HOW TO DRAFT POLICIES - texasbarcle.com

HOW TO DRAFT POLICIES
(325) 676-7575 [email protected]
GOVERNANCE OF NONPROFIT ORGANIZATIONS August 22-23, 2013
Austin
Abilene, Texas 79606
PROFESSIONAL ACTIVITIES
Admitted to practice: Texas Supreme Court, US Supreme Court, US Tax Court; CPA (Texas)
Former Chair, Advanced Estate Planning Conference, Texas Society of CPA =s
Former member, Fiduciary Income Tax Committee, and Estate and Gift Committee, American Institute of Certified
Public Accountants
Member, Tax Section, American Bar Association
Member, Real Property, Probate and Trust Law Section, American Bar Association
Member, Real Estate, Probate and Trust Law Section, State Bar of Texas
Member, Tax Section, State Bar of Texas
Member, American Health Lawyers Association
Fellow, Texas Bar Foundation
PUBLICATIONS, ACADEMIC APPOINTMENTS & HONORS
Author of several books and articles on estate planning and tax subjects, and a frequent speaker to professional and
lay groups
i
TABLE OF CONTENTS
I. INTRODUCTION ............................................................................................................................................... 1
II. BACKGROUND ..................................................................................................................................................... 1
III. METHODOLOGY .................................................................................................................................................. 2
IV. TYPICAL CONTENT AREAS .............................................................................................................................. 2 A. Gift Acceptance ............................................................................................................................................... 2 B. Document Retention ........................................................................................................................................ 2 C. Privacy ............................................................................................................................................................. 3 D. Insurance ......................................................................................................................................................... 4 E. Employee ......................................................................................................................................................... 5 F. Whistleblower ................................................................................................................................................. 5 G. Conflict of Interest ........................................................................................................................................... 6 H. Investment ....................................................................................................................................................... 7 I. Volunteer ......................................................................................................................................................... 7 J. Property Owners Association .......................................................................................................................... 8 K. Intellectual Property ........................................................................................................................................ 8 L. Private Foundations ......................................................................................................................................... 8 M. Social Media .................................................................................................................................................... 9
SUGGESTED READING ............................................................................................................................................ 10
APPENDIX B - SAMPLE DOCUMENT RETENTION POLICY .............................................................................. 21
APPENDIX C - PROTECTING CUSTOMER INFORMATION................................................................................ 28
APPENDIX E - SAMPLE WHISTLEBLOWER POLICY .......................................................................................... 34
APPENDIX F - CONFLICT OF INTEREST POLICY (PUBLIC CHARITY) ........................................................... 37
APPENDIX G - INVESTMENT POLICY ................................................................................................................... 41
APPENDIX H - VOLUNTEER POLICIES AND PROCEDURES ............................................................................. 50
APPENDIX I - CONFLICT OF INTEREST POLICY FOR PRIVATE FOUNDATION ........................................... 53
APPENDIX J - POLICY ON JEOPARDY INVESTMENTS AND EXCESS BUSINESS HOLDINGS ................... 57
APPENDIX K - SOCIAL MEDIA POLICY TEMPLATE .......................................................................................... 59
How To Draft Policies Chapter 2
I. INTRODUCTION
Non-profits benefit immensely from a thoughtful, organized effort to develop appropriate policies to guide
their governing boards, staff and volunteers. This article attempts to point the way to accomplish this goal. As in
most fields, we stand on the Ashoulders of the giants@ who have lead the way. (This was first attributed to Bernard of
Chartres, but popularized by Sir Issac Newton.)
II. BACKGROUND
Some have asserted that non-profit policy-making is like the weather - much is said but little is done. The
purpose of this article is two-fold: motivation to do the job and tips to make the work easier. And then, the rest is up
to you.
Let=s look at the reasons to make and maintain sound, practical and thoughtful policies for the organization.
Most non-profits have pride in their work and mission. The organization=s policies can reflect and build that pride.
Most non-profits expect their Board and staff to know and observe rules of governance that protect and
enhance the mission and the organization=s resources, both financial and human. If the rules are missing or unclear,
as nature abhors a vacuum, the holes can be filled with inefficient or worse, illegal action.
Too often, board members are not informed, not intentionally, but under a pattern of Aalways done it that way.@
It takes some persistence but an organization can break out of that pattern using a Anew member orientation.@
The new board member is given a board book containing governing documents, policies and a description of
the organization=s programs and/or events. An experienced hand in the organization takes the time to lead the new
member through the board book highlighting those parts of interest or concern to the new member.
This author can personally attest to the value of this process having been involved in it from both sides.
The regulators and the IRS are watching. Should a problem arise, a non-profit with a policy-driven response is
likely to fare much better than one without. One prime example is the rebuttable presumption review under the
intermediate sanctions regulations.
Donors expect the organization to be a wise manager of its resources. Policies made and enforced reassure the
donor or prospective donor that their gifts or grants will have a good chance for successful use in the mission.
Pg 32 of the Compliance Guide for 501(c)(3) Public Charities, published by the IRS states:
AGovernance and Management Policies. Although the Internal Revenue Code does not require
charities to have particular governance and management policies, the IRS does encourage boards of
charities to consider whether the implementation of policies relating to executive compensation,
conflicts of interest, investments, fundraising, documentation of governance decisions, document
retention, and whistleblower claims may be necessary or appropriate.@
The article devotes a portion of the content to risk management. Texas non-profits and their governing bodies
are subject to contract and tort liability, but manageable by and large through statutory exemption, insurance, and
policy developed to minimize risk. Fund-raising events, operations, and joint activities with other organizations all
present risks which policy can address. This is an area which should not be left to chance, since experienced
management can leave and boards do turnover.
Policies thrown together without much thought or review might work, but may be worse than useless. The
latter part of this article will help an organization=s governing body Aget a grip@ on the subject with checklists and
resources covering the major content areas for which this author believes policy is needed. Not that every non-profit
should or must adopt policy on each content area. Each non-profit has special or unique circumstances so that each
must decide what is best for it.
AThe equation for disaster is A + B = C [Disaster]. A is natural hazards, things like hurricanes, gases and
liquids under pressure that are extremely volatile .... B is organizational hazards: people and their hubris, their
1
arrogance, their greed. The real killer is our indolence.@ Robert Bea, professor emeritus of Civil Engineering,
University of California, Berkeley and former Shell Oil Co. executive, as quoted in ADiscover@ June, 2013.
III. METHODOLOGY
There is no single right way for a non-profit to adopt and maintain its policies, other than involvement by both
governing body and staff. Some organizations will be lead by staff whose job it is to make and maintain the policies
for the organization subject to approval by the board. Others may have active board involvement, or perhaps a board
committee. The needs and dynamics of the organization will dictate structure. However, it is clear that however
done, the policies adopted must have the following characteristics:
A. support the organization=s mission
B. be clear and concisely drawn
C. provide guidance appropriate to the organization=s activities
D. provide guidance for decision-making when management discretion is needed
E. follow applicable legal, accounting and tax rules or conventions
F. set forth the process for their revision as needed
Professional assistance and review of an organization=s policies for a start-up or in a periodic review can be
crucial. The discovery of inappropriate or incorrect policy after an adverse event or transaction could hurt or is at
least not helpful.
