T. Jeff Vining on How Does CCPA Impact Churches?

The views expressed in this commentary do not necessarily reflect those of BCNN1. Opinions expressed are solely those of the author(s).

The California Consumer Protection Act (CCPA) of 2018 went into effect January 1, 2020, but enforcement begins July 1, 2020.  This Act expands the personally identifiable information (PII) categories to include name(s), addresses, account names, biometrics, geolocation data, employment information, social security, and drivers’ license and passport numbers; radically changing how organizations collect and manage PII.

Does CCPA impact Churches?

The Answer is Yes. The CCPA covers For-profit legal entities.  Not-for-profit organizations, e.g. churches, appear to be exempt.  In reality, most churches are probably not selling goods or services, yet their third party service providers do. For example, they collect and use PII for financial and membership management, fundraising and social media engagement.

How to Prepare?

You may have noticed, churches and their service providers updating website “Cookie” and “Privacy” policies and anonymize IP addresses to prevent data aggregation among other things.  The reason being the 2018 European Union’s General Data Protection Regulation does not exempt Not-for-profit organizations. From collecting and managing PII on donors, employees or even visitors to websites or mobile apps, the prospect for running afoul of GDPR’s regulators motivated churches and their service providers to voluntarily comply.

Now in 2020, many churches and their service providers that are now GDPR compliant are hoping they are legally exempt or that being located outside of California protects them from CCPA compliance.   This position is temporary.

Click here to read more.

SOURCE: Christian Post, T. Jeff Vining