Search
Close this search box.
2019 resolution

Privacy Audit – Make it Your Organization’s New Year’s Resolution!

It’s the time of year when its typical to focus on self-betterment, so let’s not leave the organization you work for out. Nonprofit organizations hold a variety of personal information on behalf of their constituents and employees. Unfortunately, most organizations could be doing more to protect this information. The fact is that with each passing year, the number of data breaches grows, and the financial cost and reputational harm along with it. Additionally, the regulatory landscape is becoming more complex, requiring organizations to comply with an increasing number of requirements or face penalties. The good news – a significant portion of data breaches and related risks can be avoided or minimized with a bit of due care. As such, it has never been more critical to have a more practical understanding of the types of personal information collected, stored and shared by your organization. A first step for any organization wishing to better understand (and minimize) their privacy risk is to conduct a privacy audit.

A privacy audit is essentially a process to identify, across the organization (and chapters), the types of personal information collected, the ways in which it is protected, and with whom such information is shared. The following risk assessment methodology is a good place to start.
Inventory Locate the places in the organization (and vendors operating on its behalf) that house/store Personally Identifying Information (“PII”), identifying both electronic files/databases and physical files.
Safeguards Assess the safeguards in place – including the physical, administrative and technical controls – and whether they are adequate and reasonable considering the type of PII being stored (SSN vs. email address for example might have different levels of protection).
Gaps Determine the compliance gap – essentially the difference between that what it should be doing, and the organizations actual practices.
Risk Assessment For most organizations there will be a number of gaps. As a first step, for the PII held in various locations and with various vendors, assess the risk of non-compliance, determine the impact of non-compliance and likelihood of risk occurrence, and use this to help prioritize compliance efforts.
Remediation Depending upon the finding/conclusions in the previous steps, remediation should be a joint effort among various members of the organization to address and remedy any identified shortfalls/gaps.

The above are general guidelines. As a first step, I typically provide clients with a customized, detailed checklist that is an essential tool for our audit. Not surprisingly, most of these audits reveal a variety of gaps and poor practices, which once addressed and remedied, reduces the likelihood of a breach, and leaves the organization better prepared should one occur.

Share this Post

Related Posts

Today, more and more nonprofits rely on third-party vendors for technology solutions to provide a range of services and operational support, including donor outreach and management, web platforms, payment …
perlman & perlman philanthropic sector law firm blue logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

LSU Foundation
Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Americans for Ben Gurion University
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA

perlman & perlman philanthropic sector law firm blue logo

click to exit page

news & events

Our attorneys’ recent contributions to the media and nonprofit sector publications.

news & events

Check out our attorneys’ recent contributions to the media and industry publications.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

Secure Your Data – Seriously, AFP New York Chapter News
As Jon Dartley, a data privacy and security attorney at Perlman and Perlman says, “It is vital to have the appropriate legal terms in the contract to protect your interests.”  Find out what your liability limit is.  Have it in writing who bears the responsibility and cost of a data breach.  And, have the vendor agree on a specific timeframe within which they need to advise you of a data breach.

Warning: Don’t Cut Legal Corners When Mixing Social And Business Impact,  Forbes
Particularly striking is that (Karen) Wu believes this is the “first multi-state regulatory activity involving cause marketing in almost two decades.”

Is stealing, then giving back, OK?
Cliff Perlman lends his advice on theft within a nonprofit.

Buyer Beware: Negotiating Terms in Technology Agreements
Jon Dartley provides tips on negotiating contracts with technology vendors.

Four Ways Charitable Giving Could Change with a Tax Overhaul
Cliff Perlman remarks on the possible threat of a change to charitable deduction.

How To Deal With Residual Data, Nonprofit Times
Jon Dartley’s advice on addressing “data exhaust”.

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

silk lanterns

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

who we work with

Our clients are diverse nonprofit organizations with a broad range of missions, as well as for-profit companies in evolving areas such as social enterprise, corporate philanthropy, joint ventures, technology-driven fundraising, and impact investing.