IV. TYPICAL CONTENT AREAS
A. Gift Acceptance. No matter what, over time, a charity with an active fund-raising effort will be
presented with an unusual or challenging problem. Someone wants to donate a lake lot, or property subject to a debt,
or property with a suspicious environmental history. Or, someone wants to donate with restrictions on the gift. All
these questions can be successfully handled by the organization IF it has already adopted a suitable gift acceptance
policy, and the board and staff understand and use it. Such is the art of crafting policies that benefit the organization
by properly focusing its efforts. If the organization is not so focused, then it could spend time dealing with
something that really diverts it from its mission. For example, many charities should not consider accepting and
administering deferred gifts such as charitable split-interest gifts, as they do not have the internal staff or experience
to do so. The gift acceptance policy should deal with that so that all stakeholders are clearly informed. A board
member will be able to say to a friend when asked, ANo, the organization does directly accept the trusteeship of a
remainder trust, but it can certainly be named as a remainder beneficiary.@ A sample Gift Acceptance Policy is
provided at Appendix A.
B. Document Retention. A document retention policy permits the organization to balance risk
management with efficiency. Where that balance lies is generally in the sound judgment of the governing body,
subject to legal requirements, such as keeping tax records for years where the period of limitations has not run. Of
course, certain really important records should never leave home, but many others have a useful life then should be
properly disposed of again based upon the policy adopted.
This policy should be revisited periodically by the governing body for two reasons: for currency and for a
discipline of actually disposing of the documents which it calls for destruction. Following the policy promotes
efficiency and still manages risk by having the documents available to show the organization=s considered course of
action.
Two important ideas crowd in here:
One, if there is threatened or an actual litigation or regulatory examination, then the document policy is put in
suspense. An example of this guidance is provided as VI. of the sample document Retention Policy included as
Appendix B.
Second, an ever increasing level of organizational documents are digital. Those digital records may be
centrally stored and retrieved on a network, in the cloud or on individual computers. The Sample Document
Retention Policy in Appendix B speaks of network storage, but a given organization may not have such a system. So
2
the policy should be tailored to deal with this. At a minimum, someone in management should monitor data storage
and retrieval for that situation.
C. Privacy. A cardinal principle for charities and many other non-profits is maintaining donor privacy.
(Yes, even (c)(4)=s.) For charities with a gift acceptance policy, the privacy of the donor=s plan or contribution unless
the donor consents to public recognition, is prominently declared. For organizations without a formal gift acceptance
policy, the organization may provide the donor with written assurances of privacy.
There may be other aspects to donor privacy. A celebrity donor may wish to be a volunteer in the organization
(not serve as a governing person) without any publicity. A donor=s family member may receive services from the
organization for which the donor wants no publicity. These situations may require or receive assistance from a
privacy policy.
Certainly those individuals receiving assistance from an organization will usually wish to stay clear of the
public view. This should not mean that the organization may avoid required reports to regulators, etc., which
generally is not viewed as public disclosure. A sample Privacy Policy is in Appendix C.
If your organization has a website, you MUST pay attention to the Privacy Best Practices published by
TRUSTe, a non-profit organization involved in education on privacy practices and certifying websites for privacy
protection quality.
There are restrictions on how and what data may be collected from children (AChild Online Protection Act@
HR3783; 47 USC 231(d)).
The Federal Trade Commission is active in investigating and prosecuting cases involving breach of privacy.
See the Notes on Non-Profits blog of Erin McClarty for excellent insight into the warp and woof of this area. Of
particular note is her comment warning about simply finding a document on the internet and adopting it without
careful thought or professional help.
That theme is recurrent in this broad area of policy development for non-profits. While in some cases a hastily
prepared policy might do for a while, over time it can become a problem because of the mismatch between actual
need and transactions and the policy language. APay me now or pay me later.@
Note: Charities, religious organizations and a number of tax-exempt organizations have increased public
disclosure requirements. Certain tax returns and forms must now be disclosed to the public on request. These
requirements arise from the passage of the Taxpayer Bill of Rights 2 in 1996 (P. L. 104-168) and implemented by
Treasury Regs. effective June 8, 1999.
What must be disclosed: All or any requested part (except donor information) of:
Form 990 Return of Organization Exempt from Tax
Form 990 BL Information and Initial Excise Tax Return for Black Lung
Benefit Trusts and Certain Related Persons
Form 990-EZ Short Form Return of Organization Exempt from Income Tax
Form 1023 Application for Recognition of Exemption under Section
501(c)(3) of the Internal Revenue Code
Form 1024 Application for Recognition of Exemption under Section
501(a) or for Determination under Section 120 of the
Internal Revenue Code
No disclosure is required for a PENDING application for exemption.
The three (3) most recent tax returns, plus all attachments, are open to disclosure except those
attachments dealing with donors.
How disclosure is made.
Disclosure may be made by inspection or copying.
Inspection. Documents subject to disclosure may be inspected at the principal office of
the organization. If the organization has satellite offices or three (3) or more
full-time employees, and management staff (beyond merely on-site
management), then inspection may occur there as well.
Inspection of documents may be monitored by an employee of the
organization.
Copying. Requests for copies made in person must be satisfied usually on the same
business day. If unusual circumstances exist, such as the absence of the
person normally handling such requests, then the organization may have up
to five business days if needed, within which to respond.
Requests for copies by mail, fax or email must receive a response within 30
days.
An organization may charge a reasonable copy fee. Generally, the IRS
considers $ 1.00 for the first page and $ .15 for each additional page to be a
reasonable copy fee. Postage is also an acceptable charge to the person
requesting copies.
An organization may require prepayment of its copy fees. Should a written
request arrive without prepayment, the organization must give the requestor
written notice within seven days that payment is due.
Telephone requests for copies need not be accepted. Requestors should be
told to make a written request.
Documents widely available
An exception to the copying burden exists where the organization makes its tax information
(e.g. Form 990) widely available. The most commonly referred to method is the internet.
If any person may print the organization’s document from the internet in the same format as
the tax return and without charge, then the organization need not make copies available.
However, the organization must still allow inspection of these documents on request at its
office(s).
Penalties for non-compliance
$ 20.00 per return or exemption application per DAY on the individual responsible for
disclosure, up to $ 10,000 maximum for a return. (No max for an exemption application.)
$ 5,000 per return or application for an organization wilfully failing to disclose.
A more robust discussion of the applicable rules will be found in the outline of Jonathan Frels, “Current Case
Law Development in Public Disclosure,” as a part of this course.
D. Insurance. By and large, the most important reason for having an insurance policy is to backstop the
indemnity promises made to the organization=s governing body and volunteers. Many organizations provide hold
harmless language to these individuals in their governing documents, such as Bylaws. The organization promises to
protect the volunteer board member from liability including costs of defense in a lawsuit where the board member is
4
sued, and the governing board finds that the member has not acted in bad faith or with disloyal conduct to the
organization.
Sometimes organizations accept the indemnity language in the governing documents without much review.
This could be a problem since Texas law leaves wide latitude for an organization to decide how much and when to
indemnify. A critical question is either the costs of defense are paid in advance or at the conclusion of the litigation.
Clearly, the terms of any insurance, particularly a directors and officers liability policy, should be consistent
with the indemnity provisions of the organization=s insurance policy and/or governing documents. If the policy says
pay up-front, but the insurance policy says wait, then the organization=s balance sheet is impacted.
A qualifying charity or other organization covered by the Charitable Immunity Act of 1987 (Chapter 84, Civil
Practice and Remedies Code), will want to review insurance coverage and maintain the level needed to qualify for
protection of its volunteers and employees from unwanted personal liability.
A well-crafted policy will coordinate the above elements for maximum protection and lowest premium cost,
consistent with the organization=s activities. A sample Insurance Policy is found in Appendix D.
E. Employee. It is perhaps an understatement to say that a well-crafted employee policy is quite
important. Insurance agents claim that the primary source of claims against the directors of a non-profit organization
are employee-related.
