What is Personally Identifiable Information?
Do nonprofits need to update their Privacy Policies?
The purpose of privacy laws is to protect the privacy of consumers, not organizations. This means that privacy laws have a very broad reach and can apply outside of the state or country in which those privacy laws are passed. While many privacy laws apply to for-profit businesses, nonprofit organizations may be subject to the following privacy laws:
- General Data Protection Regulation (GDPR) – this privacy law protects the privacy of residents of the European Union and applies to you if you:
- Are located in the European Union;
- Offer goods or services to European Union residents, regardless of your location (and also regardless of whether payment is received for such goods or services); or
- Monitor the behavior of European Union residents, regardless of your location (if your website uses analytics, you may be monitoring the behavior of EU residents as they use your website).
- United Kingdom’s Data Protection Act 2018 (UK DPA): this privacy law protects the privacy of residents of the United Kingdom and applies to you if you:
- Are located in the United Kingdom;
- Offer goods or services to United Kingdom residents, regardless of your location (and regardless of whether payment is received for such goods or services); or
- Monitor the behavior of United Kingdom residents, regardless of your location (if your website uses analytics, you may be monitoring the behavior of UK residents as they use your website);
- Australia Privacy Act 1988: your organization will need to comply with this law if you have a connection to Australia and have an annual turnover of more than AUD $3,000,000, provide a health service to a person, or if you sell or purchase PII.
Website user expectations
Disclaimer: the information provided in this article is for informational purposes only and do not constitute legal advice. Please consult with your attorney for help with your specific legal needs.
Donata Stroink-Skillrud Esq., CIPP
Chair of the ePrivacy Committee of the American Bar Association.
Donata is a licensed attorney and Certified Information Privacy Professional, as well as the Chair of the Chicago Bar Association’s Privacy and Cybersecurity Committee.
Lastly, Donata is a member of the American Bar Association’s Science and Technology Council and a member of the ABA’s Cybersecurity Legal Task Force.
Interests outside of work: beekeeping, morel hunting, gardening and reading books about mountain climbing and submarines.