It's a good idea to brush up on these laws if you are a nonprofit that values the importance of safe and secure technology.
You don’t need to be a legal expert! We can help you identify laws that apply to your organization and define concrete actions you need to take to secure your web-based processes. If you need further assistance, refer to the security and privacy section in our Technology Knowledge Center.
CIPA – The Children’s Internet Protection Act of 2000 intends to protect children from viewing obscene, illegal, and harmful content on computers. Organizations that do not receive E-Rate funding are not covered, but many organizations comply regardless.
HIPPA – The Health Insurance Portability and Accountability Act of 1996 applies to your organization if you are a “covered entity” as defined by the law’s rules. HIPAA requires organizations to implement safeguards that defend the privacy of protected health information (PHI), which includes things like patient medical history and health insurance plans. The law also spells out the rights of patients, including the requirement to notify them whenever there are security breaches.
Sarbanes-Oxley – (American Competitiveness and Corporate Accountability Act of 2002) The law defines what financial records should be stored and for how long in order to protect the public from fraud and accounting errors. While the law primarily applies to public companies, a few criminal provisions apply to nonprofits such as: prohibiting retaliation against whistleblowers, destroying/altering documents, and impeding investigations.