Unless organization management is really capable of doing so, it should use outside experts such as an
employment law attorney, to prepare, or to review and edit, any employee manual or policy, the area is just so dicey
with risk to the organization and its management, this type of organizational document must be correct, complete and
thoroughly compliant with the multitude of laws and regulations affecting employers.
For an excellent source, see Connie Cornell, Employment Litigation Prevention for Texas Managers and
supervisors.
F. Whistleblower. Whether the organization has paid staff or not, a whistleblower protection policy
A...encourages staff and volunteers to come forward with credible information on illegal practices or violations of
adopted policies of the organization, specifies that the organization will protect the individual from retaliation, and
identifies those staff or board members or outside parties to whom such information will be reported.@
Instructions to Form 990, pg. 20.
Even though not required by federal tax law, the organization may benefit from the policy through prevention
of fraud or damage to its image. Its adoption brings recognition that the organization desires transparency and
accountability.
Further, the Sarbones-Oxley Act (Section 1107) requires that no corporation (including non-profits) may
retaliate against a whistleblower. This does not require a written policy but there is universal agreement that written
policy prove it was attempting compliance.
As to the IRS= view, a whistleblower policy has three main elements;
1. Encourages disclosure within the organization of illegal acts or violations of policy;
2. Protects the whistleblower from retaliation; and
3. Identify persons within the organization to whom the information may be given.
If an organization receives federal funding, then the Federal False Claims Act (31 USC 3729(h)) protects
whistleblowers from retaliation.
Useful guidance on the development of this type of policy is found in Policy Services Memo #3 dated 12-1-
2009, issued by the Form 990 Policy Series Group (www.publiccounsel.org/usefulmaterials).
1. Where should the policy be found? For example, if it is only in the employee handbook, then it
would not be available to volunteers.
2. Make sure the policy can actually be followed.
3. At what level is the policy approved? Board or staff?
4. Who is really going to receive a whistleblower complaint? Often in a small organization, such as
one without an audit committee or a compliance officer, the real opportunity to disclose is missing.
5. Provide a disciplinary route for frivolous complaints.
6. Provide a concrete means of follow-up, including informing legal counsel, if needed, interviewing
employees and others, and making a written record.
7. Reporting back to the whistleblower.
8. Making explanations of the policy to employees and volunteers.
A sample policy is found in Appendix E.
G. Conflict of Interest. Among the most important duties of a non-profit director or key officer is the
duty of loyalty. That duty is breached if the director or officer uses the resources of the organization unfairly for
personal reasons. Here, a conflict of interest policy is, without research, probably the most prevalent policy in the
non-profit organization=s portfolio. It does not hurt that the IRS Form 1023 asks quite prominently about this as well.
What are the essential elements of a conflict of interest policy?
First, it should define the relationships and transactions that may give rise to a conflict.
Second, the policy requires governing persons to disclose actual or possible conflicts to the organization.
Third, a process for sorting out the facts and making a decision on behalf of the organization is important.
Fourth, it gives enforcement authority to the governing body in the event of a finding of a conflict.
Fifth, it pays particular attention to compensated individuals of the governing body.
Sixth, it encourages the use of outside experts if needed.
Although the policy adopted by a public charity is not required to refer to the provision of the intermediate
sanctions rules of Section 4958, IRC, the policy should be consistent with such rules. For example, the policy should
allow for the procedures available to obtain a rebuttable presumption of no prohibited transaction with respect to a
transaction between the organization and an insider, under Section 4958, IRC.
For insiders and the organization, there is a fair amount at stake here. If the organization has a robust conflict
of interest policy communicated to its stakeholders, there may be less chance that a governing person will attempt an
unfair transaction, or if attempted, that another person in the organization will acquiesce.
Should an insider transaction occur, the governing body and staff can handle the situation with more
confidence. In an indirect way, the policy can back up a decision to remove the recalcitrant director who has crossed
the line.
A routine process of disclosure by governing persons gives the organization and its supporters a greater
confidence that the organization is well-run.
A sample conflict of interest policy is found at Appendix F.
6
H. Investment. Texas Business Organization Code, Section 22.221, provides that a director must act in good
faith, with ordinary care and in a manner the director reasonably believes to be in the best interests of the corporation.
A director is not a guarantor of performance, but must act with informed judgment and common sense.
Attendance at meetings, review and understanding of materials presented to the board and requesting information are
part of the proper exercise of a director=s duties.
The Code also allows the board to delegate its investment authority, but it cannot delegate the ultimate
responsibility. The board may contract with investment advisors or managers, so long as it selects such outside
managers with ordinary care and in good faith.
For those organizations with endowment assets or other investments that are not used directly in the
performance of the exempt function, an investment policy is needed. Texas has the Uniform Prudent Management of
Institutional Funds Act AUPMIFA@ (Texas Property Code, Chapter 163), which guides such non-profits in the
management of their investments. Using the modern portfolio theory of investments, UPMIFA permits distributions
from the investments that are prudent in light of the overall investment return. Distributions greater than 7% require
extra justification or will be considered imprudent for a fund valued at $1 million or more. Smaller funds have a 5%
threshold. But these are not safe harbors.
Under UPMIFA, the directors are to act with ordinary business care and prudence in the investment of its funds
and consider both short and long term needs in making investment decisions, using the facts and circumstances at the
time of the decision.
UPMIFA specifically allows the board to delegate its investment authority to outside investment managers and
pay their fees. Also, UPMIFA allows the corporation to invest in practically any kind of investment, regardless of its
current return.
An organization=s attention to this area is a mark of sound management and good stewardship. The investment
policy may, but need not explicitly mention UPMIFA; nonetheless, the policy should at a minimum, cover the
following:
1. The overall investment goals of the organization, such as to build long-term endowment.
2. The asset allocation to be the target for overall investment strategy.
3. What person or group of persons is responsible for the oversight of the investment decision-
making.
Often, the organization will use outside investment management but someone within the organization must
review that work and report to the governing body.
4. How often will the organization review the results of the investments.
Many organizations will use either a quarterly or annual review process. This may include a decision on
whether to retain or discharge an investment manager, or, the organization could decide to move the investment
management outside the organization after the investments have grown or become diverse.
5. The process for changing the investment policy. Normally, the policy has, in its asset allocation
section, a range of values within which the investment manager may operate. For example, holding cash of between
2% and 4% of the total investment fund could be an acceptable amount of cash to be held, under the policy.
A sample investment policy is included in Appendix G.
I. Volunteer. It is a rare case to find a non-profit with no volunteers. Volunteers are vital to the organization,
starting with volunteer board members. Just as with any valuable resource, this one needs management: recruiting,
7
screening, training, supervising and evaluating. There are lots of online resources for dealing with volunteers.
Appendix H includes the online version of a sample Volunteer Policy.
As with any organization policy, the content and style should fit the organization.
Significant items for the policy probably should include:
1. Training and duties
4. Conflict of interest
5. Safety and security
J. Property Owners Association. Roy Hailey is going to provide an authoritative discussion of property
owner’s associations later in this course. This is a somewhat specialized area with its own set of state law
requirements. For example, associations must maintain policies on open records and records retention (Texas
Property Code, Section 200.005), and payment plan guidelines (Texas Property Code, Section 209.0062.) If
association has a website, then the required policies must be found there. (Texas Property Code, Section
207.006).
K. Intellectual Property. Although many organizations will not be involved in research and development and
the commercialization of inventions, innovations and research findings, those that have a trade name or wish to
protect copyrighted material should consider an appropriate intellectual property policy.
A useful tool for crafting such a policy is the document AGuidelines on Developing Intellectual Property Policy for
Universities and R&D Organizations,@ published by the World Intellectual Property Organization, Geneva
Switzerland. (unedited, advance copy).
