Amid continuing revelations of child sexual abuse committed by clergy members, some states are rejecting such exception and requiring clergy to report information received through personal confessions – or possibly face criminal fines and jail. With pertaining bills passing in the Illinois House of Representatives and California Senate, this trend reflects sharp tensions between important interests: government deference to religious liberty freedoms and government interests in protecting vulnerable persons from harm.
California Takes the Lead in U.S. Data Privacy: The New Consumer Privacy Act and What Nonprofits Need to Know
Nonprofits attuned to growing legal requirements for data privacy and data security best practices are familiar with a kind of alphabet soup of acronyms: WISP, GDPR, PII, PCI DSS, NIST, and others. Beginning in January of 2020, an important new law and corresponding acronym will significantly alter the data privacy landscape in America. The California Consumer Privacy Act (CCPA) provides extensive protections and requirements for entities doing business in California. While the law doesn’t directly target nonprofits, CCPA impacts most nonprofits’ handling of consumer data, donor information, website user identifiers, and other types of personal information.
Accordingly, nonprofits all over the United States, as well as international nonprofits who partner with California entities, should proactively implement key components of data privacy compliance, such as through accurate online disclosures, appropriate user opt-out options, and special care in handling the information of minors. Furthermore, nonprofits should carefully evaluate ways in which certain operations or complex corporate structuring might trigger requirements for particularly strict compliance with CCPA. We also recommend nonprofits seriously assess the new standards for data handling under CCPA (and other data privacy regimes), even if such statutes do not appear to be expressly applicable to nonprofits organizations. Through such proactive steps, nonprofits should be well-positioned to act on emerging opportunities related to the security and processing of personally identifiable data in their operations. There is more to be said about each of the above recommendations, but first a bit of recent historical global context: the European Union’s (EU) predecessor cousin of CCPA: GDPR.
Is it campaign finance reform, or yet another threat of harm to First Amendment rights affecting donors and tax-exempt organizations? This spring, the U.S. House of Representatives passed an “omnibus” campaign finance bill called “For the People Act,” (H.R. 1) which addresses a wide range of election and related matters. The Act expressly excludes Section 501(c)(3) public charities from its donor disclosure and reporting requirements, but not Section 501(c)(4) social welfare or other tax-exempt organizations. While the proposed legislation likely will go nowhere in the Senate, it warrants notable mention in the following ways.