“When is the last time everyone in your firm or organization read your Privacy Policy, start to finish? Compliance starts with familiarity.” The Nonprofit Alliance (TNPA)
I remember when the Do Not Call Registry list went into effect. It was nearly 20 years ago (1991 to be exact; but no need to try and guess my age!). I was managing call centers then and listened to donors yelling at our callers asking “why were they called” since they had already enrolled in the “National Do Not Call” list. Callers were tightly scripted to politely respond that “non-profits were exempt.” Which, of course, they were (and still are). But that didn’t stop donors from being enraged, and it didn’t stop nonprofits from marking those donor records as “do not call.”
Fast-forward twenty years and we’re faced with similar issues. As countries and, now, states enact their own privacy laws, nonprofits are left to grapple with their legal – and I would argue, moral – responsibility.
I hope that you know about the California Consumer Privacy Act (CCPA). It went into effect earlier this year and enforcement is expected to begin in June.
Like the Do Not Call Registry, nonprofits are exempt. But our donors and supporters don’t know the legalese about who is excluded and who isn’t. They just want to have their privacy protected. In short, nonprofits need to understand CCPA and create a plan for adhering to as much of the law as possible.
Even if your organization plans on “business as usual” under the CCPA, as fundraisers and marketers, we must be aware of how the law will impact the industries and companies we do business with – especially when it comes to donor acquisition, modeling, and data appends. In just a few months, you may see some of your commercial lists pulled from the market and other services simply not available anymore.
But perhaps the largest impact on nonprofits will be the penumbra effect that this law has on other state legislation. The country is looking to California to see CCPA’s impact. CCPA could just be the dress rehearsal for dozens of states’ privacy legislation.
Simply not worrying about CCPA – or any other new privacy legislation – simply does not work. Instead of waiting for one – or hundreds – of angry complaints to come in, why not take some proactive steps now?
1. Does your organization have an option to mark a donor “do not share my name?”
2. Can you tell a donor if his/her/their name was shared and to whom?
3. Did you remember to contact your third-party data handlers and ask them to remove that donor’s name?
4. Do you have a process for removing the name from all of your different platforms (CRM, eCRM, ESP, etc.)?
5. Do you have a process to make sure that any cookies are removed and those donors are removed from any remarketing lists?
It’s time we learned from our experiences with the Do Not Call Registry. Don’t wait for the donor to tell you to respect their privacy. Be proactive for all your donors and supporters and honor their requests.
Want to know more? Check out The Nonprofit Alliance at tnpa.org. And be sure to review the Perlman & Perlman and TNPA checklist to learn what you need to do to stay compliant – across all states. You can view the checklist here: https://tnpa.org/wp-content/uploads/Privacy-and-Cyber-Security-Checklist-PP-and-TNPA.pdf