Data Privacy

Data Privacy Laws: Prepare for big changes to the way you do business.

Federal data privacy legislation is on the horizon. Multiple bills have been filed in Congress to give individuals more control over the use of their personal information
For organizations that must comply, potential provisions will have a major impact on the way they do business. Changes likely will require affected businesses to:

  • Remove an individual’s data upon request. This can pose technical challenges, as most companies have backups and multiple versions of data.
  • Ask permission to communicate to anyone in your databases who did not actively opt in. Those who refuse or do not respond would have to be removed.
  • Provide individuals with all information collected on them, where it came from, and with whom it has been shared, upon request.
  • Establish and implement cybersecurity and data privacy policies, practices and procedures.


It’s safe to assume that the personal data you have on customers, prospects and other contacts exists beyond your CRM systems and databases. For example:

  • Does your staff export or copy customer lists, vendor contacts, or member, donor, sponsor or attendee data to work on projects until they are complete?
  • How many folders are sitting on laptops, mobile and other devices with confidential notes on contacts from recent client and business development meetings?
  • How many unauthorized Excel or Google spreadsheets are floating around your office with personally identifiable information?
  • What about your vendors? Businesses that outsource data processing could be accountable for the compliance of its partners and suppliers if the U.S. follows the European Union’s General Data Protection Regulation (GDPR) model.

At Summit, we are experts at following the data trail: how personal information is collected, created, classified, processed, stored and disposed. Our team helps organizations create roadmaps and develop privacy and security policies to help protect data from being compromised.


What personal data would a data privacy law affect?

The general definition that has been applied to data is any piece or combination of information that can be directly linked back to a person’s identity. Examples:
  • Name, address, and phone number
  • Date of birth
  • E-mail addresses
  • Banking or financial information
  • Sexual orientation
  • Racial, cultural or ethnic data
  • Political opinions
  • Social media posts and tagged photos
  • Health, mental, genetic and biometric data

Request our 8 Steps to Data Privacy Readiness