Alert December 17, 2024

New State Privacy Laws May Apply to Nonprofit Organizations

December 17, 2024

In January 2025, five new state privacy laws will take effect in Delaware, Iowa, Nebraska, New Hampshire, and New Jersey. These laws will join laws already in effect in California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia – bringing the grand total of comprehensive state privacy laws in effect to 13.

There is not a uniform approach to how these laws apply to nonprofit entities, and some states treat 501(c)(3) organizations differently than other types of tax-exempt organizations (e.g., 501(c)(4), 501(c)(6), 527, etc.). Some state laws clearly exempt a broad range of nonprofit entities, while other state laws contain no carve-out for nonprofit entities. The remaining states have adopted exemptions for only certain types of nonprofit entities or activities. For example, while most of these comprehensive state laws exempt 501(c)(3) organizations, four state laws do not: Colorado, Delaware, New Jersey, and Oregon. And an even larger number of state privacy laws do not have clear exemptions for other types of tax-exempt nonprofits.

Even if a state law does not exempt a certain type of nonprofit, most of the laws apply only to organizations that collect personal information from a minimum number of people in the state. In many states, the threshold is 100,000 residents in the specific state, although some smaller states have lower thresholds (e.g., Delaware’s threshold is 35,000). This means that even if your nonprofit entity is not exempt under a specific law, it may still be outside of the scope of the law if it does not collect information from the minimum number of state residents. Only two states – Texas and Nebraska – do not have minimum collection thresholds.

In sum, as these new laws go into effect and the patchwork of state privacy laws continues to grow, it is important for nonprofit entities to understand if these laws may apply to their organizations. For each state law, all nonprofit organizations should keep track of (1) whether the law exempts all nonprofit entities, and, if not, (2) the types of tax-exempt organizations that are covered by the law, and (3) whether the organization meets the state’s minimum collection thresholds, if applicable.

Please reach out to us if you would like to conduct an applicability assessment or if you otherwise need support with your privacy practices and policies.

Read Time: 2 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek