Legal and Compliance

Data Privacy and Protection Laws: Wading into the Alphabet Soup

By | Legal and Compliance, Nonprofit News

By Corinne Gartner and Kaitlyn Saberin

If you follow the news at all, you’ll be aware that data privacy and protection are hot topics. The daily headlines might catch your eye on a personal level, and have you wondering how the businesses that you interact with as a consumer are handling your personal information. Should data privacy and protection issues also concern you in your capacity as an executive or volunteer leader of a nonprofit organization operating in California, though? Not surprisingly, the answer is yes.

While California’s newest and most high profile privacy law, the California Consumer Privacy Act (CCPA) – which became effective on January 1, 2020 – generally only applies to for-profit entities1, there are a host of other laws and regulations that don’t exclude nonprofits from their scope, and that could potentially apply to your organization. For example:

  • Europe’s General Data Protection Regulation (GDPR): There is a misconception in the US that the GDPR, which became effective on May 25, 2018, only applies to companies located in the European Union (EU). In fact, this far-reaching regulation potentially applies to any organization (including US-based nonprofit organizations) that offers goods and/or provides services to EU-based individuals, or that monitors the behavior of EU-based individuals (including through the use of some types of “cookies,” web analytics, and tracking technologies). Merely having a website that is accessible by users within the EU does not necessarily subject a US-based organization to GDPR compliance obligations, but if, through its website, the US-based organization intends to draw in customers from the EU, the GDPR might be triggered.
  • Children’s Online Privacy Protection Act (COPPA): This US law applies to operators of commercial websites and other online services, including mobile apps, that collect personal information from their users if the website/service is directed at children under 13, or if the operator has actual knowledge that they are collecting personal information from children under 13. A website, app, or service operator that is subject to COPPA must, among other things, post a privacy policy that describes its practices for collecting, using, and disclosing personal information (as defined in the COPPA Rule) from children. Although nonprofits are generally considered to not be subject to COPPA (unless they are providing commercial services) it is recommended that, as a best practice, nonprofit organizations provide the privacy policy notices and COPPA protections to child visitors of their websites because of the potential liability that could result from handling/mishandling minors’ data.
  • California Online Privacy Protection Act (CalOPPA): This California law requires operators of online services and mobile applications that collect personally identifiable information of California residents online to conspicuously post a privacy policy on their website/online service and to follow the policy. The privacy policy must include certain disclosures and consumer rights set forth under California law.
  • Privacy Rights for California Minors in the Digital World: This California law, which applies to operators of internet web sites, online services, online applications, or mobile applications directed to minors (i.e., California residents under 18), gives minors the right to request that the information they posted on the website/service/app as a minor be taken down, and also provides some restrictions on advertising/marketing to these minors.
  • Health Information Privacy Laws: The federal Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations (collectively, HIPAA) provide protections for health information held by “covered entities” and “business associates” (as such terms are defined under HIPAA), and give patients an array of rights with respect to that information. At the state level, the California Confidentiality of Medical Information Act adds to the federal protections provided by HIPAA and imposes additional obligations on certain health care providers and other persons/entities that interact with patient medical information.

With an upward trend in state-specific laws governing data privacy and protection, and with state and federal enforcement action in this area on the rise, all California nonprofits are encouraged to wade into the “alphabet soup” of data privacy and protection laws and regulations, so they know which ones apply, and how to comply.

1 Nonprofits may be subject to certain obligations under the CCPA if they have for-profit affiliates who are covered by the CCPA.


The authors, attorneys at Delfino Madden O’Malley Coyle & Koewler (located at 500 Capitol Mall, Suite 1550, Sacramento), practice in the firm’s nonprofit and tax-exempt organization practice group, and serve as both general and special counsel to a wide variety of nonprofit and tax-exempt organizations on issues ranging from entity formation and obtaining tax-exempt status, to corporate governance and operations/compliance matters (including privacy issues), to restructuring, mergers, and other complex business transactions. They will give a presentation on data privacy and protection issues for nonprofits at the 2020 What IF Conference.

Is corporate sponsorship income taxable or a charitable contribution?

By | Legal and Compliance

The IRS will look at the payment made to a nonprofit by a corporate sponsor and decide whether the payment is a tax-free gift (charitable contribution) or a taxable advertising payment. The IRS focuses on whether the corporate sponsor has any expectation that it will receive a “substantial return benefit” for its payment. If so, the payment will result in taxable income for the nonprofit that is reported on IRS Form 990-T. (See rules described in Internal Revenue Code, Section 513(i).)

View more details from the National Council of Nonprofits.


Posted 8/1/2018

Governance Policies and Procedures Samples

By | Capacity Building, Legal and Compliance

Developed by group of California based lawyers, the Form 990 Policy Series offers sample policies on a variety of topics including compensation, conflict of interest, investment and more. They include a discussion of why various provisions might be used by a particular type or size of organization.  Topics include compensation, conflict of interest, investment and more.

