currently collects data and clients are already required to acknowledge that their data is being collected and analyzed and they must give permission for their data to be shared anonymously. Is this just for protection?  Does this mean that the non-profit is already sharing anonymous data with no compensation? This makes me think that a mortgage company offering $10 million dollars would not accept a renegotiation for anonymous data that is already being shared elsewhere.