Compliance Policies and Procedures,
- Communicate the importance that the non-profit places on protecting its current and potential donors’ personal information.
- Maintain the trust of its current and potential donors who have an expectation of privacy when donating.
Relevant Privacy and Data Security Laws
- The Federal Trade Commission Act, regulating unfair or deceptive business practices and providing guidance on consumer privacy disclosures.
- The Children’s Online Privacy Protection Act (COPPA), regulating the online privacy of children under 13.
- State privacy laws. Non-profits may generally be exempt either entirely or in large part from many of these laws. However, non-profits should be aware of them to the extent that their activities intersect with covered activities or entities. For example:
- the California Consumer Privacy Act (CCPA), a comprehensive data protection statute governing use of the personal information of California residents, effective January 1, 2020, may apply if the non-profit obtains data from a CCPA-covered business; and
- the California Online Privacy Protection Act (CalOPPA), which regulates commercial website operators that collect California residents’ personal information, may apply if the non-profit engages in unrelated business activities, such as an online gift shop or paid advertising.
- The policy should clearly inform visitors about the types of personal information collected. Additionally, the policy should describe how the information is collected, used, and shared.
- Choice and consent. The policy should provide visitors with choices regarding how their personal information is used or disclosed. The non-profit may need to obtain consent if the information is used for purposes unrelated to the non-profit’s interaction with the visitor.
- The policy should describe the steps taken by the site operator to protect personal information.
- Its website.
- Phone calls.
- Email or mail.
- In person conversations, such as at a fundraising event.
- Is not subject to COPPA.
- Does not sell any of the personal information it collects and maintains.
- Addresses any applicable CCPA requirements in a separate notice. Websites collecting personal information from California residents must comply with the CCPA’s notice requirements by January 1, 2020
- Is based in the US and only targets US-based donors.
Helix Compliance, LLC (“Helix”) is not a law firm, and Helix’s employees and representatives are not acting as your attorney. Helix provides a technology-based platform for those seeking to prepare their own legal documents. Using Helix’s system-generated documents does not create an attorney-client relationship between you and Helix or any Helix employee or representative. Therefore, your communications with Helix do not constitute privileged communications. Likewise, neither the attorney-client privilege nor the work product doctrine protect your communications with Helix. Helix is not your lawyer in any way, shape, or form.
Using Helix’s documents is not a substitute for the expertise of an attorney. Thus, you should not use Helix’s system-generated documents as a substitute for legal advice. Additionally, you should not construe Helix’s system-generated documents as legal advice. Helix does not review any information provided to it for legal accuracy or sufficiency. Helix does not apply the law to the facts of your situation, and Helix does not draw legal conclusions. Further, Helix does not provide opinions about your selection of documents. Users seeking legal advice should consult a qualified licensed attorney.
Even though Helix seeks to ensure that document content is up-to-date, laws change rapidly. Therefore, Helix does not guarantee that each document is completely current. The law differs in each legal jurisdiction and may be applied differently depending on your factual circumstances. If you are unsure whether your situation requires a specific document or whether the document’s contents are legally sufficient for your specific purposes, you should consult a qualified licensed attorney.
This material is for informational purposes only. Helix is not responsible for any loss, injury, claim, liability, or damage related to your use of Helix documents. Your use of this material and Helix documents is at your own risk.
Comments from the Author