California donor and data privacy in the news

On the heels of the General Data Protection Regulation (GDPR) legislation that came into effect for organizations active in Europe earlier this year, the state of California has become the first to pass consumer privacy legislation in the United States.

The California Consumer Privacy Act (CCPA) is the nation’s first legislation of its kind aimed at protecting data for California consumers. The legislation is well-intended, but the problem is that it was rushed through by the legislature in less than seven days. It was in order to prevent a poorly written and potentially disastrous referendum initiative that would have been on the ballot in November.

Why does this new law matter to nonprofits if it excludes them?

The new law will go into effect on January 1, 2020, according to the DMA Nonprofit Federation (DMANF), and as written, adds difficult and onerous compliance requirements for the processing of personal data by data providers, with severe punitive measures. The DMANF shares, “While the law does not include nonprofit organizations outright, the new law will create compliance hurdles and legal risks resulting in the depletion of vitally important data for Californians.”

In other words, the law is written with good intentions to protect Californians’ data, but as it stands now it could severely limit what list vendors, co-ops, and digital companies are willing to allow nonprofits to use for acquisition. For example, the law currently allows third parties to petition on behalf of individuals for alleged violations. An unscrupulous attorney could target a data provider for alleged violations, with civil penalties of up to $7,500 per violation.

What’s the risk for nonprofit organizations?

The risk is that digital and traditional data sources could begin to dry up if this law goes into effect as written. Data vendors could conclude the risk is just too high to work with Californian consumer data.

2019 will be the year of data privacy legislation.

Experts expect that consumer privacy legislation will be introduced in at least half of the states this coming year. And all eyes will be on Congress, as they will no doubt be working on national legislation that will hopefully preempt a flood of state-level legislation. That said, this is a complex issue and Congress doesn’t typically move very quickly.

As major developments arise, we’ll be watching things and will post major updates here on the Masterworks blog. We also would encourage organizations to seek legal counsel for any concerns or advice.

If you are not a member of the DMANF (now a subsidiary of the Association of National Advertiser, ANA), consider becoming a member. They are a great source of updates, and they are the central organizer of advocacy efforts on issues like this that matter to nonprofit members.


-You can read a brief overview of the issue and key points currently at the DMANF website at

-The full text of the law can be found at the California State Legislature website.