New Hampshire Bar Association
About the Bar
For Members
For the Public
Legal Links
Publications
Newsroom
Online Store
Vendor Directory
NH Bar Foundation
Judicial Branch
NHMCLE

Support Of Lawyers/Legal Personnel All Concern Encouraged

Order with big business buying power.
New Hampshire Bar Association
Lawyer Referral Service Law Related Education NHBA CLE NHBA Insurance Agency

Member Login
username and password

Bar Journal - December 1, 2000

Charitable Solicitations on the Internet

By:
 
INTRODUCTION

When professional fundraisers and charitable organizations use the Internet to solicit charitable donations from citizens, a number of new and difficult legal issues are raised. Since there is no federal law regulating charitable solicitations (as there is with SEC regulation of publicly-traded corporations), the resolution of these new issues becomes very complex. To add to the complexity, each of the 50 state Attorneys General must wrestle with them on a state-by-state basis. The uniformity and predictability that lawyers seek – and the Internet demands – is largely absent.

This article asks whether the existing regulatory framework that was developed for charities in the last century should be restructured to adapt to a rapidly changing reality – the Internet. The article also seeks to alert the reader to other issues raised by Internet solicitation, including issues of privacy, accountability and security. This article was prepared at a time when both nonprofit entities and the National Association of State Charities Officials (NASCO) are engaging in an open discussion of how best to regulate the nonprofit sector.

In October 1999, at the annual NASCO Conference in Charleston, South Carolina, NASCO invited nonprofit entities to offer suggestions on the future of Internet regulation. Since then, NASCO has crafted the "Charleston Principles" to guide the discussion and assist charities in understanding the impact of the Internet on existing state laws.1  In October 2000, at the annual NASCO Conference in San Diego, NASCO again met with nonprofit entities to continue the discussion about the profound impact that the Internet is having upon world-wide solicitation of donations and the need for continued accountability of charities to state Attorneys General. The proliferation of Internet-based charities world-wide and the growth of "charity malls" on the Internet sharpen these discussions.

I. THE DUTY TO PROTECT CONSUMERS

In approaching these issues, it is important to emphasize the primary duty which state Attorneys General have under common law and under their respective state statutes. The primary responsibility is to protect consumers from fraudulent solicitations and to protect the growing amount of charitable assets.2  This duty remains a constant, whatever form the solicitations may take. From this perspective, it makes no difference whether the solicitation is made by telephone, by direct mail or via the Internet, the responsibility continues.

More specifically, state Attorneys General have responsibility for holding professional fundraisers accountable for the charitable donations raised. Thus, in most states professional fundraisers must register with the Attorney General’s Office at the commencement of a charitable campaign and must file financial reports at the completion of the campaign so that state regulators can review the accounts and determine where the charitable dollars have gone.3  Solicitation on the Internet complicates the process in wondrous ways, but it does not remove the basic statutory duties.

A. The Regulatory Framework

The "Charleston Principles" discuss a variety of legal issues arising when a professional fundraiser in one state (or one nation) actively seeks to raise donations across state lines (or across national borders). One basic scenario involves American dollars flowing across national borders to nonprofit entities that may be authentic or fraudulent. Hypothetically, a professional fundraiser, based in Germany, enters into a contract with a charitable entity based in Kosovo, and posts a web site soliciting funds on the Internet. That web site offers an interactive feature that allows citizens of each of the 50 states to make a financial contribution using a credit card. In this scenario, how does the potential donor in the United States know that the charitable entity is authentic? How are the charitable entity and the fundraiser held accountable for the donations raised?

A host of questions have arisen in the past two years as a result of Internet-based charitable solicitation. Could it be that the traditional regulatory structures in place since 1943 (50 states, 50 regulatory agencies, 50 different state statutes) must now give way to a single registration site for fundraisers and charities using the Internet? Or, could it be that there is a need for one single national set of guidelines or Uniform Act to deal with Internet solicitations? Is there a need for a coherent, nation-wide policy on charitable solicitations on the Internet (and perhaps charitable solicitations generally)? Is the present system of 50 separate states, with 50 separate statutes, coherent or efficient – or is it counterproductive? If the Internet’s impact is as profound and far-reaching as everyone believes and is altering fundamental business practices, then should state regulators also consider altering regulatory thinking?

