Does Your Nonprofit Website Need a Privacy Policy?

If your organization collects information from the users of your website — and the odds are that it does, if little more than the IP addresses scooped up by your site statistics package — have you posted a site privacy policy? Should you do so? 

In the service of those web users who are increasingly concerned with issues of
data protection, a clear and simple nonprofit privacy policy posted on your organization’s website can go a long way to building trust. 

Do Nonprofits Need A Privacy Policy?

Yes, nonprofits, like any other organization handling personal information, should have a privacy policy. This is important for several reasons:

1. Nonprofit Legal Compliance: Depending on the jurisdiction in which the nonprofit operates or the regions where its beneficiaries, donors, or users are located, there may be legal requirements to have a privacy policy. Laws such as the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA), and various other data protection regulations globally mandate certain standards for privacy and the handling of personal data.
2. Improve Donor Trust: Having a clear and transparent nonprofit privacy policy helps in building trust with donors, beneficiaries, and the general public. It assures them that their personal data is being handled responsibly and securely.
3. Data Management: A privacy policy helps set internal guidelines and procedures for how personal data is collected, used, stored, and shared within the organization. This is crucial for maintaining data security and integrity.
4. Funding Requirements: Some grant makers or funding organizations will require a privacy policy as part of their due diligence process.
5. Online Presence: If the nonprofit has a website or uses online platforms (like social media or donation platforms), a privacy policy is often required to comply with the terms of service of these platforms. Privacy policies are also needed for SEO of your nonprofit website.

The privacy policy should detail what information is collected, how it is used, how it is protected, and the rights of individuals regarding their personal data. It’s important to tailor the policy to the specific activities and data practices of the nonprofit and to update it as necessary when practices change.

Who Cares about Protecting Personal Data?

A study from the Pew Research Center reports that a staggering 71% of Americans are very or somewhat concerned about government use of people’s data. However, 67% of adults have little to no understanding of what companies are doing with their personal data. 

The internet has so much information available that anyone can find. I’m sure you’ve found yourself googling colleagues, coworkers, competitor’s businesses, and more to find an email address, name, phone number etc. Chances are, you were successful in your endeavor as well. 

The concept of your digital footprint is on everyone’s minds, no matter your age or occupation. So, it’s important to have a clear privacy policy for individuals to review if you’re collecting any data. Even though 56% of Americans frequently click “agree” without actually reading their content, having one available for those who want to read through the policy is vital. 

This isn’t the first research to identify a “disconnect” between what web users say is important and the way we actually behave when on the internet. It’s been widely attributed to a lack of consumer education to create an understanding of the issue — consumers may believe that privacy protection is desirable but may not be fully prepared to sacrifice convenience for caution when dealing with “trusted” sites online. 

Whatever the cause of the disparity, the number of adult internet users who are
concerned about privacy issues is significant, and it’s a number that seems to be growing. Especially with the advancements in technology and increased usage of artificial intelligence (AI).  

Also from the Pew Research Center’s study, of those who are aware of AI, 70% have little to no trust in companies to make responsible decisions about how they use it in their products. Additionally, 81% of those individuals believe this will lead to their personal information being used in ways they aren’t comfortable with. 

Online privacy issues, clearly, are not simply going to fade away. 

Given the obvious importance of the issue to online business, it follows that privacy protection cannot be overlooked by nonprofit organizations that rely on reputation and relationships in order to raise funds, to build membership, to spread the word about their activities, or to carry out other basic functions of their missions. 

How to Create a Nonprofit Privacy Policy

The first step is to know what your organization’s data collection practices are:

• What personal information do we collect?
• How do we collect it?
• Why?
• How is the information used?
• Who has access to the information?
• Do we share the information we collect?
• If so, with whom and under what conditions?
• How long do we keep the information?

Hammering out those details may call for a meeting between board members, website administrators, marketing people, and volunteer coordinators — or, in a smaller organization, it may be as simple as a conversation among a few colleagues. Whichever is the case, do be sure you have a clear picture of the current situation (and of any changes that are likely to emerge in the short and medium term) before moving on to craft a written statement of your policy.

If the budget allows, certainly the first choice would be to ask your group’s lawyer to draft a privacy policy for your website. Check the text for an appropriate and accessible reading level and purge it of ‘legalese’ and unnecessary jargon, then pass it by your lawyer once more to ensure that the meaning has not changed.

As an alternative, however, you can create a privacy policy for your website with the aid of a free tool like these: 

• Termly 
• TermsFeed 
• PrivacyPolicies 

Following the easy steps of one of those tools will deliver your customized privacy policy in plain text or HTML format, ready to add to your website. (You may want to pass this form-generated draft text to a lawyer, just to check that it meets all the legal requirements for data protection in your jurisdiction.) 

Tips for a User-Friendly Nonprofit Privacy Policy

• Make the language as clear and simple as possible. Too many privacy policies are written by in dense legal terms that are beyond the average reading level — or at least will make the average reader’s eyes glaze over.
• Make the privacy policy complete. In simple terms, lay out exactly what information is collected, how, and for what purpose.
  Be prepared to revise the policy if your practices change — and decide how to handle any information that has already been collected, if your information-sharing practices, for example, do change. (In fact, a statement of this might be a very useful addition to your privacy policy!)
• Keep the door open. If you plan to use your visitors’ information for marketing purposes or even just to send out an occasional simple update, do make that intention clear in your privacy policy.
  Provide an opt-out option (or several) on the site itself, within the privacy policy, and as a link in every email message. This is especially critical if your organization shares or plans to share information with other organizations or companies.
• Link to your privacy policy in a very visible way, perhaps in the footer of each page, so readers won’t have to hunt for it.
  A percentage of people may never read the “fine print,” but the truly user-centred website will make every reasonable effort to display the privacy policy where it will be noticed.

Sometimes a nonprofit privacy policy may serve as no more than a disclaimer for
information gathering or sharing that may be carried out, rather than as a real aid to informed use of the website. If the goal is to establish a climate of trust with your website users, however, your privacy policy will be designed first and foremost with the best interests of website visitors in mind.

Are you a WildApricot Client?  

We have the tools you need for creating your own privacy policy in the WildApricot software. Check out this help article that includes: 

• Details on creating a privacy policy 
• Essential components of a good privacy policy 
• Helpful resources that go over privacy laws 

Not a WildApricot client? Start your free 60-day trial now! 

Additional Resources:

• The 22 Features Every Top Nonprofit Website Has
• The 50 Best Nonprofit Websites To Get You Inspired