This publication=s bibliography acknowledges material it drew from leading U.S. Universities, including the
University of Texas (http://www.utsystem.edu?OGC/Intellectual Property (polguide.htm) and MIT
(http://web.mit.edu/policies/13-1-html).
For example, the draft items covering copyrights include the authorization or prohibition of:
reproduction in various forms
translation into other languages
With respect to the management of a copyright, the policy must deal with:
1. Ownership, including participation agreements which clearly gives the organization rights in the work, subject
to any retained rights in the creator
2. Whether the organization will register the copyrighted work with the Library of Congress
3. Whether copyrighted work will be available for licensing and on what terms and conditions
A registered trademark for a non-profit organization provides recognition and potential financial reward, as
well as protection from unfair competition from organizations who would provide inferior service. However, the
majority of non-profit organizations will probably avoid using a registered mark, as the costs of its maintenance and
administration will outweigh the benefits (notable exception-Gatorade7).
L. Private Foundations. Private foundations are subject to more restrictions and requirements in their
operation than publicly supported charities, including governing document requirements under Section 508(e), IRC.
Those document requirements are either present in the governing documents of the organization or incorporated by
reference under Texas law. See Section 112.055, Texas Property Code or Section 2.107, Texas Business
8
Organizations Code. Unless the organization is a private operating foundation described in Section 4942(j)(3), IRC,
the organization will move through the annual drill of determining its 2% audit tax to pay with the filing of its Form
990-PF and the amount to distribute or spend to meet the 5% payout requirement.
Since the private foundation and its disqualified persons may not deal with each other no matter whether the
deal is fair or not (Section 4941,IRC), the organization will want a different conflict of interest policy than a publicly
supported charity (that is not a supporting organization). A sample policy is found in Appendix I.
A private foundation is subject to special restrictions in jeopardy investments (Section 4944, IRC) and excess
business holdings (Section 4943, IRC). Provisions in the investment policy and the gift acceptance policy should
reflect the organization=s understanding of these roles and a plan to deal with them. See Appendix J.
M. Social Media. In January, 2012, the National Labor Relations Board (NLRB) produced a second report on
social media, revising its earlier first report issued in 2011. (See www.socialmediapolicytemplate.com) Eric
Schwartzman, an online communications consultant, has drafted an excellent outline and template, based upon the
NLRB report, for guidance on developing organizational policy.
In summary, after concise and accurate definitions, the policy sets out organizational objectives, then guiding
principles.
The basic rules for an organization’s staff are:
- do not use social media covertly - always show clear identification with the organization
- only certain persons are authorized to use social media on behalf of the organization
- all contractors, venturers and agencies with whom the organization has an ongoing relationship are in
agreement with the organization’s social media policy
- online activities of organization staff do not interfere with their job performance
This author would add that whether it appears in this policy and/or in the employee handbook, the organization
should require the staff’s understanding that any social media use at work on computers or tablets of the organization
may be accessed at any time by the organization.
Suggested Reading
“The Sarbones-Oxley Act and Implications for Nonprofit Organizations,” © 2003 Board Source and Independent
Sector.
“Guidelines on Developing Intellectual Property Policy for Universities and R&D Organizations,” World Intellectual
Property Organization (unedited, advance copy) at www.wip.int/
www.truste.com/
Commonfund White Papers at www.commonfund.org/InvestorResources/Publications Pages/WhitePapers.aspy
“ A B o a r d M e m b e r ’ s G u i d e t o N o n p r o f i t I n s u r a n c e , ” P a m e l a D a v i s , 2 0 0 8 i n
How to Draft Policies Chapter 2
11
GIFT ACCEPTANCE POLICIES AND GUIDELINES
______ Charity, a not for profit organization organized under the laws of the State of encourages the solicitation and acceptance of gifts to I
_________ Charity (hereinafter referred to as the Charity) for purposes that will help the Charity to further and fulfill its mission. The following policies and guidelines govern acceptance of gifts made to the Charity or for the benefit of any of its programs.
The mission of the Charity is to:
I. Purpose of Policies and Guidelines
The Board of Directors of Charity and its staff solicit current and deferred gifts from individuals, corporations, and foundations to secure the future growth and missions of the Charity. It is the purpose of these policies and gUidelines to govern the acceptance of gifts by the Charity and to provide guidance to prospective donors and their advisors when making gifts to the Charity. The provisions of these policies shall apply to all gifts received by the Charity for any of its programs or services.
n. Use of Legal Counsel
______ charity shall seek the advice of legal counsel in matters relating to acceptance of gifts where appropriate. Review by counsel is recommended for:
a. review of closely held stock transfers that are subject to restrictions or buy - sell agreements
b. review of documents naming Charity as Trustee
c. review of all gifts involving contracts, such as bargain sales or other documents requiring the Charity to assume an obligation
d. review of all transactions with potential conflict of interest that may invoke IRS sanctions
e. and such other instances in which use of counsel is deemed
12
appropriate by the Gift Acceptance Committee ID. Conflict of Interest
All prospective donors shall be strongly urged to seek the assistance of personal legal and financial advisors in matters relating to their gifts and the resulting tax and estate planning consequences. The Charity will comply with the Model Standards of Practice for the Charitable Gift Planner promulgated by the National Committee on Planned Giving, shown as an appendix to this document.
IV. Restrictions on Gifts
The Charity will accept unrestricted gifts, and gifts for specific programs and purposes, provided that such gifts are not inconsistent with its stated mission, purposes, and priorities. The Charity will not accept gifts that are too restrictive in purpose. Gifts that are too restrictive are those that violate the terms of the corporate charter (or trust document if Charity is established under trust), gifts that are too difficult to administer, or gifts that are for purposes outside the mission of the Charity. All final decisions on the restrictive nature of a gift, and its acceptance or refusal, shall be made by the Gift Acceptance Committee of the Charity.
V. The Gift Acceptance Committee
The gift acceptance committee shall consist of:
- The President of Charity
- The Treasurer of Charity
- Two members of the Executive Committee, appointed by the President
- Two members of the Development Committee, appointed by the Development Vice President
- Such other members as appointed by the President of the Charity
- Ex-Officio members shall include the Executive Director and the Development Director of Charity
The gift acceptance committee is charged with the responsibility of reviewing all gifts made to Charity, properly screening and accepting those gifts, and making recommendations to the Board on gift acceptance issues where appropriate.
13
1. Cash
6. Oil, Gas, and Mineral Interests
7. Bargain Sales
8. Life Insurance
13. Bequests
14. Life Insurance Beneficiary Designations
B. The following criteria govern the acceptance of each gift form:
1. Cash: Cash is acceptable in any form. Checks shall be made payable to The Charity and shall be delivered to (place title of Charity employee to which gift should be delivered) in the Charity's administrative offices.
2. Tangible Personal Property: All other gifts of tangible personal property shall be examined in light of the following criteria:
• Does the property fulfill the mission of the Charity?
14
• Is the property marketable?
• Are there any undue restrictions on tile use, display, or sale of the property?
• Are there any carrying costs for the property?
The final determination on the acceptance of other tangible property gifts shall be made by the Gift Acceptance Committee of the _ Charity.
3. Securities: The Charity can accept both publicly traded securities and·closely held securities.
Publicly Traded Securities: Marketable securities may be transferred to an account maintained at one or more brokerage firms or delivered physically with the transferor's signature or stock power attached. As a general rule, all marketable securities shall be sold upon receipt unless otherwise directed by the Investment Committee. In some cases marketable securities may be restricted by applicable securities laws; in such instance the final determination on the acceptance of the restricted securities shall be made by the Gift Acceptance Committee of the Charity.
Closely Held Securities: Closely held securities, which include not only debt and equity positions in non-publicly traded companies but also interests in LLPs and LLCs or other ownership forms, can be accepted subject to the approval of the Gift Acceptance Committee of the Charity. However, gifts must be reviewed prior to acceptance to determine that:
• there are no restrictions on the security that would prevent _____ Charity from ultimately converting those assets to cash,
• the security is marketable, and
• the security will not generate any undesirable tax consequences for the Charity.
If potential problems arise on initial review of the security, further review and recommendation by an outside professional may be sought before making a final decision on acceptance of the gift. The final determination on the acceptance of closely held securities shall be made by the Gift Acceptance Committee of the Charity and legal counsel where necessary. Every effort will be made to sell non-marketable
15
securities as quickly as possible.
4. Real Estate: Gifts of real estate may include developed property, undeveloped property, or gifts subject to a prior life interest. Prior to acceptance of real estate, the Charity shall require an initial environment review of the property to insure that the property is not contaminated with environmental damage. Environmental inspection forms are attached as an appendix to this document. In the event that the initial inspection reveals a potential problem, the Charity shall retain a qualified inspection firm to conduct an environmental audit. The cost of the environmental audit shall generally be an expense of the donor.
Where appropriate, a title binder shall be obtained by the Charity prior to the acceptance of the real property gift. The cost of this title binder shall generally be an expense of the donor.
Prior to acceptance of the real property, the gift shall be approved by the Gift Acceptance Committee of the Charity and by the Charity's legal counsel. Criteria for acceptance of the property shall include:
• Is the property useful for the purposes of the Charity?
• Is the property marketable?
• Are there carrying costs, which may include insurance, property taxes, mortgages, or notes,' etc., associated with the property?
• Does the environmental audit reflect that the property is not damaged?
5. Remainder Interests In Property: The Charity will accept a remainder interest in a personal residence, farm, or vacation subject to the provisions of paragraph 4. above. The donor or other occupants may continue to occupy the real property for the duration of the stated life. At the death of the donor, the Charity may use the property or reduce it to cash. Where the Charity receives a gift of a remainder interest, expenses for maintenance, real estate taxes, and any property indebtedness are to be paid by the donor or primary beneficiary.
6. Oil, Gas, and Mineral Interests: The Charity may accept oil and gas property interests, where appropriate. Prior to acceptance of an oil
16
receipt. include the year
8. Life Insurance: Charity must be named as both beneficiary and irrevocable owner of an insurance policy before a life insurance policy can be recorded as a gift. The gift is valued at its interpolated terminal reserve value, or cash surrender value, upon
If the donor contributes future premium payments, the Charity will the entire amount of the additional premium payment as a gift in that it is made.
If the donor does not elect to continue to make gifts to cover premium payments on the life insurance policy, the Charity may:
• continue to pay the premiums,
• convert the policy to paid up insurance, or
• surrender the policy for its current cash value.
9. Charitable Gift Annuities: Charity may offer charitable gift annuities. The minimum gift for funding shall be $5,000. Charity President may make exceptions to this minimum. The minimum age for life income beneficiaries of a gift annuity shall be 55. Where a deferred gift annuity is offered, the rninimum age for life income beneficiaries shall be 45. No more than two life income
beneficiaries will be permitted for any gift annuity.
Annuity payments may be made on a quarterly, semi-annual, or annual schedule. Charity President may approve exceptions to this payment schedule.
______ Charity will not accept real estate, tangible personal property, or any other illiquid asset in exchange for current charitable gift annuities. Charity may accept real estate, tangible personal property, or other illiquid assets in exchange for deferred gift annuities so long as there is at least a 5 year period before the commencement of the annuity payment date, the value of the property is reasonably certain, and the President of Charity approves the arrangement.
Funds contributed in exchange for a gift annuity shall be set aside and invested during the term of the annuity payments. Once those payments have terminated, the funds representing the remaining principal contributed in exchange for the gift annuity shall be transferred to _____ Charity's general endowment funds, or to such specific fund as designated by the donor.
10. Charitable Remainder Trusts: The Charity may accept
17
ENVIRONMENTAL INTERVIEW
This interview is designed for use with current and/or prior owners or mangers of the property.
Date of Interview _ Interviewer _
Type of Property Agricultural Commercial Age of Buildings Residential
Timber Manufacturing Undeveloped Lane Other
_
1. Indicate prior uses of property. _
_ _
3. For U$es indentified in question 1, has an environmental license or permit ever been issued? No Yes
4. Are there any oil, fuel or chemical storage tanks on the property located above or below ground? No Yes
5. Has an environmental assesment been previously conducted?__ No __ Yes If Yes, provide a copy of the report.
6. If available, attach maps or surveys that describe the property to this questionnaire. __ attached __ non available
7. If you are unable to furnish the information requested above, please advise us if there is a reliable source that may be able to furnish this information.
18
Name of Inspector _ Date of Inspection _
Owner of Property _ Estimated Size _
Location of Property _ Current Use _
Number of years the current use has been in effect _
Brief history of property use (list past use and former tenants, and source of information)
ENVIRONMENTAL SITE INSPECTION CHECKLIST
1. An on-site inspection revealed the following: Yes No
A. Stressed or denuded vegetation or unusual barren areas B. Discoloration, oil sheens or foul/unusual odors in water C. Dump site D. Tire/battery/chemical storage or disposal E. Storage drums F. Above or below ground storage tanks, vent or filler pipes G. Evidence of petroleum or oil products H. Evidence of PCBs (electrical transformers, capacitors) I. Subject or adjoining property used for industrial purposes
J. Existing structures: If yes, indicate if there is: 1. Evidence of chemical spills/leaks 2. Evidence of asbestos 3. Any source of air emission
K. Does property appear on National/Site Hasardous Site list? L. If "yes" to any of the above, describe: _
II. ( ) Based on the evaluation of known, discovered or observed environmental factors, there is no evidence of environmental contamination on this or neighboring properties, and no further action is recommended.
19
H. The donor has revealed portential sources or causes of environmental contamination.
I. This property is used for agricultural purposes.
( ) Based on the evaluation of known environmental factors, there is no evidence of possible environmental contamination of this or neighboring properties and no further action is recommended.
( ) Based on the evaluation of known environmental factors, there is evidence of possible environmental contamination on this or neighboring properties and further investigation is recommended.
Recommendations: _
Acceptance of Form Approved By Title Date
20
21
SAMPLE DOCUMENT RETENTION POLICY From the January/February 2006 Fraud Magazine column "Fraud &The Law"
By Juliana Morehead hllp:l/acfe.com/fraud/view.asp?ArticleID:=SOO
This is OIlIY (J SAMPLE DOCUMENT RETENTION Po.UCY ("DRP'J, and ir NOT LEGAL ADVICE. It i.r OIl!Y all example ofa gelleral DRP alld should 1I0t he ",.red Ivithollt l'CIJ;'riOIl to 1I/eet the paltiC!llar adtl/ilJi.rtratipe alld legal lIeeds ofyour orgalli:<:f1tioll. Thel'C arc mal!y federal, .rtale alld loml laws that reqllire orgallizatiolls to retaiJi dOt'lI/Jlellt.r for a arlaill peliod r!l tillle that III'!)' 1I0t repl'C.rellted ill thi.r sample poliry. All fOlI/pallies should tVlltad tVimsc/ lit'lJllsed to pmdit"c Imv i/1 their state befol'C implelltelltillg a DRP.
