Quality Mark
Last Reviewed: May 2023
Reviewed by: LFNP Contributors
Time to Read: 8 minutes

This Fact Sheet provides details about the important factors for a non-profit to consider in drafting its privacy policy.

Privacy laws protect individuals’ personal information. To comply with privacy law, non-profits that collect personal information such as names, addresses, and birth dates, must take steps to protect this information. 

A best practice for legal compliance is for non-profits to have a privacy policy. A good privacy policy covers how a non-profit will collect, use, disclose, and retain (keep) personal information.

Collect Use Retain Retain

Collect means to gather information.

Personal details are gathered in a variety of ways:

  • Phone
  • Fax
  • Mail
  • Social media
  • Online
  • In person

*Clearly identify possible methods of collection in a privacy policy.

Personal information may only be collected and used for the reason(s) it was collected.

If collecting details for a membership contact list, do not use those details for marketing purposes.

 

 

*Describe the purpose for collecting and using personal information in a privacy policy.

Disclose means to make personal details available to another person or organization.

 

Non-profits must not disclose personal details for purposes other than it was collected without consent.

 

*List the circumstances where personal information may be disclosed in a privacy policy.

Retain means to keep/store.

 

 

 

 

 

 

 

 

 

*Include rules in a privacy policy for how personal details are kept and for how long.

A privacy policy should clearly state that it applies to all the non-profits’ directors/board members, workers (employees and contractors), volunteers, and the people it serves.

Non-profits should provide training on its privacy policy to its staff, directors/board members, and other volunteers. Training means teaching people about the rules. From a privacy perspective, training means ensuring people are aware and understand their obligations under the policy.