Helping Ensure You Are Compliant with Data Privacy Laws
As anyone who has been the victim of identity theft knows, our personal data is becoming increasingly important and ever more vulnerable as technology outpaces our antiquated laws, many of which were written in a time before dial-up internet. Personal data is quickly becoming the oil of the 21st century, as companies rush to collect, store, aggregate, and analyze as much of our data as possible in order to better understand and predict our behavior.
For companies and non-profits handling personally identifiable information (or “PII”), there is a rapidly increasing need to understand and become familiar with the dangers and risks of handling and using PII, as well as the options to enhance protection and transparency for your customers and donors. Non-profits are particularly valuable targets for malicious actors who are fully aware of the trove of donor PII typically managed by even small non-profit entities. These bad actors also know that volunteer directors and officers, with limited time and resources, are not likely to prioritize cybersecurity and good data privacy practices.
In particular, non-profits handling health data, children’s data (i.e. PII of minors under the age of 13), students data, and financial data (i.e. credit card and banking information stored on your system and not on the system of your payment gateway, such as PayPal or Stripe) need to pay particular attention to their data handling practices.
California is a trailblazer in terms of its wide-ranging and protective privacy laws, and most of California’s data privacy laws apply to any company or non-profit collecting the PII of California residents regardless of where the company or non-profit is located. California’s Attorney General routinely publishes helpful and accessible guidance on data privacy, some of which can be accessed here.
Finally, with the European Union’s General Data Protection Regulation (“GDPR”) in effect as of May 25, 2018, any company or non-profit that targets individuals located in the EU for data collection will be subject to this restrictive, complex, and onerous body of law.
Schedule a Free 20- Minute Consultation with one of our attorneys. Our Data Privacy Practice Group is ready to assist.