Page 278 - Washington Nonprofit Handbook 2018 Edition
P. 278

•      Helps your organization meet legal requirements; and


                       •      Functions  as  a  guideline  for  making  business  and  organizational
                              decisions.

                       A  search  of  the  internet  will  show  organizations  that  can  assist  your
               organization  by  recommending  privacy  policies  and  security  technologies,
               reviewing  your  privacy  practices,  and  providing  endorsements.    Your  county  BAR
               associations  (see  http://www.wsba.org/legal-community/county-bar-associations)
               are a good resource for referrals to lawyers who specialize in privacy law.  Wayfind
               (www.wayfindlegal.org)        and    501    Commons        (www.501commons.org),          two
               organizations which support nonprofits, are good resources for privacy or security
               trainings and referrals.  The International Association of Privacy Professionals also
               has many resources and trainings available (see https://iapp.org/resources/).


                       Should  you  copy  a  privacy  policy  from  another  website  or  use  a  sample
               policy? Before using a sample privacy policy or copying one, review it carefully and
               understand your organization’s practices to make sure that every statement in the
               privacy  policy  accurately  reflects  what  your  organization  is  really  committed  to
               doing.


                       There  are  certain  pieces  of  key  information  to  be  included  in  your  privacy
               policy.  Once you have established this policy, it should be posted on your website
               and  shared  with  all  individuals  involved  with  your  organization  (including
               consultants or contractors).


                              (iii)   What Information Is Collected and How

                       Your  privacy  policy  should  clearly  state  what  consumer  information  you
               collect  from  anyone  who  visits  your  website  (or  communicates  with  your
               organization  in  any  other  manner).    There  are  two  broad  types  of  consumer
               information:


                       •      Personally identifiable information (“PII”) is the most sensitive type of
                              information  because  it  can  be  used  to  identify  an  individual.    PII
                              includes  a  person’s  legal  name,  e-mail  address,  physical  mailing
                              address, social security number, phone number, medical records, and
                              bank account numbers or other financial data.  Consumers feel most
                              secure when the only PII you collect is information they provide to you
                              directly, such as by filling out a form on your website.








               WASHINGTON NONPROFIT HANDBOOK                -267-                                       2018
   273   274   275   276   277   278   279   280   281   282   283