Disclaimer: While I worked *with* lawyers for over six years, none of their certifications rubbed off on me and I’m not a lawyer. Consult your legal counsel for final decisions about how your nonprofit should comply with these laws and regulations.
I turned 35 last week.
For me, being older means…
- I eat a lot kale,
- I buy shoes with good arch support and
- I pay close attention to the law.
You’re getting older and wiser every day too. Use that wisdom (and this article) to keep your website out of legal trouble!
COPYRIGHT
Goal: Protect your organization’s original works and respect the original works of others
Laws that may apply to your organization
Tips
- On your website, only post images, audio, video and written content that you own or have explicit written permission to use
- Even if your web designer or developer put the image on your site, your organization is liable for its use and must have a license to use it
- Don’t use images you find online (ex: Google images) on your website – unless you have explicit written permission to do so
- Don’t copy and paste entire articles from news sources – unless you have explicit permission to do so
- If you need images for your website, purchase affordable stock photos or use free Creative Commons photos. (Remember to save the receipts from any photos you purchase!)
- If you want to share an article, quote a small excerpt from it on your site and link to the full version on the publisher’s website
- Post a copyright notice on your site which includes the year and your organization’s full legal name
- For any important content for which you want an additional layer of copyright protection, register it with the copyright office
SECURITY
Goal: Handle your supporters’ information securely by transmitting sensitive data via encrypted connections
Laws that may apply to your organization
- PCI Security Standards (for payment processing)
- HIPAA (for patients’ health information)
- COPPA (for children under the age of 13)
Tips
- Use an SSL connection for any online form where you collect personal information such as address, social security number or payment method
- Use a third-party vendor to host and secure your online donation form
- Limit which staff members have access to information submitted via forms on your website and dispose of information once you no longer need it
- Don’t save spreadsheets or PDFs of personal information on your publicly available website (ex: List of board members and their home addresses)
PRIVACY
Goal: Protect supporters’ personal information and make it simple for them to manage their relationship with your organization
Laws that may apply to your organization
- HIPAA (for patients’ health information)
- COPPA (for children under the age of 13)
- CAN SPAM (for email marketing in the United States)
- Canadian Anti-Spam Law or CASL (for email marketing in Canada)
Tips
- Post a privacy policy where you tell people how you will use their information, who will have access to it, how it will be secured and who to contact if they have any questions
- Post a privacy policy where you tell people how they can unsubscribe from your email marketing messages
- Embed an email signup form right on your website so you have a verifiable opt-in. Or, if you enter email addresses into your email marketing tool manually, have the tool send new subscribers a message requesting them to opt-in as a subscriber to your list.
DISCLOSURE
Goal: Reassure supporters’ that your organization is trustworthy
Laws that may apply to your organization
Tips
- Post your organization’s Form 990s on a publicly accessible web page
- Post your organization’s annual report on a publicly accessible web page
- Post your organization’s mailing address, phone number, staff leaders and board of directors on a publicly accessible web page
- If your site accepts comments, post an “acceptable use” policy where you explain which comments, if any, will be deleted
