#ffffff
Does your non-profit keep personal information beyond what is required by law?
Different types of personal information must be kept for different amounts of time. For example, financial records must be kept for 7 years and official society records for 10 years.
Does your non-profit collect personal information to use only for valid reasons?
Valid reasons are related to the operation of your non-profit. These reasons include: communicating with members, sending newsletters and invitations, service phone calls and emails, audit purposes, soliciting donations, and issuing tax receipts.
Invalid reasons are those that are not related to the operation of your non-profit. These reasons might include using the information for personal gain such as selling products to members.
Your non-profit should not collect information to use for invalid reasons.
Does your non-profit’s collection of personal information help fulfill its mission or purpose?
A non-profit’s purpose or mission is the reason it exists. This purpose or mission can be found in the non-profit’s constitution.
Do staff, directors/board members, and other volunteers receive training on your non-profit’s privacy policy?
Training means teaching people about the rules. From a privacy perspective, training means ensuring people are aware and understand their obligations under the policy.
Does your non-profit’s privacy policy explain when personal information might be disclosed?
Disclosed means making personal information available to another person or organization. Non-profits may only disclose personal information for the purpose it was collected or for a purpose reasonably related to the primary purpose. Non-profits must always consider the purpose prior to disclosing personal information.
Does your non-profit’s privacy policy explain the purpose of collecting personal information?
Purpose means the reason(s) for collecting personal information and how it might be used. Non-profits may only use personal information for the reasons they collected it.