Isaac, thanks for the heads up on NY SHIELD. The patchwork of laws is starting to get crazy, and with no expectations for action at the Federal level we're unlikely to see relief any time soon.
The
Cybersecurity Essentials for Philanthropy paper recently published by NTEN, TAG & Tech Impact is a call to action for funders, but this issue is not on the radar of most funders, at least from a grant-making perspective. And
nonprofits need resources to tackle these issues. My guess is that many nonprofits don't or can't, and the potential exposure across the field is a bit scary.
Much has been written about GDPR, CCPA & SHIELD, but I haven't found concise and comprehensive "decision tree" resources that help nonprofits with small IT/compliance staffs understand what they have to do. Lots of info on what we
might have to do, but the legal nature of these issues makes the info hard to parse sometimes.
Thanks again,
Steve
------------------------------
Steve Fleckenstein
futurefactory.org
Arlington, VA
pronouns: he/his
I help people at social-sector organizations communicate, collaborate, and manage information.
------------------------------
Original Message:
Sent: Dec 03, 2019 11:32
From: Isaac Shalev
Subject: California Consumer Privacy Act (CCPA)
CCPA doesn't typically apply to nonprofits, but the NY SHIELD Act does, and its compliance regulations go into effect in just a couple of months. I'm working with clients to help get them ready. Most of the folks in the data privacy and security community are projecting that we will see more regulations in more states that are similar to GDPR, CCPA and SHIELD. Our advice is for organizations to get ahead of the compliance curve. There are organizational policy and culture change issues that take time to address, and it appears there is no avoiding this future. Nor should we avoid it! Privacy is something we should be at the forefront of protecting in the nonprofit industry.
------------------------------
Isaac Shalev
http://www.sage70.com
Stamford CT
@Sage70
isaac@sage70.com
Original Message:
Sent: Dec 03, 2019 09:49
From: Redante Asuncion-Reed
Subject: California Consumer Privacy Act (CCPA)
Many thanks for the info Steve! I appreciate it! This is a big load off of my mind
------------------------------
Redante Asuncion-Reed
Washington DC
Original Message:
Sent: Dec 03, 2019 06:29
From: Steve Fleckenstein
Subject: California Consumer Privacy Act (CCPA)
Redante, I had this same question about a week ago and so did a little research.
CCPA generally does not apply to nonprofits.
It can under certain circumstances (e.g. see this article).
Steve
------------------------------
Steve Fleckenstein
futurefactory.org
Arlington, VA
pronouns: he/his
I help people at social-sector organizations communicate, collaborate, and manage information.
Original Message:
Sent: Dec 02, 2019 09:57
From: Redante Asuncion-Reed
Subject: California Consumer Privacy Act (CCPA)
Hello all
Wondering if folks are implementing any changes to their digital operations to accommodate the California Consumer Privacy Act (CCPA)?
We use Google Analytics, Google Tag Manager, Google Adwords, Wordpress, and Mailchimp.
This link from Google (https://privacy.google.com/businesses/rdp/) says their products are already compliant.
Wondering if folks who use Wordpress, Mailchimp are doing anything?
Thanks
------------------------------
Redante Asuncion-Reed
Washington DC
------------------------------