Can your organization answer "yes" to any of the following questions?
Does your organization have personal information (credit card numbers, checks, other financial information) from donors?
Does your organization have employees or volunteers for whom you have Social Security numbers?
Has your organization signed a merchant agreement to be able to accept credit cards?
Do you think that data privacy and security laws do not apply to you because you are a nonprofit?
Mintz Levin's Privacy and Security lawyers recently presented a webinar on this subject that might be useful to review the issues above -- and more.