Nonprofits, Volunteers, and Copyright: Clarifying Ownership and Usage Rights

As any nonprofit leader knows, volunteers serve vitally important functions in many nonprofit organizations.  What happens when volunteers create original works for their organizations?  Generally speaking, the volunteers will own the works absent any specific agreements otherwise, and whether the volunteers or the organizations realize it or not.  Nonprofits therefore should take proactive steps regarding copyright issues, such as through ownership and licensing agreements.  These measures may become especially important if the created works later become financially valuable, if disputes arise regarding the work, or if the nonprofit wants to transfer or alter the work. 

U.S./E.U. Replace Safe Harbor with “Privacy Shield” but Details on New Plan Unclear

U.S. organizations transmitting personal information across the Atlantic can breathe a sigh of relief – sort of.  The U.S. and E.U. agreed this month to a new framework designed to protect the online privacy of E.U. citizens and to mitigate legal exposure for U.S. entities transmitting personal information across the Atlantic.  The agreement, known as Privacy Shield, replaces Safe Harbor, a fifteen-year-old privacy agreement, was ruled illegal by the Court of Justice of the European Union (“CJEU”) - the highest EU court, last October. 

This developing area of the law is often not on the radar of nonprofit organizations.  In fact, many nonprofits are not eligible to participate in Privacy Shield and its Safe Harbor predecessor.  However, as discussed below, Section 501(c)(6) trade associations and certain other nonprofit entities should qualify to enjoy the legal protections available under these legal frameworks.  Since the abrogation of Safe Harbor, many eligible nonprofits have faced uncertainty regarding the legal status of their transatlantic data transfers.  The new replacement Privacy Shield promises to both protect E.U. citizens’ personal information and shelter U.S. qualifying nonprofits and other entities who comply with its terms. 

It may be too soon to celebrate, however.  Specific terms and conditions of Privacy Shield have not yet been disclosed.  Furthermore, it is not clear that the new agreement will pass legal muster with E.U. Data Protection Authorities (“DPAs”) once the details are published.  Until this occurs, U.S. organizations conducting transatlantic transfers of personal information remain in murky legal waters.  During this time of uncertainty, U.S. organizations should continue to implement alternative legitimization mechanisms (discussed below).

Top Ten Legal Resolutions for Nonprofit Leaders in 2016

With the new year upon us, our hope is that all of our nonprofit clients will thrive in 2016, fulfilling their organizational mission and impacting their communities.  As attorneys, we understand the importance of legal compliance for an organization’s mission, governance, and success.  The following is a list of ten critical legal areas that may impact nonprofit organizations in 2016.  Resolve to address them throughout the year, especially any deficiencies that warrant further action.

1.         Develop nonprofit website privacy and cybersecurity protections and policiesNonprofits regularly gather personal information from people who visit their organizational websites.  A major legal development in the last few years is the need for many nonprofit organizations to implement a privacy policy or user agreement for their websites.  The policies should establish protocols for collection, use, and storage of website users’ private information. They should also provide appropriate disclosures to users, such as analytics information, cookies, security measures such as encryption, and how organizations may share data.  Significantly, nonprofits that permit financial transactions on their sites, such as receiving donor contributions should ensure their payment systems are PCI DSS compliant.  These are emerging but important areas as internet traffic increases along with corresponding privacy concerns. 

2.         Use Social Media Well.  Social media is a powerful tool for many nonprofits.  Continual improvements can help promote an organization’s mission and nurture its good reputation.  Unfortunately, many nonprofits fail to take the time to understand how copyright and trademark laws govern their use of photos, videos, or other media in their posts.  In using social media, nonprofits need to teach their workers how to identify and comply with applicable copyright or trademark restrictions, for which a license or other protection may be needed.  Nonprofits should also consider individual privacy interests related to posts and obtain consents or provide other disclosures as warranted prior to posting information about beneficiaries, donors, or others.  Finally, nonprofits should take steps to protect their reputations by developing a procedure or policy that ensures employees and volunteers refrain from using the organization’s social media for disparaging comments or to express views contrary to the mission.