Become familiar with privacy legislation in your jurisdiction. In Canada, we must adhere to PIPEDA, the Personal Information Protection and Electronic Documents Act . Some provinces also have privacy legislation for public and/or private sector organizations. Know your local requirements. Check out this handy tip sheet.
Don’t pre-sign cheques. Although the convenience is tempting, this is an “end run” around the authorization process. Signing officers’ responsibility is to review and approve transactions.
Know your obligations under privacy legislation around the handling of credit card numbers and other personal data from members, donors, employees and others.
An office petty cash fund is a useful tool for covering small expenses. Limit access to the responsible staff member(s), and reconcile the fund regularly to catch errors.
Keep cheques in a safe location. Signed blank cheques should be avoided – but if you have “emergency cheques” with a board member’s signature, make sure they’re under lock and key.
Think carefully about who can access your database and for what purposes. Considerations include protecting donor privacy as well as ensuring that all data entry follows specific policies and procedures.
Investigate your database’s capacity for setting up users with specific access privileges. This way, you can allow some staff and volunteers to enter or edit information, and others just to look at records and run reports.
When choosing how to invest surplus cash, consider the safety of your principal, the rate of return, and the accessibility of your cash (i.e. if you needed to, could you cash the investment before the maturity date).
The CRA is warning Canadians that fraudulent emails purporting to be from the Agency are currently circulating. See examples of these scams here and find out how you can protect yourself.
When it comes to collecting and using data about your organization’s patrons and donors, it is imperative to have a privacy policy which meets the requirements of federal legislation, PIPEDA (the Personal Information Protection and Electronic Documents Act), and in some cases additional provincial legislation. The Office of the Privacy Commissioner of Canada has some information about the application of PIPEDA to charitable and non-profit organizations here.
Need help wading through the PIPEDA waters? Want to draft a privacy policy but don’t know where to begin? Charity Central has created a Privacy Policy Checklist, a tipsheet designed to help you better understand your organization’s information-handling practices and why and how you should create a privacy policy.
Click here to view Charity Central’s Privacy Policy Checklist.