Page 271 - Washington Nonprofit Handbook 2018 Edition
P. 271

PART 12.   PERSONAL INFORMATION SECURITY AND ONLINE
                                PRIVACY ISSUES FOR NONPROFIT ORGANIZATIONS


                  CHAPTER 73.  Personal Information Security

                       Almost  every  organization  collects  personal  information  from  individuals,
               whether  from  employees,  volunteers,  donors,  or  recipients  of  services.    This
               personal information may be necessary or useful for your organization’s activities,
               such  as  payroll  processing  and  sending  solicitation  requests.    Use  of  personal
               information,  however,  comes  with  the  responsibility  to  keep  that  data  safe.
               Sensitive  information  such  as  social  security  numbers,  credit  card  numbers,
               financial account numbers, date of birth, health information, and other data can be
               used to commit financial fraud and identity theft.


                       To  protect  individuals  against  such  threats,  federal  laws  and  many  states
               require organizations to protect personal information, and in some cases, to notify
               individuals  if  information  is  improperly  disclosed.    Note  that  this  Chapter  is
               intended  to  cover  only  commonly  applicable  personal  information  security
               guidelines and requirements.  Not all data protection laws are covered here.  If you
               handle  financial  information,  health  information,  driver’s  license  numbers  and
               social security numbers, other laws and regulations may apply.


                       The topic of personal information is complicated because many existing laws
               only address commercial entities, who are not the only agencies or organizations
               that are responsible for handling and safeguarding personal information.  Does this
               mean that nonprofits should not worry?  First, the law in this area is unclear.  For
               example,  a  nonprofit  may  not  be  covered  under  a  law  if  it  provides  its  own
               fundraising, but may be covered  if it  uses an outside commercial party.  Second,
               laws may exclude certain tax exemption types of nonprofits (such as a 501(c)(3)) but
               may  apply  to  all  other  nonprofit  designations.    Third,  the  topic  of  personal
               information has become very important and a nonprofit’s reputation can be put at
               risk if personal information is not handled properly.  Arguably, reputation risk alone
               is  the  most  important  reason  why  nonprofits  should  make  the  topic  of  personal
               information  critical  to  their  operations  and  act  as  if  the  laws  apply  regardless  of
               whether  they  do  or  not  (see  http://blog.charitynavigator.org/2015/04/donor-
               privacy-policies.html  for  why  Charity  Navigator,  the  largest  evaluator  of  charities,
               includes an assessment of the nonprofit’s privacy policy in its evaluations).













               WASHINGTON NONPROFIT HANDBOOK                -260-                                       2018
   266   267   268   269   270   271   272   273   274   275   276