If you’re a U.S. based nonprofit, you need to deepen your understanding of the California Consumer Privacy Act of 2018 (CCPA). This was the second major shift in data privacy and regulation in 2018, after the GDPR’s rollout earlier that year.
The CCPA is legislation that could have adverse effects on nonprofit marketers through online marketing, e-commerce and personal information data processing (both online and offline). Plus, California is now the world’s fifth largest economy, now surpassed only by the total GDP of the United States, China, Japan and Germany. This heightens the likelihood your nonprofit is receiving donations from the state.
Where can you get up to speed on this legislation?
- Some of the best legal insight for marketing can be found at Cooley’s blog. This team has a two-part series on CCPA found here and here.
- The ANA Nonprofit Federation has a running blog covering the legislation. Read it to learn about ways to take action.
- The IAPP has compiled analysis and tips that could impact your business processes.
- The law continues to evolve. Learn about the six amendments that California Gov. Gavin Newsom approved on Oct. 11.
- California's attorney general has released draft regulations for CCPA (and revised them) to explain how the law will be enforced.
- The first lawsuit connected to the CCPA offers steps for preparing for future lawsuits.
What do nonprofits need to do now?
First, get educated about CCPA through the resources above.
Second, nonprofits need to assess current data practices and begin forming a data strategy. CCPA compliance must be in place by January 1, 2020. You’ll need time to establish your baseline and implement new processes, if applicable.
Nonprofits need to move swiftly to understand the impact this legislation could have on your processes. Risk assessments, analysis of your file (and Google Analytics account) for California residents and refinement of your data processes (including your privacy policy) are all practical steps you should take to help form a data strategy.
RKD Group is not providing legal or insurance advice in this article. We suggest you consult with your attorneys and insurance provider regarding CCPA soon if you have not already done so. Those who are proactive will be looked upon as leaders in data security.
**Note: The above content is informative in nature and is not intended as legal advice. As a company that provides professional fundraising consulting services, we retain counsel to ensure compliance with fundraising laws in each applicable state. Questions related to the California Consumer Privacy Act of 2019 (CCPA) and GDPR regulations for US based nonprofits should be directed to counsel that is competent to address such matters.
Leave a comment: