Issues to be aware of:
CAN-SPAM
COPPA
PCI Data Security Standards
Other Regulations and Best Practices
Here’s a link to a legal brief concerning CAN-SPAM.
Our summary - Go to the site and read the article
CAN-SPAM
It’s a federal law that prohibits predatory email practices. Real spammers ignore it. You can’t ignore it even though nonprofits are exempt from the law (unless the email is clearly commercial).
Briefly, to comply all emails sent by you should:
1. Provide clear identification of the sender.
2. Allow recipients to unsubscribe—enable them to request your organization not send any further commercial email
3. Clearly note that the email is an advertisement or solicitation.
4. Contain the sender’s valid physical postal address.
5. Avoid any materially false or misleading transmission information.
COPPA
The Children’s Online Privacy Protection Act (COPPA) applies to online websites directed at children under 13. You must provide a privacy policy "and seek verifiable consent from a parent when necessary." The article has much more info. They cited The World Wildlife Fund as a good example.
PCI Data Security Standards
Applies to websites that collect donations. They "are a set of standards defined by the payment card industry for keeping cardholder data safe and secure from theft or misuse." You’ll need to discuss this with your accounting department, as well as IT, and your service provider.
According to the article there are three things you should ask:
1. The PCI Data Standards require different levels of proof of compliance depending on what “tier” a merchant or supplier is in. You should first find out what “tier” they are in.
2. Ask for a copy of their annual questionnaire or audit report that ensures PCI compliance.
3. Request a copy of their most recent network scan.
Check the article for more details.
Other Regulations
1. Ethics in online fundraising
2. Website accessibility
3. Your own organization’s policy
Hide Window - If you wish to read the article, Go to the site