One possibility includes the creation of a single central depository for all charities using the Internet for solicitation. Such a central depository would automatically and simultaneously convey the fundraising documents filed at the central depository to each of the 50 states. There would be one single fee and the filings would be immediately available to all regulators and to the general public. For charities, the cost savings in this new regulatory framework would be significant, especially since it reduces the role and expenses of outside consultants. For regulators, the efficiency of operation and the reduction in paperwork would be welcome indeed, allowing resources and staff to be used for enforcement purposes. In this sense, the development of the Internet may be accelerating a movement towards a broader and more coherent national policy on charitable solicitations.4 

B. NASCO’s Role

NASCO has two major responsibilities at this juncture. First, it has a responsibility to persuade every state to place its statutes, rules, regulations and application forms on one central site on the Internet ("the Central Archive"). By making basic state statutes easily accessible, there should follow a reduction in the financial and administrative burden on charities seeking in good faith to comply with the maze of existing laws. Second, NASCO should explore the feasibility of adapting itself to the new technology by creating a central registry for all charitable solicitations using the Internet ("the Central Registry"). Given the existing maze of state statutes, there is a need for this new architecture. The success of the Securities and Exchange Commission (SEC) in using the Internet for public disclosure of all documents filed by publicly traded corporations creates a model for NASCO that works.

The electronic filing at the SEC and the ability of the general public to view those public filings has revolutionized public access to information about publicly traded corporations. Consequently, there is no need for regulators to reinvent the wheel on this score. A common Internet site would be a low-cost method of disseminating information to the charities that are regulated and to the broader public whose charitable donations rank in billions of dollars annually. Such a site could also offer a vehicle for charities and the public to post questions and engage in a substantive discourse on philanthropy today. In short, if a fundamental sea-change in technology and business practices is now underway, is it not time to also consider a fundamental change in regulatory attitudes and regulatory structures – with efficiency as a major goal?

II. PRIVACY ISSUES AND SECURITY ISSUES

A second set of issues confronting state Attorneys General is the role of fundraisers (and the charities) in protecting the privacy and security of those donating via the Internet. There is an obvious need to protect the sensitive financial information that a donor provides when making a contribution via the Internet from others outside the system (the hackers). Of equal concern are those fundraisers who cannot resist the temptation to "package" donor information (credit card information, level of contribution, etc.) and sell and resell that information to other charities or other fundraisers. The issue here is not the narrow issue of "encryption" – protection of sensitive information – but the need to work with the charitable community on a policy involving such transactions. Recently, National Public Radio exchanged its donor lists with a political party, bringing criticism to itself. Since the Internet makes such donor lists highly valuable, discussion within the philanthropic community and between that community and NASCO should address this issue, perhaps resulting in a policy statement or guidelines regarding "best practices."

Recent Case Law. If an individual gives $1,000 to a "Kosovo Refugee Fund" on the Internet, what guarantee does the donor have that his name, address, donation amount, credit card information and other information is not resold for money or passed around from client to client by the fundraiser involved? In the commercial arena, the Federal Trade Commission has wrestled with a number of significant cases, including DoubleClick, Liberty Financial Companies, Inc. and GeoCities. Should state regulators advise charities using the Internet that they must post a privacy policy for donors to read? When donors rely upon those privacy policies to their detriment, will charities and fundraisers who abuse and violate those privacy policies be penalized?

(For GeoCities, see the Final Decision and Order at www.ftc.gov/os/1999/9902/9823015d&o.htm) (For Liberty Financial Companies, Inc., see Proposed Consent Agreement at www.ftc.gov/os/1999/9905/1btyord.htim).

New Hampshire Law. In New Hampshire, the charitable statutes offer some privacy protection. New Hampshire RSA 7:28-c(V)(a)(3) states that the "name and address of each person pledging to contribute, together with the date and amount of the pledge, shall be the sole exclusive property of the charitable trust with no rights to transfer, sell, rent, or otherwise cause to be used except by the originating charitable trust." This section was enacted in 1998 and became effective in 1999. The Internal Revenue Service has long recognized the importance of the donor lists and specifically excludes the donor lists from inclusion in the annual Form 990 filings which charities make with the Internal Revenue Service. (See the Frequently Asked Questions section of the Internal Revenue Service’s Web site, www.irs.gov)

Congressional Legislation. A number of Congressional offices have introduced privacy acts protecting consumers on the Internet. The Online Privacy Protection Act of 2000 was introduced by Representative Frelinghuysen (R-New Jersey) on January 31, 2000 (HR 3560IH). The legislation contains a number of requirements, including (a) a conspicuous notice that the web site operator collects personal information, (b) a disclosure of what personal information the operator may share with other companies, and (c) the ability for consumers to opt out of having their personal information shared with others. The legislation gives enforcement authority to the Federal Trade Commission and would preempt state laws. Other legislation was introduced in 1999, including HR 3321IH by Representative Edward Markey (D-Massachusetts), which includes a private cause of action, with the potential for class action lawsuits against online companies.

Self-regulatory Efforts. Thus far, Congress has not enacted any of the privacy statutes that have been proposed, with opposition to such legislation coming from both the Commerce Department and online companies. One alternative to Federal or state legislation is the potential for self-regulation. This would include enforcement groups such as TRUSTe and BBBOnline, which provide privacy policies and regulation of those who participate in those self-regulatory groups (www.truste.org). The BBBOnline program is an affiliate of the Council of Better Business Bureaus (www.bbbonline.com).

The "Chronicle of Philanthropy" recently addressed the privacy issue in its March 23, 2000 publication in its lead article, "Donors Raise a Red Flag over Privacy."5  The article notes that the Federal Trade Commission recommends that privacy statements be posted on web sites but that few of the charities seeking online donations by obtaining credit card numbers have followed those guidelines. The article notes that professional fundraisers have in the past compiled detailed profiles of potential donors, "including how much they paid for their homes, how much stock they own in publicly traded companies, their exact ages, and how much money they earn."6  The tradition among charities is to share and exchange donor lists; but this appears to go against a recent trend towards greater privacy of information, especially concerning patient records, automotive drivers’ licenses and Internet concerns. The current debate appears to be between those advocates of privacy, who want an "opt-in" approach (where the donor must specifically give his permission for his name to be circulated), and those fundraisers and charities which favor an "opt-out" approach (where the donor is given an opportunity to take his name off the lists).

The Federal Trade Commission (FTC) has recommended that four concepts be used in crafting privacy policies by fundraisers and charities that collect personal information on the Internet. The concepts are notification, choice, security, and access. Notification means that visitors to a web site will be notified about the types of information that is being collected and whether that information will be shared with others. Choice means the ability of a visitor to a web site to direct the charity not to circulate or share information relating to him. Security means that the visitor is informed about the steps that the web site has taken to protect private information from unauthorized entities. Access gives the visitor the right to view information collected about the visitor and, where necessary, the right to correct erroneous information.

Broader Security and Liability Issues. The issues of privacy, security and liability go beyond the nonprofit universe, creating tough dilemmas for all those using the Internet. The "New York Times" has catalogued the growing problem of "identity theft," where online theft of a person’s social security number, address and credit card information becomes the basis for larger and more lucrative crimes.7  Others have warned large nonprofit institutions, especially universities, about liability where hackers penetrate the university computers and then utilize those university computer systems to disrupt other systems. Since university computer systems are relatively open and not secure, they present hackers with a strong opportunity for mischief.8  Finally, the use of class action law suits on a federal level against corporations like DoubleClick Inc. has emerged very quickly in an area where the law is uncertain. Allegations about invasions of privacy and violations of wiretapping and electronic communications laws all are central to these class action suits.9  On February 16th, the FTC announced an investigation of DoubleClick for deceptive trade practices.

CONCLUSION

Both the philanthropic community and state Attorneys General need to continue asking new and more sophisticated questions about the regulation of the charitable sector. Although the immediate questions are Internet-based and deal with charities and fundraisers soliciting donations on the Internet, the dialog should be more wide-ranging and fundamental. The immediate questions would include those raised in this article. They would also include questions about the need to encourage growth in the charitable sector, ways of helping smaller charities become more efficient, methods of encouraging charities to collaborate on common goals. Given the enormous impact that the Internet could have in helping the charitable sector address problems in our society, such conversations are well worth having.

ENDNOTES

1. See, www.nasconet.org for the complete analysis of the Charleston Principles and for the NASCO web site.
2. See, New Hampshire RSA 7:19 – 7:32 for this state’s registration and solicitation statutes. Each state has adopted statutes of their own.
3. In 1996, the New Hampshire Attorney General’s Office released its analysis of charitable giving using professional fundraisers in this state. The Report showed that approximately seventy-five percent of all donations raised by professional fundraisers went to the fundraiser for expenses, with the remaining twenty-five percent going to the charities themselves.
4. The Internal Revenue Service operates at the national level to provide oversight on nonprofit entities. However, the number of new nonprofit entities has been growing at the rate of about 29,000 new entities per year. While the number of additional nonprofits has grown, the IRS staff that monitors, reviews, and regulates the sector has decreased, raising basic problems.
5. Holly Hall, "Donors Raise a Red Flag over Privacy," Chronicle of Philanthropy, vol. XII, no. 11 (March 23, 2000).
6. Id., page 41.
7. See, "Officials Worried Over a Sharp Rise in Identity Theft," New York Times, April 3, 2000, page 1.
8. See, "Hacking Raises Liability Issues for Companies, " National Law Journal, March 6, 2000, page 1.
9. See, "Click Here for More Web Suites," National Law Journal, February 28, 2000, page 1.

The Author

Attorney Michael S. DeLucia is the Director of Charitable Trusts at the New Hampshire Attorney General’s Office. He is a past president of NASCO and serves on the governing board of NASCO, an affiliate of the National Association of Attorneys General (NAAG).

NHLAP: A confidential Independent Resource

Home | About the Bar | For Members | For the Public | Legal Links | Publications | Online Store
Lawyer Referral Service | Law-Related Education | NHBA•CLE | NHBA Insurance Agency | NHMCLE
Search | Calendar

New Hampshire Bar Association
2 Pillsbury Street, Suite 300, Concord NH 03301
phone: (603) 224-6942 fax: (603) 224-2910
email: NHBAinfo@nhbar.org
© NH Bar Association Disclaimer