If you’re a U.S. based nonprofit, you need to deepen your understanding of the California Consumer Privacy Act of 2018 (CaCPA). This is the second major shift in data privacy and regulation in 2018, after the GDPR’s rollout earlier this year.

The CaCPA is legislation that could have adverse effects on nonprofit marketers through online marketing, e-commerce and personal information data processing (both online and offline).  Plus, California is now the world’s fifth largest economy, now surpassed only by the total GDP of the United States, China, Japan and Germany. This heightens the likelihood your nonprofit is receiving donations from the state.

Where can you get up to speed on this new legislation?

  • Some of the best legal insight for marketing can be found at Cooley’s blog. This team has a two-part series on CaCPA found here and here.

What do nonprofits need to do now?

First, get educated about CaCPA through the resources above.

Second, nonprofits need to assess current data practices and begin forming a data strategy.  CaCPA compliance must be in place by January 1, 2020. You’ll need time to establish your baseline and implement new processes, if applicable.

Nonprofits need to move swiftly to understand the impact this legislation could have on your processes.  Risk assessments, analysis of your file (and Google Analytics account) for California residents and refinement of your data processes (including your privacy policy) are all practical steps you should take to help form a data strategy.

RKD Group is not providing legal or insurance advice in this article.  We suggest you consult with your attorneys and insurance provider regarding CaCPA very soon if you have not already done so.  Those who are proactive will be looked upon as leaders in data security.

**Note: The above content is informative in nature and is not intended as legal advice. As a company that provides professional fundraising consulting services, we retain counsel to ensure compliance with fundraising laws in each applicable state. Questions related to the California Consumer Privacy Act of 2019 (CaCPA) and GDPR regulations for US based nonprofits should be directed to counsel that is competent to address such matters.