Advancing the nonprofit marketing & charitable fundraising community since 1982
Advancing the nonprofit marketing & charitable fundraising community since 1982
Information to help your organization comply with member guidelines
Contact Senny Boone, Esq., ANA Nonprofit Federation, at 202.861.2498
The California Consumer Privacy Act of 2018 passed in less than one week and was signed into law by California Governor Jerry Brown on June 28, 2018. It was passed to avoid a sweeping state privacy rights ballot initiative launched by privacy advocate Alastair MacTaggart (see https://www.caprivacy.org/) that, once passed, could not be amended by the state legislature. The ballot initiative proponents agreed to the new law and withdrew their ballot initiative as a result. The new law takes effect on January 1, 2020, there is a “look-back” provision for data source transparency for the preceding 12-month time frame.
Unfortunately, although the new law has laudable goals to provide Californians with enhanced data privacy, the new law adds new burdens to charitable giving as outlined below:
Data for good is at risk: Charities will lose support for Californians’ local missions
Giving is premised on smart, informed data sources. Data for good is foundational to the operations of a legitimate nonprofit organization. For charities that seek new data (individual or households) to be in touch with donors, supporters and new contacts about vitally important missions will find few legitimate data resources. As data sources shrink due to new California state regulatory barriers, nonprofits will need to seek new ways to be in contact with an ever-reducing (attrition rates for current donors) pool of data resources. This jeopardizes the future growth of charities and charitable giving in California.
Key provisions of the new law
The Act gives “consumers” (natural persons who are California residents) four basic rights to their personal information:
The Act applies to:
For-profit businesses (not nonprofit organizations) that collect and control California residents’ personal information, do business in California, and (a) have annual gross revenues in excess of $25 million; or (b) receive or disclose the personal information of 50,000 or more CA residents, devices (mobile data for example) or households on an annual basis; or (c) derive 50 percent or more of their annual revenues from selling California residents personal information. Nonprofit concern: although nonprofits are not included, their agencies and data providers are now subject to restrictions on data that impacts an organization’s ability to raise funds and to deliver on their important missions for Californians. For example, a local homeless shelter that seeks new data sources to obtain new donors to add to its list of potential supporters may no longer have access to the list, leading to less donors and less funds available to help support the homeless.
The type of consumer information/data protected is “personal information.”
Personal information is defined very broadly — “information that identifies, relates to, describes, is capable or being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The Act gives examples such as purchasing data, records of personal property, audio, electronic, visual, thermal, olfactory, or similar information.” Nonprofit concern: As worded, the definition of covered data subjected to new restrictions is incredibly broad since it could be used to describe any information that can link or identify an individual or the household. This definition defines privacy for households in addition to individuals and will impact local Californians since less data will be available for important missions and causes.
There are some very narrow exceptions to this sweeping definition—such as de-identified data (as defined in the Act) or aggregate consumer information (which is also defined in the Act.) Companies under the Act will need to ensure their compliance efforts are broad to include all potential data as a result leading to less data available for charities for missions and fundraising.
Company notice and choice
Most nonprofit organizations look to outside data sources now restricted by the CCPA that can supplement and enhance their existing records in order to update their data or to do new acquisition campaigns for new support or other mission-related involvement. There are many legitimate providers of properly sourced and protected data, but these providers must now take restrictive steps that will curtail data available for use. This stops new data insight and subsequent outreach about important causes.
So, for example, data collected by a company from an individual after an inquiry about cancer may not be used or shared to help the individual learn about helpful resources offered by a cancer organization or ways the data subject can help to raise money to find a cancer cure. Or, data provided about a household with pets may not be provided to organizations to seek support for the humane treatment of animals. Although nonprofit organizations are exempt, they are impacted due to their ongoing need for data to help Californians.
Companies that sell data to third parties need to disclose that practice and must give consumers the ability to opt-out of the sale by supplying a link titled “Do Not Sell My Personal Information” on the business’s home page. This will lead to less data available for charities serving California.
Company transparency about PI held
Consumers have a right to request certain information from businesses, including the source of the information, the type of information it collected about the consumer, and all the third parties with which it shared the data. The consumer should be able to access this full set of information via a toll-free number or a Website. (A no cost resource.) This information must be provided to the consumer within 45 days of the consumer’s request. For nonprofit organizations, this may mean more requests by donors to learn the source and why their name was shared by the nonprofit with others.
The Act is enforced by the California Attorney General, subject to a 30-day cure period. The civil penalty for intentional violations of the Act is up to $7,500 per violation.
For data breach of more sensitive information (sensitive information is more narrowly defined than personal information above) there is a new private right of action that can be brought by a consumer to seek financial damages and this can be between $100 and $750 per CA resident per incident. For companies often the target of hacks, this can be prohibitively expensive due to new consumer lawsuits if they experience a data breach with thousands of customers impacted.
The California law is going into effect on January 1, 2020. Companies subject to the Act or working now to come into compliance, particularly those data source companies that buy, share, sell all types of “personal information” under the Act. This includes a full review of the past 12 months of personal information data sold or disclosed (i.e., a look back of data provided, shared, disclosed…) This is overly broad since there are general data points that cannot be clearly extracted such as a public record resource combined with aggregated data. This provision is duplicative, costly and unnecessary since the company must already provide data sources to the consumer upon request.
