The recent settlement of the Minnesota Attorney General's lawsuit against Minnesota Public Radio (MPR) provides some helpful guidance for Minnesota charitable organizations that share donor information with third parties. The Attorney General had alleged that MPR's disclosures concerning the exchange of donor names, addresses, and telephone numbers were inadequate and misleading MPR responded with a motion to dismiss the lawsuit, stating that it had conducted its charitable solicitations according to the highest legal and ethical standards.
Before the Attorney General filed a response to MPR's motion to dismiss, the suit was settled, without any finding of fault on the part of MPR.
How significant is this case?
In the settlement agreement, MPR has agreed to make certain specific disclosures to donors and potential donors. Because the lawsuit did not result in a court decision, it did not determine whether these disclosures are actually required by law. The settlement does, however, provide an indication of what the Attorney General believes is adequate disclosure by organizations that share donor information.
What legal issues are involved?
Much of the press coverage of the Attorney General's lawsuit implied a connection with the highly publicized issue of public broadcasting organizations providing member lists to political organizations. In reality, the Minnesota Attorney General had previously reviewed this issue as it applied to MPR, and found no legal problems.
The Attorney General's lawsuit relied instead on a catch-all provision of the Minnesota Statutes that deal with charitable fundraising practices. That provision states that no organization shall use any fraud, misrepresentation, misleading statement, deceptive practice, or certain other means with the intent that others should rely on them in connection with a charitable solicitation. The Attorney General alleged that MPR's fundraising communications did not accurately describe how it used donor information.
In the background of this dispute was another Minnesota statute, which prohibits a charitable organization from furnishing a list of contributors to any person in exchange for something of value unless the contributors have consented to the transaction. This requirement raises questions of how a donor may consent, and what the donor must be told about the proposed use.
What sort of consent is required?
We can infer from the MPR settlement that the Attorney General believes that allowing a donor to opt out of an organization's usual list-sharing practices is sufficient to meet the consent requirement described above; the donor is not required affirmatively to state that his or her information may be shared. Conversely, it also appears that an opportunity to opt out is required; if an organization's practice is to share donor information, each donor must be given a meaningful opportunity to inform the organization that his or her information should not be shared. Because MPR's disclosures had contained an opt-out provision all along, this was not a significant issue in the Attorney General's lawsuit.
What should be disclosed?
The MPR settlement calls for the clear and conspicuous disclosure of the following points in fundraising communications by organizations that exchange donor information:
- The fact that the organization exchanges donor information
- The type of donor information exchanged
- The frequency of the exchanges
- The purposes of the exchanges
- The organization's understanding of how the third party may use the information
- How the donor may choose not to have his or her information shared with other organizations
The following language was deemed to satisfy these disclosure requirements with respect to MPR's current donor information practices:
To assist in building membership, [charitable organization] regularly exchanges names and addresses of its members with other organizations, who may solicit or make other contact with you by mail. If you do not want your information shared, please check the box and return this form or call [charitable organization] at [phone number].
This disclosure will not necessarily be appropriate for other organizations; for example, organizations that exchange telephone numbers should note that fact, and the fact that the other organization may contact your donor by telephone. Each organization should carefully review its own member information practices and accurately disclose each type of information use.
While the disclosure should be complete and accurate, it need not be entirely neutral. Exchanging donor lists can be beneficial to an organization's fundraising efforts, and organizations are free to encourage donors not to exercise their opt-out rights. For example, the opt-out opportunity might be described using language along the following lines:
"Because it helps us obtain the names of additional potential donors, we hope that you will continue to allow us to exchange your name and address, but if you do not want your information shared . . ."
When and where should this information appear?
This information should appear in all solicitation materials and on the organization's web site, if it has one.
What about information that's already in an organization's database?
If a donor made a gift without receiving the disclosures described above, or without an opportunity to opt out of any exchanges, the organization should consider providing the disclosures, including an opt-out opportunity, now.
Follow-through is critical.
Organizations that make the recommend disclosures must of course have the systems in place to comply with requests that individual donor information be excluded from shared data lists. Failing to do so after offering the opt-out is probably worse than not offering the opt-out at all.
A final word.
While privacy of donor information may be particularly sensitive, charitable organizations are advised to review their practices regarding other personal data that they maintain in connection with websites, inquiries from the public, the provision of goods or services, or other activities. Public and regulatory scrutiny of data privacy practices will no doubt continue, and probably increase, over the months and years to come.