I. Purpose
To ensure the most efficient and effective operation of ORGANIZATION ("Organization"), we are implementing this Document Retention Policy ("DRP" or "policy''). The records of Organization and its subsidiaries are important to the proper functioning of Organization. Our records include virtually all of the records you produce as an Organization employee. Such records can be in dectronic or paper form. Thus, items that you may not consider important, such as interoffice emails, desktop calendars and printed memoranda are records that are considered important under this policy. If you are ever uncertain as to any procedures set forth in this policy (e.g., what records to retain or destroy, when to do so, or how) it is your responsibility to seek answers from Organization's DRP Manager.
The goals of this DRP are to: 1. Retain important documents for reference and future use; 2. Ddete documents that are no longer necessary for the proper functioning of
Organization; 3. Organize important documents for efficient retrieval; and 4. Ensure that you, as an Organization employee, know what documents should be
retained, the length of their retention, means of storage, and when and how they should be destroyed.
Federal and state laws require Organization to maintain certain types of records for particular periods. Failure to maintain such records could subject you and Organization to penalties and fines, obstruct justice, spoil legal evidence, and/or seriously harm Organization's position in litigation. Thus, it is imperative that you fully understand and comply with this, and any future records retention or destruction policies and schedules, UNLESS you have been notified by Organization, or ifyou believe that (1) such records are or could be relevant to any future litigation, (2) there is a dispute that could lead to litigation, or (3) Organization is a party to a lawsuit, in which case you MUST PRESERVE such records until Organization's legal counsd determines that the records are no longer needed.
"Records" discussed herein refers to all business records of Organization (and is used interchangeably with "documents''), including written, printed, and recorded materials, as well as dectronic records (i.e., emails and documents saved dectronically). All business
22
records shall be retained for a period no longer than necessary for the proper conduct and functioning of Organization. No business records shall be retained longer than five (5) years, EXCEPT those that (1) have periods provided for herein, (2) are in the Document Retention Schedule, found at Appendix "A", or (3) are specifically exempted by Organization's DRP Manager.
II. Management
To ensure compliance with this DRP, Organization's DRP Manager is responsible for the following oversight functions:
• Implementing the DRP; • Ensuring that employees are properly educated, understand, and follow the DRP's
purpose; • Providing oversight on actual retention and destruction of documents;
• Ensuring proper storage of documents; • Periodically following-up with counsel to ensure proper retention periods are in
place;
to theDRP.
Organization's DRP Manager shall annually review the DRP, modify it accordingly, and inform and educate all Organization employees on any such changes. All questions relating to document retention and/or destruction should be directly addressed to Organization's DRP Manager.
III. Types of Records
Appendix "A", attached at the end of this DRP, lists several categories of records, as well as specific records that contain specific retention periods. This is referred to as a Document Retention Schedule ("DRS"). All tec:ords not provided for in the DRS or described herein, shall be classified into three types, (1) Temporary Records, (2) Final Records, and (3) Permanent Records.1
Tempotaty Records
Temporary records include all business documents that have not been completed. Such include, but are not limited to written memoranda and dictation to be typed in the future, reminders, to-do lists, report, case study, and calculation drafts, interoffice correspondence regarding a client or business transaction, and running logs
I See Ashcraft, H. uf Hanson, Bridgett. Marcus, Vlahos & Rudy, LLI'., DQCUmcnt Retention: Guidelines for Managing Project Files, February 2002. Available at Ilttp://terral'l'g.col11/images/pdfs/Doclll11entRetention.pdC
23
Temporary records can be destroyed, or pennanently deleted if in electronic form (see protocol below for proper destruction of data in electronic form) when a project/case/file closes. Upon the closing of a project/case/file, gather and review all such temporary records. Before you destroy or permanently delete these documents, make sure you have duplicates of all the final records pertaining to the project/case/file. Upon destruction or deletion, organize the final records (and duplicates) in a file marked "FINAL" and store them appropriately.
Final Records
Final records include all business documents that are not superseded by modification or addition. Such include, but are not limited to: documents given (or sent via electronic form) to any third party not employed by Organization, or government agency; final memoranda and reports; correspondence; handwritten telephone memoranda not further transcribed; minutes; design/plan specifications; journal entries; cost estimates; etc. All accounting records shall be deemed final.
Except as provided for in the DRS, all final documents are to be discarded ten (10) years after the close of a project/case/file.
P~ent Records
Permanent records include all business documents that define Organization's scope ofwork, expressions of professional opinions, research and reference materials. Such include, but are not limited to contracts, proposals, materials referencing expert opinions, annual financial statements, federal tax returns, payroll registers, copyright registrations, patents, etc.
Except as provided for in the Docwnent Retention Schedule (Appendix "N'), all permanent documents are to be retained indefinitely.
Accounting and Corporate Tax Records
Accounting and corporate mx records include, but are not limited to: financial smtements; ledgers; audit records; invoices and expense records; federal, smte, and property tax returns; payroll; accounting procedures; gross receipts; customer records; purchases; etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of six (6) years or until the smtute of limitations for a particular record expires (please consult Organization's counsel for time periods if you manage/control such records).
Workplace Records
Workplace records include, but are not limited to Articles of Incorporation, bylaws, meeting minutes, deeds and tides, leases, policy smtements, contracts and agreements, patents and trademark records, etc.
Unless otherwise specified in the DRS, such records should be retained in perpetuity.
24
Employment records include, but are not limited to job announcements and advertisements; employment applications, background investigations, resumes, and letters of recommendation of persons not hired; etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of one (1) year.
Employee records include, but are not limited to employment applications, background investigations, resumes, and letters of recommendation of current and past employees, records relating to current and past employee's performance reviews and complaints, etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of three (3) years following unemployment with Organization.
Payroll records include, but are not limited to wage rate tables; salary history; current rate of pay; payroll deductions; time cards; W-2 and W-4 forms; bonuses; etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of six (6) years.
Bank Records
Bank records include, but are not limited to bank deposits; check copies; stop payment orders; bank statements; check signature authorizations; bank reconciliations; etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of three (3) years.
1&gal Records
Legal records include, but are not limited to all contracts, legal records, statements, and correspondence, trademark and copyright registrations, patents, personal injury records and statements, press releases, public findings, etc.
Unless otherwise specified in the DRS, such records should be retained for the minimum of ten (10) years.
Historical Records
Historical records are those that are no longer of use to Organization, but by virtue of their age or research value may be of historical interest or significance to Organization.
Historical records should be retained indefinitely.
IV. Storage
25
Tangible Records
Tangible records are those in which you must physically move to store, such as paper records (including records printed versions of electronically saved documents), photographs, audio recordings, advertisements and promotional items. Active records and records that need to be easily accessible may be stored in Organization's office space or equipment. Inactive records can be sent to Organization's off-site storage facility.
Electronic Records
Electronic mail ("E-mail") should be either printed and stored as tangible evidence, or downloaded to a computer file and kept electronically or on a disk.
Organization has computer software that duplicates files, which are then backed-up on central servers. Ifyou have a notebook computer from Organization that you work on out of the office, your computer contains synchronization software that duplicates and backs-up files when you log into the network. However, it is important that all employees take precautionary measures to save work and records on Organization's network drive.
Ifyou save sensitive or important records on computer disks, you should duplicate the information in an alternate format because disks are easily lost or damaged.
v. Destruction/Deletion
Tangible Records
Tangible records should be destroyed by shredding or some other means that will render them unreadable. Ifyou have a record that you do not know how to destroy, such as a photograph, compact disk, or tape recording, ask the advice of Organization's DRP Manager.
Electronic Records
E-mail records that you "delete" remain in Organization's system. Thus, Organization's information technology ("IT") department will be responsible for permanendy removing deleted emails from the computer system.
Deleting files and emptying the recycling bin is usually sufficient in most circumstances to get rid of a record. However, because electronic records can be stored in many locations, Organization's IT departtnent will be responsible for permanendy removing deleted files from the computer system.
Keep in mind, where duplicate records are involved, both copies must be destroyed/deleted where proper.
VI. Cessation of Record Destruction/Deletion
26
If a lawsuit is filed or imminent, or a legal document request has been made upon Organization, .AlL RECORD DESTRUCTION MUST CEASE IMMEDIATELY. Organization's DRP Manager may suspend this DRP to require that documents relating to the lawsuit or potential legal issue(s) be retained and organized A critical understanding of this section is imperative. Should you fail to follow this protocol, you and/or Organization may be subject to fines and penalties, among other sanctions.
VII. Acknowledgement
I have read and understand the purpose of this DRP. I understand that strict adherence to this DRP is a condition of my employment with Organization. If I do not understand something regarding this DRP, I will contact Organization's DRP Manager immediately for clarification. I agree to abide by Organization's DRP.
Employee's Signature Date
Employee's Name (print)
27
28
Find TRUSTed Sites I Evenls I 810g I Newsletler 'fRUSTe
Pow~riflH 1"ru3! in IhQ O'l!'l E£lJIwmy
Privacy Best Practices
WhyTRUSTe
Protecting Customer Information Online
Consumer confidence in how you protect their pri~acy is key to your online business. When TRUSTe certifies your Web site, you get o~r a decade of our expertise in the issues that maller most in online pri~acy. Here are just a few examples of the best practices we recommend for businesses to build trust with consumers.
Your Web Site's Privacy Statement
Your EU Certification
Your Email Privacy Practices
Your Web Site's Security
Your Online Behavioral Tracking Practices
Your Web Site's Privacy Statement
Review your privacy statement to make sure it's easy to read and understand. Build trust with your consumers; write your pri~acy statement in straightforward language and organize it clearly.
Make sure your privacy statement aligns with your terms-of-service statement. This is best done by cross-referencing your pri~acy statement with your terms-ot·use statement. Confirming uniform pri~acy practices throughout your Web site projects a clear and concise impression to consumers while minimizing your exposure to priwcy risk.
When establishing your company's privacy program, build internal documents with an eye to your public privacy statement. Your posted pri~acy statement defines your entire pri~acy program. All the internal documentation of the processes and procedures you use to enforce pri~acy within your organization should be in lockstep with that statement. Make sure that your internal documents and policies reflect what your outward-facing pri~acy statement says-it'S one more step toward mitigating your pri~acy risk.
Back to top
Review your privacy policy regularly to make sure it accurately reflects your current data-collection and -handling practices. It's important to re"ew your pri~acy policies annually, e~n if you belie~ that nothing has changed. Your annual business priwcy re~iew process should in\Ol~ all parties who handle customer data-oat minimum, management. marketing, legal, operations, and IT.
When writing or revising your privacy statement, use mayor might statements sparingly. A\Oid sounding e~asi~ and build trust uplront by using forthright language. Your pri~cy
statement should describe actual practices consistent with the Fair Information Practice of Notice.
Add an effective date to your privacy statements. This fulfills one of the requirements of the California Onfine Pri~acy Protection Act of 2003. The statement can be as simple as "Effecti~ as of January 1, 2004."
Back to top
CON'fACT US , j
White Paper
Behavioral Targeting Awareness on the Rise. TRUSTe survey re~ls consumers want choices. Downloed the survey
Need to renew? Sign in now»
29
Your EU Certification
Learn how to make your EU certification seamless. EU Certification lets consumers and regulators around the globe know that you comply with the EU Safe Harbor Framework, which is required when transmitting personal data belonging to EU citizens. TRUSTe's EU Sale Harbor Seal Program is the ultimate solution to expand your global presence. Learn more about the program.
Back to top
Com plying with the Children's Online Privacy Protection Act (COPPA) Al<lld COPPA llio/ations. Do not indicate to users that an age restriction exists when collecting personally identifiable information. COPPA is triggered whenel.er your Web site collects both age-identifying information and personally idenliliable information. If you notify users at the point of data collection that an age restriction eXists, they can easily circuml.ent the restriction. Find out about TRUSTe's Children's Pri~acy Seal program.
Back to top
Your Email Privacy Practices
Put an email authentication system in place. Email authentication stymies forgery 01 email messages and allows senders to build a positil.e reputation with receil.ers based upon their mailing behallior.
Implement an automated unsubscribe system. An automated system lets you ensure that each unsubscribe request is processed within a reasonable time/rame. Also, send users a confirmation email thai allows them to l.erify that their request has been processed.
Find out more: leam about the TRUSTed Email program or contact a TRUSTe representatil.e.
Back to top
Your Customers' Personally Identifiable Information (PII)
Treat testimonial PII respecfully. Many TRUSTe certilied Web sites use customer testimonials to both add credibility to their business and lortify their marketing messages. TRUSTe offers some best practice guidelines lor posting testimonials that may be associated with a user's personally identifiable information.
Notify customers If you're about to transfer their personally Identifiable information elsewhere. 11 your business undergoes a transition such as an acquisition, merger or bankruptcy, you need to gil.e your customers notice--and in some cases choice--regarding the transler 01 their information to the new controlling organization.
Determine whether changes you make to your Web site require you to notify all site users. 11 you change the way you handle your customers' personally identifiable information, gil.e them notice so they can chose whether they want to continue sharing their information with you.
Back to top
Your Web Site's Security
Consider synching up your privacy and security teams. Corporate pri~acy and security teams share many common goals, but don't always work together. 11 you hal.e separate teams, synching or integrating them to better protect your customers' data.
When Is SSL (Secure Sockets Layer) encryption important? SSl encryption Is a security measure that companies must take while collecting sensitil.e client data online. Sensitil.e information includes: credit card number, Social Security number, personal health information, Tax 10 numbers and bank information
30
(routing number, account number). It's important to a"Oid common encryption mishaps like failing to encrypt login or password retrieV<l1 web pages. SSL encryption on designated pages isn't just a TRUSTe requirement-it's a crucial way to maintain your clients' trust.
Prepare for the case of a data security breach It pays to familiarize yourself with the data-security-breach notiUcation laws that might apply to your company, and to build an incident response team.
Back to top
Your Online Behavioral Tracking Practices
Minimize data collection on your Web site, You should only collect enough personal data from visitors to either provide them with your products or services or let them interact on your site. The less user information you collect-and the more you notify users that you're collecting it-the more users will trust your organization.
When you collect consumer data on your site, take extra steps to inform users about how their information will be used. It's important that you communicate your practices to consumers transparently. Most organizations do this by providing a link to their priV<lcy statement on the site's homepage or on pages that ask for personal information. These steps build trust, which ultimately leads to a strong and loyal customer base.
Retain customer data for the shortest time possible. Retain data for only as long as it serves a business purpose or as required by law. Know what your specilic data retention requirements are based on your business model and all legally required retention rules. Different businesses are required to keep data for varying lengths of lime depending on their regulatory requirements.
Back to top
If your organization shares personal information with third parties for marketing purposes, make sure you comply with SB 27, California's "Shine the Light" law. SB27 requires companies that do business with california consumers and share personal information with third parties for marketing purposes to provide consumers with a designated contact point where they can request an Information-Sharing Disclosure Notice.
If you use user-profiling technologies like cookies, log flies and Web beacons, notify users about it in your privacy statement You can get V<lluable marketing insight by tracking individual users' mOl.ements on your site. But you must disclose your use of all personally identifiable information In order to comply with the Fair Information Practices guidelines.
