Posted in on April 16, 2025
A “sale” is the exchange of personal data for monetary or other valuable consideration between a controller and a third party. “Valuable consideration” is not limited to money. This could include a nonprofit exchanging donor lists with a separate nonprofit... View Article
Posted in on
Your nonprofit is responsible for all of the personal data that is in your possession. Make sure to conduct information audits. Check in with different departments to understand how data is entering your nonprofit. Sometimes there are disconnects between departments,... View Article
Posted in on
Publicly available data and deidentified data are not “personal data” under the law. In other words, those two categories of data are exempt even though they may contain what could otherwise be personal data. Publicly available data is information that... View Article
Posted in on
Sensitive data is a narrower subset of personal data and has extra legal protections under the privacy law. Sensitive data is any personal data revealing an individual’s racial or ethnic background, national origin, religious beliefs, mental or physical health conditions... View Article
Posted in on October 16, 2024
Your method(s) of authentication should consider a number of factors: which data right a consumer is exercising; the type, sensitivity, value, and volume of personal data involved; the level of possible harm that improper access or use could cause to... View Article
