So, your nonprofit is collecting data. That's great!

Hopefully, you're collecting data systematically, perhaps with systems and tools like those offered by Pulse for Good. (If not, we can help you out with that.)

Also, you are hopefully collecting the right kind of data and curating it carefully.

Furthermore, we hope you are using your data in decision-making and to improve your organization's operations and programs.

(If you'd like more information on any of the above topics, please see our previous blog articles.)

Here's a question for you: are you in compliance with laws and regulations regarding data, privacy, solicitation, and confidential information?

At a bare minimum, most nonprofit organizations collect confidential information. Whether or not that data is analyzed or adequately utilized as a tool for organizational improvement, nonprofits must collect and file confidential information about their staff, donors, volunteers, and those they serve.

This is the first part of a three-part series about legal issues for nonprofits regarding data, privacy, solicitation, and confidential information. The first legal framework we'll examine is the Telephone Consumer Protection Act. In the second part, we'll introduce and discuss the laws that govern data protection and data breaches. Then, in the third part of the series, the concept and legal framework of general data protection regulation (GDPR) will be introduced and discussed.

Telephone Consumer Protection Act

The Telephone Consumer Protection Act of 1991 (TCPA) was signed into law by President George H.W. Bush as an amendment to the Communications Act of 1943 as a response to the growing problem of unsolicited telephone sales ("telemarketing") and various forms of fraud. It has been updated many times (as recently as December 2020), and the Federal Communications Commission (FCC) has ordered violators to pay hundreds of millions in fines.

The TCPA is unique among federal regulations in that it allows "private right of action," which allows state attorneys general and even private citizens to bring enforcement action. The TCPA has also been given a few extra enforcement teeth by allowing monetary judgements to exceed actual losses and placing no upward limit on total damages. In other words, the TCPA is a set of regulations that no nonprofit should mess with.

In October 2013, the FCC adopted updated TCPA provisions, most of which apply only to for-profit entities, which remain exempt from some (but definitely not all) TCPA provisions. It's interesting (and very important) to know that TCPA exemptions for nonprofit organizations do not apply if the nonprofit organization is partnered with for-profit entities in activities such as promotions.

In what ways of nonprofit organizations exempt from the TCPA? The TCPA centers upon the following three major provisions:

1. Compliance with the National Do Not Call Registry

2. Limitations on pre-recorded phone communications

3. Limitations on mobile-phone calls, texting, and the use of auto-dialers

Exemptions from TCPA rules for nonprofit organizations are discussed below.

The TCPA forbids unsolicited calls to anyone listed on the National Do Not Call Registry. However, solicitations "made by or on behalf of a tax-exempt nonprofit" (organizations organized under Section 501(c)(3), Section 501(c)(4), and 501(c)(6), for example) are exempt from this rule, as are independent contractors who are soliciting on behalf of the nonprofit organization. Remember, solicitations made in partnership with for-profit entities are not exempt, even if the activity is related to charitable causes or compassionate service. Be careful and check the specific regulations when partnering with commercial, for-profit companies and organizations.

The TCPA requires express, written consent for pre-recorded calls to residential phone lines and cell phone numbers. Pre-recorded calls to any number must incorporate an opt-out feature to allow people to prevent future pre-recorded calls from the organization. Pre-recorded calls must identify the organization responsible for the call along with a telephone contact number. The same rules apply when using autodial equipment or software. Any calls made using equipment or software with the ability to sequentially or randomly dial telephone numbers to make calls can only be made with express, written consent from the recipient.

Pre-recorded calls and those made via auto dialing by nonprofit, tax-exempt entities do not require the express, written consent of recipients. Also, calls that are purely informational (calls that are not telemarketing or solicitations) are exempt from the express, written consent provision.

Funding drives, informational campaigns, and other communication activities initiated by nonprofit organizations can be uniquely complex. This is especially true for a nonprofit's relationship with for-profit entities as sponsors, partners, and underwriters. Before exposing your organization to legal action or FCC regulation enforcement by negating your organization's exemption from TCPA provisions, seek legal counsel.

This series continues in part 2.

‍