Resources
This is the downloadables page for my white paper on privacy law in the United States and how-to's for tackling donor data privacy challenges. These resources are free to download and don't require giving me your email. They may be shared with colleagues with proper attribution to me. Distribution without permission, commercial copying and lending are prohibited. It goes without saying that these resources do not constitute legal advice and you must seek guidance specific to your organization when making changes to your processes. Any questions, drop me a line.
White paper
GDPR in the United States (PDF 14.6MB) Lower resolution version (PDF 700KB)
If you need to print, skip the section dividers (pages 4, 7, 12, 17, 20, 24, 27) to save ink.
Short version
GDPR in the US - Key Points (PDF 117KB)
A very brief summary of the paper's key points.
Just the case study
Future-proofing data handling at KSU (PDF 1.4MB)
The Kennesaw case study from pages 21-23 of the white paper.
Quick guides
Letting Data Go: Making data minimization your friend (PDF 120KB)
The traffic light data entry system: a simple method for managing information accuracy in your database (PDF 192KB)
Consents in The Raiser’s Edge: Considerations and shortcomings of this feature (PDF 144KB)
Consents in The Raiser’s Edge: Sample setup (PDF 149KB)
Info Source Options in The Raiser’s Edge: Tracking sources of information (PDF 127KB)
Annual Reports and Honor Walls: Can donors be listed securely? (PDF 112KB)
Sharing Donor Names: Can it be done securely? (PDF 113KB)
The Colorado precedent: What you can learn from the CPA even if it doesn't apply to your organization (PDF 166KB)
Raiser's Edge NXT Email: Pros and Cons of this feature (PDF 127KB)
Webinars
Recommended websites and thought leaders to follow
I'm not responsible for the security and content of these links.
Useful articles and places to start in understanding privacy law
I'm not responsible for the security and content of these links.
GDPR in the United States (PDF 14.6MB) Lower resolution version (PDF 700KB)
If you need to print, skip the section dividers (pages 4, 7, 12, 17, 20, 24, 27) to save ink.
Short version
GDPR in the US - Key Points (PDF 117KB)
A very brief summary of the paper's key points.
Just the case study
Future-proofing data handling at KSU (PDF 1.4MB)
The Kennesaw case study from pages 21-23 of the white paper.
Quick guides
Letting Data Go: Making data minimization your friend (PDF 120KB)
The traffic light data entry system: a simple method for managing information accuracy in your database (PDF 192KB)
Consents in The Raiser’s Edge: Considerations and shortcomings of this feature (PDF 144KB)
Consents in The Raiser’s Edge: Sample setup (PDF 149KB)
Info Source Options in The Raiser’s Edge: Tracking sources of information (PDF 127KB)
Annual Reports and Honor Walls: Can donors be listed securely? (PDF 112KB)
Sharing Donor Names: Can it be done securely? (PDF 113KB)
The Colorado precedent: What you can learn from the CPA even if it doesn't apply to your organization (PDF 166KB)
Raiser's Edge NXT Email: Pros and Cons of this feature (PDF 127KB)
Webinars
- Slides from Raiser's Edge Facebook User Group webinar January 20, 2023: Donor data privacy: Why the Colorado DPA sets a precedent and what you can do about it (PDF 366KB)
- Slides from Raiser's Edge Facebook User Group webinar May 25, 2023: Donor data privacy: What's new in privacy law and what you can do about it (PDF 438KB).
- Recording of webinar May 25, 2023: OneDrive (MP4 282MB or ZIP 148MB).
Recommended websites and thought leaders to follow
I'm not responsible for the security and content of these links.
- IAPP State Legislation tracker: iapp.org/resources/article/us-state-privacy-legislation-tracker
- IAPP Federal Legislation tracker: iapp.org/resources/article/us-federal-privacy-legislation-tracker
- Center on Privacy & Technology at Georgetown Law: law.georgetown.edu/privacy-technologycenter
- IData blog - data management concepts and tips: blog.idatainc.com
- IT Governance blog: itgovernanceusa.com/blog/category/data-protection
- National Institute of Standards and Technology blog - cybersecurity and privacy topics: nist.gov/privacy-0
- Kirk Schmidt on LinkedIn - look out for his posts on predictive analytics and privacy in fundraising, an area to watch if you want to engage in advanced analytics using personal data: ca.linkedin.com/in/kirkschmidtcalgary
- Nonprofits are Messy: blog.joangarry.com/nonprofits-are-messy-podcast. Joan Garry’s brilliant podcast covers a wide range of subjects.
