Page 280 - Washington Nonprofit Handbook 2018 Edition
P. 280

(vi)   How Collected Information Is Kept Secure

                       The security section of your privacy policy should describe how you ensure

               that all consumer information is protected from unauthorized disclosure and theft.
               If you share information with third parties, what steps do you take to ensure that
               they  keep  the  information  secure?  Avoid  describing  the  level  of  security  in
               absolutes.  There is no such thing as absolute assurance of security.

                              (vii)  With Whom You Share Collected Information


                       It is not necessary that you list in your privacy policy every single company,
               organization, business partner, or entity that you might share collected information
               with.    You  should,  however,  mention  types  of  entities  you  will  share  information
               with,  such  as  other  nonprofit  organizations,  business  partners,  credit  card
               companies,  and  government  agencies.    For  each  type  of  entity,  list  the  type  of
               collected information you would share and under what circumstances.


                              (viii)  Date Stamp Your Privacy Policy and Provide Contact
                                     Information

                       Privacy policies change over time.  It is important to include the effective date
               of  the  policy  and  information  on  how  changes  will  be  handled  and  posted.
               Additionally, provide a contact point for anyone who has questions or comments
               about  your  policy  or  practices.    A  physical  address  and  an  appropriate  e-mail
               address should be provided to the consumers.  It is important that their questions
               be acknowledged and responded to in a timely fashion.


                       e.     CAN-SPAM for Nonprofits

                       No legitimate  nonprofit  organization  wants to be  known for  sending  spam
               out  to  potential  donors.    The  federal  law  regulating  spam  is  the  Controlling  the
               Assault of Non-Solicited Pornography and Marketing Act of 2003, 15 U.S.C. sections

               7701-7713  (2003)  (the  “CAN-SPAM”  Act).    The  CAN-SPAM  Act  is  a  federal  law
               regarding the sending of commercial e-mail.  And the law (and its steep penalties)
               potentially applies to activities of nonprofit organizations.

                       Under  the  CAN-SPAM  Act,  e-mails  containing  transactional  or  purely
               informational content are generally not covered.  Examples of transactional content
               would  include  confirmation  of  registration  or  receipt  of  a  donation,  invoice  and
               account information, and notice of expiration of services.  Commercial e-mails that
               promote  a  product  or  service  would  trigger  CAN-SPAM  requirements.    There  are







               WASHINGTON NONPROFIT HANDBOOK                -269-                                       2018
   275   276   277   278   279   280   281   282   283   284   285