A privacy policy is a document that describes how your non-profit deals with personal information. Dealing with personal information includes its collection, use, disclosure, and retention (storage).

A request for information is when someone asks for access to your non-profit’s records.

Access means an employee or volunteer can view, copy, or share personal information. For example, storing employee personnel files on a computer that others can use is giving access.

Purpose means the reason(s) for disclosing personal information. Non-profits may only disclose personal information (with consent) for those reasons.

A privacy policy sets out how and when a non-profit may collect, use, disclose, and retain (store) personal information.

Formally ordered means some type of legal process requiring your non-profit to provide personal information as directed. Examples include subpoenas, warrants, and court/tribunal orders.

Consent is permission. It means a person voluntarily agreed to the collection of their unique information. Consent can be express or implied.

Disclose means to make personal information available to a third person or other organization. For example, sharing an email list of names and phone numbers is a disclosure of the personal information of everyone on the list.

Reasons related to employment include establishing, managing, and ending employment. Examples include collecting information about previous employment and maintaining personnel files, including records of disciplinary action.