- Common data protection mistakes (and how to fix them), ICO. ico.org.uk/for-organisations/sme-web-hub/common-data-protection-mistakes-and-how-to-fix-them/ A useful list from the Information Commissioner's Office in the UK. Although it applies to UK organisations the lessons are transferable. This one in particular is key: "The more personal data you hold, the more storage space and security measures you need to keep it safe – which will cost you time, as well as money...Have a reason to keep information, rather than a reason to get rid of it. If you’re required to keep information for a certain length of time, such as financial, medical or legal records, record your reasons in a retention policy...You should sort through your data on regular basis and destroy personal data securely when you no longer need it."
Useful articles and places to start in understanding privacy law
I'm not responsible for the security and content of these links.
- Grant Fritchey, "GDPR in the USA", Redgate Hub, March 28, 2019: red-gate.com/simple-talk/devops/data-privacy-and-protection/gdpr-in-the-usa
- Ian De Freitas and Henry Sainty, "GDPR: two years in – What’s next?", Farrer & Co LLP, October 7, 2020. farrer.co.uk/news-and-insights/gdpr-two-years-in--whats-next/ An interesting review of remaining issues in the UK two years after GDPR was implemented. Use this to imagine what the future might hold in the aftermath of new state/federal privacy law.
- Joshua Mooney, "A cheat sheet for Colorado’s forthcoming new privacy act", Kennedys Law LLP, June 23, 2021. kennedyslaw.com/thought-leadership/article/a-cheat-sheet-for-colorado-s-forthcoming-new-privacy-act/
- Lydia F. de la Torre, "5 tips for nonprofits/not-for-profits on Colorado’s new privacy law", Golden Data Law, August 27, 2021: goldendatalaw.com/blog/5-tips-for-nonprofits-on-colorados-new-privacy-law. Start with this if you're new to privacy law. It's straightforward and a good primer for other legislation in the pipeline.
- Thorin Klosowski, "The State of Consumer Data Privacy Laws in the US (And Why It Matters)", New York Times, September 6, 2021: nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/amp
- Bryn Weaver, "How Nonprofits Can Prepare for the Colorado Privacy Act", Wiland Blog, December 2, 2021: wiland.com/blog/how-nonprofits-can-prepare-colorado-privacy-act/
- Tyler Thompson, Greenberg Traurig LLP, "Complying with the new Colorado Privacy Act will impact nonprofits", Denver Business Journal, January 27, 2022: bizjournals.com/denver/news/2022/01/27/complying-new-colorado-privacy-act.html
- Cobun Zweifel-Keegan, "A view from DC: Is purpose-built privacy possible?", IAPP, September 23, 2022. iapp.org/news/a/a-view-from-dc-is-purpose-built-privacy-possible/. The problems of data minimisation and consent purpose. Designing privacy-first tools as a solution to navigating future legislation.
- James Sullivan, Hayley Curry and Matt Dhaiti, "Oregon enacts latest comprehensive consumer data privacy law", DLA Piper, July 2023. dlapiper.com/en-us/insights/publications/2023/07/oregon-enacts-latest-comprehensive-consumer-data-privacy-law. Like the Colorado Privacy Act, the Oregon Consumer Privacy Act does NOT exempt nonprofits.
- Meghan K. Farmer, John M. Brigagliano and Zain Haq, "Secondary Uses of Personal Data Should Still be Your Primary Concern: Consent Requirements under U.S. State Privacy Laws", Lexology, August 16, 2023. lexology.com/library/detail.aspx?g=54ab9ef0-3bae-46b1-8f67-8d0dcfa02158. "Secondary use" is using consent for a secondary purpose and is a topic you'll want to keep an eye on. This article has a useful comparison chart of the treatment of secondary use in state laws to date.
- Elliot R. Golding and Allison McSorley Tassel, "State Regulators Step Up Enforcement of New Privacy Laws", National Law Review, September 5, 2023. natlawreview.com/article/state-regulators-step-enforcement-new-privacy-laws. The new laws have teeth: Colorado's AG took action within days of the CPA becoming law.