Conflict of Interest
Conservation Easements
Document Retention and Destruction
Form 990 Review
Independent Governing Body
Mission Statement
Public Disclosure

The Form 990 Policy Series Group intends to develop additional Memoranda dealing with Gift Acceptance; Joint Ventures; Endowments; Consistent Operation of Chapters/Affiliates/Branches; and Financial Statements/Audit Policy.  It is intended that, in addition to being made available on the web, the Form 990 Policy Series will be published as a book.  For more information visit the Public Counsel Law Center website.

Dissolving a Nonprofit Organization

By | Capacity Building, Legal and Compliance

Most tax-exempt organizations that end their operations, either through shutting down, transferring their assets or merging with another tax-exempt organization, must inform the IRS about the details of the action. In California, organizations must also inform the Attorney General’s Office and the Secretary of State.

Attorney General’s Office
General Guide for Dissolving a CA Nonprofit Corporation

Secretary of State
Domestic Nonprofit Corporation Dissolution Filing Requirements

Termination of an exempt organization

Dissolution of a California Nonprofit Organization   from Public Counsel  This guide is designed to assist directors and executive management staff of California Nonprofit Public Benefit Corporations, as well as attorneys who are assisting such corporations on a pro bono basis, understand the process of voluntary dissolution. The guide focuses on the procedures and requirements specified in the California Nonprofit Corporation Law.

Here are some tips from the Board Cafe on The Right Way to Go Out of Business


By | Capacity Building, Legal and Compliance

The IRS recently launched a new look and improved navigation for its educational website for exempt organizations, StayExempt. The redesigned home page greets visitors with three easy gateways to the information they’re looking for.

A “New Organizations” tab leads to information on how to apply for tax exemption as well as a shortcut to the valuable “Life Cycle of an Exempt Organization” page. Organizations that wish to apply for tax-exempt status also will find links to information about Form 1023, Application for Recognition of Exemption.

An “Existing Organizations” tab is the door to such topics as “Maintaining Your Tax-Exempt Status,” “Unrelated Business Income,” “Employment Issues,” “Form 990″ and “Required Disclosures.”

For a greater level of detail, click on the In-Depth Topics tab. Here, users will find presentations on how to navigate various IRS resources, information on political campaigns and charities, deductible contributions, preparing the Form 990 and Form 990-EZ, and various courses on disaster relief efforts.

Stay tuned to throughout the year for additional courses and interactive workshops. This website was designed for all tax-exempt organizations, so user suggestions and comments are encouraged. Use the survey/evaluation links at the end of each course to tell the IRS what you’d like to see.

California Attorney Generals Office

By | Capacity Building, Legal and Compliance

The Attorney General regulates charities and the professional fundraisers who solicit on their behalf.The purpose of this oversight is to protect charitable assets for their intended use and ensure that the charitable donations contributed by Californians are not misapplied and squandered through fraud or other means. The main elements of the Attorney General´s regulatory program are:

  • The Registry of Charitable Trusts administers the statutory registration program. All charitable trustees and fundraising professionals are required to register and file annual financial disclosure reports with the Registry. In addition, nonprofit organizations that conduct raffles for charitable purposes are required to register and file a financial report for each raffle held.
  • To help charities stay within the law, the Attorney General makes available various guides and publications, including the Attorney General´s Guide for Charities.  Additional guidance for charities is available on our Resources page.
  • The Attorney General also offers guidance to help Californians make important personal decisions on charitable giving. These resources include the Guide to Charitable Giving for Donors and searchable databases to learn about specific charities and charitable fundraising professionals in the state. Among the databases are Registry Search, for registrants generally, and CFR Search, which provides information and documents regarding commercial fundraisers for charitable purposes. For help using and interpreting the results from the Registry Search, please review Registry Search Feature – Tips for use and definition of the codes.

State Charitable Solicitation Statutes

By | Capacity Building, Legal and Compliance

Thirty-nine states and the District of Columbia have charitable solicitation statutes that generally require nonprofits soliciting contributions and, in most cases, their for-profit fundraising professionals to register prior to soliciting contributions or providing fundraising counsel services. It is critical for nonprofits and their fundraising professionals to know about, and be in compliance with, these statutes to avoid significant fines and penalties.

The Unified Registration Statement (URS) represents an effort to consolidate the information and data requirements of all states that require registration of nonprofit organizations performing charitable solicitations within their jurisdictions. The effort is organized by the National Association of State Charities Officials and the National Association of Attorneys General, and is one part of the Standardized Reporting Project, whose aim is to standardize, simplify, and economize compliance under the states’ solicitation laws.

National Council of Nonprofits has compiled this guide to Charitable Solicitation Registration.