Privacy Laws Are Changing: Make Sure Your Nonprofit Is Ready

Have you consulted your legal team about the evolving data privacy requirements? Your legal counsel can help you understand how the changing laws apply to your organization’s data collection, usage, and storage. Once you know which requirements apply to you, check out the software features that can help you meet those requirements.

NOTE: The following information does not constitute legal advice and is not a comprehensive review of data privacy laws. Please consult your legal team to address your specific situation.

Americans are increasingly concerned about the privacy of their personal data. In response, several states are implementing new privacy laws which may affect how your organization collects, uses, and stores personal data. These laws have common requirements similar to other countries’ privacy laws, like the European and United Kingdom GDPR, with which you may already be familiar. Below, we summarize a few of the requirements and solutions.

For Blackbaud’s more in-depth overviews of privacy laws, please go to the Privacy Resource Center.

The Requirements

• Provide Access to Privacy Policies and Other Privacy Resources
  Do any of your online resources need to include a link to your privacy policy, notice at collection, or forms to change privacy preferences, etc.? You may need to provide a way for constituents to view your privacy policy or specific sections of your privacy policy. If you have a website or form allowing constituents to set privacy preferences (e.g., opt-out of targeted ads) then you may need to provide access to it.
  
  
• Respect Universal Opt-Out
  Do any of your online resources need to detect and record the Global Privacy Control (GPC) or other universal opt-out signals? The GPC is a tool that can be used to send a signal when visiting web pages. Anyone can set their browser account to enable this signal. If the signal is enabled when a constituent visits your website, the code to open the website includes the signal to indicate that the constituent prefers to keep their personal data private.
  
  More opt-out considerations: If you record GPC settings, how does a universal opt-out change your workflows or communication processes? Do you need to create opted-out constituent audience groups? Set data storage expirations? Alter marketing settings?
  
  
• Respect Other Opt-Outs
  Check with your legal counsel to understand requirements and find out if you are responsible for providing the option to opt out of any specific uses of data such as targeting ads, selling data, sharing data, or profiling. Consider how opt-outs might affect your data-based workflows.

• Allow Individuals to Control Their Personal Data
  Are you responsible for providing constituents with a way to review, edit, and delete personal data you collect? If a constituent asks what data you collect and how you use it, how should you respond?

• Remove Expired Data
  Are you subject to data storage expiration limitations? Some data storage duration is limited based on how data is used. You may need to retain information about financial transactions. You may be required to delete demographic data after closing an event or campaign. Check with your legal counsel.

Blackbaud Solutions

Change is inevitable, but it doesn’t have to be intimidating. Blackbaud has provided ways to meet these requirements in each of our products. Select your product from the Privacy Resource Center product page to learn more about the features that allow you to remain compliant with each of these requirements.

Stay up-to-date with your compliance requirements by consulting your legal counsel, and check for feature updates in product release notes and in the Privacy Resource Center. If you still need help, reach out to Blackbaud Customer Support or your product community.