The Nonprofit FAQ

Do we need a privacy statement?
On August 9, 2003, Donald A. Griesmann,
Consultant with Community-based and Faith-based Organizations, from
Ventnor, NJ, amswered a query in the NONPROFIT email list (see
http://www.rain.org/mailman/listinfo/nonprofit) with these observations and resources:

Will you be asking for information from visitors? Does your website send 'cookies' to visitors?

You may find the article by Stephanie B. Glaser, To Post Online Privacy or Not, helpful in your deliberations (http://www.gigalaw.com/articles/2001/glaser-2001-11.html). The article focuses on

  • The FTC's Changing Role on Internet Privacy
  • Web Site Privacy Laws and Existing Policies
  • The Advantages and Disadvantages of Privacy Policies


Also see the articles and discussion linked on the right from that page.

Here are some sample privacy statements and one accessibility statement:



The Federal Trade Commission (FTC) is charged with the oversight of the Children's Online Privacy Protection Act (COPPA). The FTC has created a site with Frequently Asked Questions (FAQs).

See http://www.ftc.gov/privacy/coppafaqs.htm#enforce and http://www.ftc.gov/

Here are two sections about COPPA and its effect on nonprofit organizations:


  • The Children's Online Privacy Protection Act (COPPA) was passed by Congress in October 1998, with a requirement that the Federal Trade Commission (FTC) issue and enforce rules concerning children's online privacy. The primary goal of the Act and the Rule is to place parents in control over what information is collected from their children online. The Rule was designed to be strong, yet flexible, to protect children while recognizing the dynamic nature of the Internet.

    The COPPA Rule applies to operators of commercial websites and online services directed to children under 13 that collect personal information from children, and operators of general audience sites with actual knowledge that they are collecting information from children under 13.

    Those operators must:

    1. post clear and comprehensive Privacy Policies on the website describing their information practices for children's personal information;
    2. provide notice to parents, and with limited exceptions, obtain verifiable parental consent before collecting personal information from children;
    3. give parents the choice to consent to the operator's collection and use of a child's information while prohibiting the operator from disclosing that information to third parties;
    4. provide parents access to their child's personal information to review and/or have it deleted;
    5. give parents the opportunity to prevent further collection or use of the
      information; and
    6. maintain the confidentiality, security, and integrity of information they collect from children.


    In addition, the Rule prohibits operators from conditioning a child's participation in an online activity on the child's providing more information than is reasonably necessary to participate in that activity.



  • The Act and the Rule expressly state that they apply to commercial websites and not to nonprofits that would otherwise be exempt from coverage under Section 5 of the FTC Act. Thus, in general, most nonprofits are not subject to the Rule. However, nonprofits that operate for the benefit of their for-profit members may be subject to the Rule. See FTC v. California Dental Association 526 U.S. 756 (1999), for additional guidance on when nonprofits are subject to FTC jurisdiction. Although public-benefit nonprofits are not subject to COPPA, it would be good for them to set an example by posting privacy policies and providing the protections set forth in COPPA to children providing personal information at their sites.



See also the FTC web site aimed at parents, adults, children, teachers, media and businesses http://www.ftc.gov/bcp/conline/edcams/kidzprivacy/

The Act and the Rule went into effect on April 21, 2000.

An excellent paper on this subject is Children's Privacy and Web Sites Operated by Not-for Profits by Stephanie B. Glaser can be found at: http://www.gigalaw.com/articles/2003/glaser-2003-04.html

She argues that the more a nonprofit organization looks like a for profit organization, it can be crossing the line. Organizations with memberships may be vulnerable to the Act and the Rule. I also suggest that you review the links that can be found on the left and right of the article.

The material from GigaLaw will not replace the advice of an attorney

I have no connection to any of the commercial operations listed here. They are listed only for illustration purposes as to their privacy statement.

CAVEAT: I am required to tell you that I am an attorney in the state of New Jersey and it has not been my intention to give you legal advice. I may have given you legal information, but not legal advice.




Posted 8/10/03 -- PB