A.B. Data
AB InBev Foundation
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
Association of Fundraising Professionals
Avalon Consulting
Baton Rouge Area Foundation
Black Lives Matter Global Network Foundation
Bleeding Blue for Good Fund
Bradley Cooper’s One Family Foundation
BrightFocus Foundation
Brooks Brothers
Chadwick Boseman Foundation for the Arts
Changing Our World
Charity Defense Council
Christian Appalachian Project
Doctors of the World/ Medecins du Monde
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Estee Lauder Companies, Inc.
Feed The Children
Food For The Poor
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Hope for New York
International Campaign for Tibet
International Crisis Group
International Justice Mission
J. Crew Group
Johns Hopkins University
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law
LSU Foundation

Marts & Lundy
Meyer Partners, LLC
Milken Institute
NAACP Foundation
National Alliance on Mental Illness (NAMI)
National Marrow Donor Program
National Park Foundation
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
PopSockets
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rockefeller Philanthropy Advisors
Save the Children Federation
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Subaru of America
The Little Market
Touro University
United States Equestrian Team Foundation
United Way Worldwide
University of Connecticut
University of Virginia
Vote.org
Whitney Museum of American Art
World ORT
World Wildlife Fund
YWCA USA

A.B. Data
Absolut Company
American Committee for the Weizmann Institute of Science
American Diabetes Association
American Friends of the Hebrew University
American Parkinson Disease Association
American Rivers
Association of Fundraising Professionals
Baton Rouge Area Foundation
BrightFocus Foundation
Burger King McLamore Foundation
Cancer Care
Carnegie East House and James Lenox House Association
Center for Car Donations
Changing Our World
Charity Defense Council
Christian Appalachian Project
Coca-Cola Scholars Foundation
Convoy of Hope
Cornell University
Doctors Without Borders/ Medecins San Frontieres
Drug Policy Alliance
Duke University
Emory University
Feed The Children
Gerald R. Ford Presidential Foundation
Grameen Foundation USA
Helen Keller Services
Hope for New York
Human Rights Watch
Humane Society of US
Indiegogo
International Campaign for Tibet
International Crisis Group
International Justice Mission
Japanese American National Museum
Johns Hopkins University
Lane Bryant Charities
LSU Foundation
Mattel
Meyer Partners, LLC
Milken Institute
National Breast Cancer Coalition
National Marrow Donor Program
Natural Resources Defense Council
North Carolina State University
North Shore Animal League
Obama Foundation
Operation Smile
PBS Foundation
Pernod Ricard USA
PetSmart Charities
Population Action International
Project ORBIS International
Public Interest Communication
Rails to Trails
Redeemer Presbyterian Church
Rock and Roll Hall of Fame and Museum
Rockefeller Philanthropy Advisors
Sesame Workshop
Simon Wiesenthal
SOS Children’s Villages – USA
Steinhardt Foundation
Subaru of America
United States Equestrian Team Foundation
University of Montana Foundation
University of Nevada, Las Vegas Foundation
Whitney Museum of American Art
World ORT
World Wildlife Fund
YMCA USA
YWCA of New York City
YWCA USA
Lautman Maska Neill & Company
Lawyers Committee for Civil Rights Under Law

perlman & perlman philanthropic sector law firm blue and green logo

click to exit page

Culture & Values

Vision

We view our clients as partners that share our commitment to bring about change in the world. Our goal is to provide them the peace of mind of knowing that they are in compliance with their legal obligations and to further empower them to achieve positive social impact and financial success.

Our Mission

Our mission is to provide the highest quality, integrity-driven legal services to our clients, using a practical, consultative, client-focused approach to identify and respond to problems and challenges.

We strive to maintain a culture characterized by respect, opportunity, diligence, mutual empowerment, entrepreneurship, and fair reward for efforts made on behalf of clients and the firm.

Perlman & Perlman is a Certified B Corporation

Certified B Corporations use the power of business to solve social and environmental problems. B Corps are unlike traditional businesses because they

  • Meet comprehensive and transparent social and environmental performance standards
  • Meet higher legal accountability standards
  • Build business constituency for good business