The Attorney General Xavier Becerra is holding hearings across California to get input before issuing regulations that will implement the CA law, ANA has provided testimony at these hearings.
New legislation to offer consumers a private right of action to sue data providers is supported by the Attorney General in California. CA SB 561 by State Senator Hannah-Beth Jackson would add new provisions to the CCPA to allow for more lawsuits.
A national federal data privacy standard is needed to ensure there is a uniform standard v. multiple state laws that would be costly and difficult to follow due to the variances in language, leading to less data overall for important nonprofit missions.
The General Data Protection Regulation (GDPR) is in effect for organizations active in the EU as of May 25, 2018 and replaces the European Data Protection Directive in all EU member states. The GDPR does not exempt nonprofit organizations, which collect a great deal of personal information and must comply with the GDPR. The fines are very steep: 4% of annual turnover or 20 million euros, whichever higher. Please note that this update does not replace legal advice — please review the GDPR and its impact with your own legal counsel. If you have questions or require assistance, contact ANA NF’s Senny Boone. The key points in this document were developed in conjunction with the Email Experience Council.
With the passage of the Comprehensive Tax Reform bill, we fear less individual contributions to charity. The charitable deduction remains, but not for everyone. Since the standard deduction is doubled for individuals ($12,000) and for married couples ($24,000), it translates to fewer itemizers and as such those who may claim the charitable deduction. According to Congress’ Joint Committee on Taxation, charitable giving may decline by as much as $15 billion per year. The ANA NF and many other organizations sought an amendment for a universal charitable tax deduction — even for itemizers. We are grateful to the organizations who sent letters in support of the amendment. Oklahoma Senator James Lankford’s universal charitable deduction amendment did not make it into the final version of the bill due to its high cost of over $220 billion. It remains to be seen when and if another legislative vehicle will be offered so that a change can be made. For now, charities must track impact on year-over-year giving. The number of individuals who itemize will be impacted by the changes to the SALT deductions at the local level and the mortgage interest deduction cap. The Unrelated Business Income Tax on royalty income for the use of an organization’s name and logo was removed from the final version of the bill. The final version of the bill also preserves historic tax credits. ANA NF continues its work to secure a universal charitable tax deduction.
If you have questions or comments, please contact Senny Boone.
This tool provides snapshot transparency of relevant metrics to donors who otherwise look to third party reporting sites. While most of the information on the Nonprofit Dashboard is already available on an organization’s website within annual reports, etc., many donors and other constituents prefer quick views over poring through multi-page online publications. ANA NF nonprofit members are strongly encouraged to take the industry lead in adopting the Nonprofit Dashboard into its annual public reporting.
As part of this initiative, ANA NF evaluated opportunities to include qualitative — as well as quantitative — reporting within the Dashboard to share, in a very public-friendly way, organizational priorities, progress against short- and long- term goals, and obstacles to success. Charting Impact, an initiative led by the BBB Wise Giving Alliance, GuideStar USA, and Independent Sector, does exactly this. Many organizations are already using Charting Impact as part of GuideStar Exchange. ANA NF therefore is coordinating with GuideStar to promote Charting Impact and to explore future opportunities for shared efforts in this area.
Email Alicia Osgood if your organization is participating:
Thank you for your leadership in adopting the Nonprofit Dashboard reporting tool as part of your organization’s due diligence in providing complete, relevant, and easy to use information to the public. Your feedback is very important. We welcome suggestions to ensure the Nonprofit Dashboard a useful tool for your organization and your supporters.
Questions? Email Alicia Osgood.
We ask that all members abide by consumer choices for their marketing offers, regardless of the marketing channels used. The ANA/DMA provides several suppression file services for subscribing companies and organizations as they prepare marketing and fundraising campaigns to ensure they are not contacting individuals who have opted out of future mailings or to prevent contacting deceased individuals. This process will save you postage since you will no longer mail to individuals who have opted out from all marketing mail and you may focus resources on other potential donors.
See more information about the ANA/DMA Consumer Choice Suppression Services here:
Ethics & Nonprofit Organizations
The Nonprofit Federation intends and believes that its guidelines for ethical behavior are the most comprehensive in the direct marketing and charitable communities. As an operating division of the ANA, the Nonprofit Federation asks its members to adhere to the same ethical guidelines as other members, as delineated in the Guidelines for Ethical Business Practice and The Donor Bill of Rights, as adopted by the Nonprofit Federation and other major organizations representing the nonprofit sector.
Ethics Committee members and staff monitor the business practices of the membership and others in the nonprofit community. The NF will take appropriate action in cases of potential ethical violations. To report a potential ethics violation, please contact us at email@example.com or write to us at:
ANA Nonprofit Federation
Attention: Ethics Report
225 Reinekers Lane
Alexandria, VA 22314
Complaints to the Committee on Ethical Business Practice are handled confidentially. If possible, complaints are resolved by modifying the offending documents or procedures, which the Committee reviews before closing the case. If a known violation continues, the Committee will publicize its findings, including the name of the violator and the facts of the case. Where a law may have been violated, it forwards the case to the appropriate law enforcement agency, and publicizes the referral.
CHARITABLE DEDUCTION: We continue to monitor all tax reform proposals and will keep you apprised as developments occur.
Questions or comments? Contact Xenia “Senny” Boone, Esquire.
Executive summaries of NF-commissioned studies take the bite out of Watchdogs.