It was my pleasure to join Farella exempt organizations partner and host of the EO Radio Show podcast, Cynthia Rowland, for a discussion on privacy laws and how they affect information collection and online activities by nonprofits.

We begin our conversation with some basic background on when a nonprofit needs a privacy policy on its website and how to think about what should be posted on the website, and where.

The current privacy requirements in California do not currently apply to most nonprofit organizations. But there are a number of reasons a nonprofit might want to think about collecting and protecting the data as if it were subject to such privacy requirements.

Specifically, in California, the California Consumer Privacy Act (the CCPA, as amended by the California Privacy Rights Act) is most relevant. The CCPA applies to any “business,” which it defines as a “legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners.” Generally, this would seem to exclude all nonprofits, but there have been arguments trying to include mutual benefit corporations. We have not seen any attempt to enforce the CCPA against a nonprofit of any kind to date. But as discussed in this podcast episode, that doesn’t mean nonprofits should ignore the CCPA. A nonprofit could be subject to the requirements of the CCPA through contract, through receiving personal information from a for-profit related entity, or by entering into a joint venture with a for-profit company.

Moreover, individuals (including donors) have come to expect that they have certain privacy rights. Thus, even if not required to do so, adding in consumer protections granting such rights could be worthwhile.

Listen to the podcast discussion here.