Technology and Data Privacy
Nonprofits act as stewards of the information entrusted to them by donors, beneficiaries, program participants, volunteers, and employees. Under numerous state, federal, and international legal frameworks, they are charged with protecting sensitive personal data. These new and quickly changing privacy laws address data storage and processing both domestically and internationally, with a complex web of requirements governing a wide range of information held by nonprofits. Proactive nonprofits act on emerging opportunities for data privacy compliance, online presence, and program-specific data handling, including programs related to minors. In doing so, they also mitigate risk of costly penalties, disruption of operations, and harm to the organization's reputation. Nonprofits need to respond well to data breaches or other incidents in order to comply with applicable regulations, mitigate risks, and communicate well with donors and other possibly affected parties. By incorporating data privacy by design into their corporate policies and culture, nonprofits can continue to serve at the vanguard of mission-driven work while serving as trusted stewards of both money and information.
Evaluating compliance under applicable data privacy regulations, including GDPR, CPA, COPPA, and CAN SPAM, and organizational compliance and best practices.
Developing policies governing the receipt, storage, and destruction of records and other information, whether digital or not, to comply with applicable state, federal, and international regulations and to mitigate risk in the event of litigation or data breach.
Advising clients on systematic sets of protocols, security measures, and policies to protect confidential and restricted data.
Optimizing online privacy polices and user agreements or terms of use to synergize with existing policies and practices and to comply with applicable data privacy regulations.
Mitigating risk through well-developed data breach policies and procedures; assisting in communications and corrective actions following data incidents.