Charity & Volunteer Organizations. Privacy Considerations. Introduction.
PowerPoint Slideshow about ' Charity & Volunteer Organizations' - gerodi
An Image/Link below is provided (as is) to download presentation
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Charitable organizations typically collect, use and store personal information that relates to their members, donors, employees, business associates, and the constituents whom they serve. This information is used to conduct core organizational needs such as verifying eligibility for membership, processing donations, conducting event registration, distributing information about programs/initiatives, providing proof of participation in activities, etc.
Extensive, and in some cases sensitive, personal information processed by charitable organizations against the backdrop of the requirements imposed by privacy laws can present privacy risk and require organizations to develop controls to mitigate potential exposure.
Although some privacy laws do not apply to (or include exceptions for) non-profit organizations, organizations should still be concerned about protecting their reputation and the personal information of their members, supporters and constituents.
How do I recognize and handle requests for personal information?
When someone asks for personal information about volunteers or program participants, what are our protocols to confirm that the person we are speaking is who they say they are? In other words, how do we authenticate the requester of the information.
To whom should I refer complaints about protection of personal information?
Who is the primary contact for information handling practices within the organization?
Does your organization accept donations via credit card?
If so, you may be responsible for compliance with the Payment Card Industry Data Security Standard.
PCI DSS 2.0 is the payment card industry global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data.
Does your organization acquire mailing lists for fundraising solicitations? If yes, from what sources? Are the lists rented or exchanged, or both? Does the source of the list purge the people who don\'t want their names released before giving you the list?
The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. CAN-SPAM applies to non-profit organizations that send e-mails whose primary purposes are to advertise or promote commercial products or services, even where the non-profit organization\'s activities are not overtly "commercial" in nature.
Does your organization conduct telephone or text message campaigns?
There are laws that establish rules for telemarketing also. These laws also cover some text activities. In many circumstances, non-profits are exempt from these rules. However, even if your organization is not subject to these rules, they are best practices for telemarketing for any organization.
Social media is an important way to keep members, donors, and other stakeholders aware of the charity and current events. However, it is important to maintain control of the organization’s social reputation and the messaging.
Prior to posting information about people who interact with your charity get permission from them first by either posting a sign or asking individuals to sign a waiver.
Keep informed about social media trends and make changes to your organization’s social media strategy as necessary.
Comply with terms and policies of the social media sites you use.
If you run a website designed for children or have a website geared to a general audience but collect information from someone you know is under 13, you must comply with COPPA’s requirements.
The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their children. The COPPA puts protections and procedures in place that companies covered by the rule need to follow.