Back to top
Learn more about TRUSTe online priV<lcy services for your business: contact a TRUSTe representatil.e.
FOllOW US AWARDS AND FRESS
AbDUl Us I eontacl Us I Pa~ner Program I Caleers I Sita Map I Privacy Policy I Term. or Service I Terms or U'"
@TRUSTs Internet Privacy and Securily ror Busneeres
31
32
Appendix D Insurance Policy
The organization will maintain the following insurance coverage and limits in order to protect it from foreseeable risks:
Type Limits
Auto and general liability $_________ non-owned/hired auto $_________ Personal property/renter=s $_________ Directors and officers liability $_________ Workers Compensation $_________ Fidelity bond $_________ Improper sexual conduct $_________
The organization desires to protect its staff and volunteers under Texas law from personal risk arising from claims of negligence when those persons are conducting activities for the organization. Therefore, the coverage and limits should meet the minimums required under Texas law for this purpose.
33
34
Sample Whistleblower Policy
General The Organization's Code of Ethics and Conduct ("Code") required directors, officers and employees to observe high standards of business and personal ethics in the conduct of theil' duties and responsibilities. As employees and representatives of the Organ ization, we must practice honesty and integrity in fulfilling our responsibilities and comply with all applicable laws and regulations
Reporting Responsibility It is the responsibility of all directors, officers and employees to comply with the Code and to report violations or suspected violations in accordance with the Whistleblower Policy.
No Retaliation No director, officer or employee who in good faith reports a violation ofthe Code shall suffer harassment, retaliation or adverse employment consequence. An employee who retaliates against someone who has reported a violation in good faith is subject to discipline up to and including termination of employment. This Whistleblower Policy is intended to encourage and enable employees and others to raise serious concerns within the Organization prior to seeking resolution outside the Organization.
Reporting Violations The Code addresses the Organization's open door policy and suggests that employees share their questions, concerns, suggestions or complaints with someone who can address them properly. In most cases, an employee's supervisor is in the best position to address an area of concern. However, if you are not comfortable speaking with your supervisor or you are not satisfied with your supervisor's response, you are encouraged to speak with someone in the Human Resources Department or anyone in management whom you are comfOJtable in approaching. Supervisors and managers are required to report suspected violations of the Code of Conduct to the Organization's Compliance Officer, who has specific and exclusive responsibility to investigate all repOited violations. For suspected fraud, or when you are not satisfied or uncomfortable with following the Organization's open door policy, individuals should contact the Organization's Compliance Officer directly.
Compliance Officer The Organization's Compliance Officer is responsible for investigating and resolving all reported complaints and allegations concerning violations of the Code and, at his discretion, shall advise the Executive Director and/or the audit committee. The Compliance Officer has direct access to the audit committee of the board of directors and is required to report to the audit committee at least annually on compliance activity. The Organization's Compliance Officer is the chair of the audit committee.
35
Accounting and Auditing Matters The audit committee of the board of directors shall address all reported concerns or complaints regarding corporate accounting practices, internal controls or auditing. The Compliance Officer shall immediately notifY the audit committee of any such complaint and work with the committee until the matter is resolved.
Acting in Good Faith Anyone filing a complaint concerning a violation or suspected violation of the Code must be acting in good faith and have reasonable grounds for believing the information disclosed indicates a violation of the Code. Any allegations that prove not to be substantiated and which prove to have been made mal iciously 01' knowingly to be false will be viewed as a serious disciplinary offense.
Confidentiality Violations or suspected violations may be submitted on a confidential basis by the complainant or may be submitted anonymously. Reports ofviolations or suspected violations will be kept confidential to the extent possible, consistent with the need to conduct an adequate investigation.
Handling of Reported Violations The Compliance Officer will notifY the sender and acknowledge receipt of the reported violation or suspected violation within five business days. All reports will be promptly investigated and appropl'iate corrective action will be taken ifwarl'anted by the investigation.
from the National COl/ncil ofNonprofit Associations (www.ncna.org)
36
37
Article I Purpose
The purpose of the conflict of interest policy is to protect this tax-exempt organization=s (Organization) interest when it is contemplating entering into a transaction or arrangement that might benefit the private
interest of an officer or director of the Organization or might result in a possible excess benefit transaction. This policy is intended to supplement but not replace any applicable state and federal laws
governing conflict of interest applicable to nonprofit and charitable organizations.
Article II Definitions
1.Interested Person
Any director, principal officer, or member of a committee with governing board delegated powers, who has a direct or indirect financial interest, as defined below, is an Interested Person. Any person who
has a family or business relationship with an Interested Person is also considered an Interested Person.
2.Financial Interest
A person has a financial interest if the person has, directly or indirectly, through business, investment, or family:
a.An ownership or investment interest in any entity with which the Organization has a transaction or arrangement.
b.A compensation arrangement with the Organization or with any entity or individual with which the Organization has a transaction or arrangement, or
c.A potential ownership or investment interest in, or compensation arrangement with, any entity or individual with which the Organization is negotiating a transaction or arrangement.
Compensation includes direct and indirect remuneration as well as gifts or favors that are not insubstantial.
Article III Procedures
1. Duty to Disclose
In connection with any actual or possible conflict of interest, an interested person must disclose the existence of the financial interest and be given the opportunity to disclose all material facts to the directors and members of committees with governing board delegated powers considering the proposed transaction or arrangement.
2. Determining Whether a Conflict of Interest Exists
38
After disclosure of the financial interest and all material facts, and after any discussion with the interested person, he/she shall leave the governing board or committee meeting while the determination of a conflict of interest is discussed and voted upon. The remaining board or committee members shall decide if a conflict of interest exists.
3. Procedures for Addressing the Conflict of Interest
a. An interested person may make a presentation at the governing board or committee meeting, but after the presentation, he/she shall leave the meeting during the discussion of, and the vote on, the transaction or arrangement involving the possible conflict of interest.
b. The chairperson of the governing board or committee shall, if appropriate, appoint a disinterested person or committee to investigate alternatives to the proposed transaction or arrangement.
c. After exercising due diligence, the governing board or committee shall determine whether the Organization can obtain with reasonable efforts a more advantageous transaction or arrangement from a person or entity that would not give rise to a conflict of interest.
d. If a more advantageous transaction or arrangement is not reasonably possible under circumstances not producing a conflict of interest, the governing board or committee shall determine by a majority vote of the disinterested directors whether the transaction or arrangement is a conflict of interest. In conformity with the above determination it shall make its decision as to the other to enter into the transaction or arrangement.
4. Violations of the Conflicts of Interest Policy
a. If the governing board or committee has reasonable cause to believe a member has failed to disclose actual or possible conflicts of interest, it shall inform the member of the basis for such belief and afford the member an opportunity to explain the alleged failure to disclose.
b. If, after hearing the member=s response and after making further investigation as warranted by the circumstances, the governing board or committee determines the member has failed to disclose an actual or possible conflict of interest, it shall take appropriate disciplinary and corrective action.
Article IV Records of Proceedings
The minutes of the governing board and all committees with board delegated powers shall contain:
1. The names of the persons who disclosed or otherwise were found to have a financial interest in connection with an actual or possible conflict of interest, the nature of the financial interest, any action taken to determine whether a conflict of interest was present, and the governing board=s or committee=s decision as to whether a conflict of interest in fact existed.
2. The names of the persons who were present for discussions and votes relating to the transaction or arrangement, the content of the discussion, including any alternatives to the proposed transaction or arrangement, and a record of any votes taken in connection with the proceedings.
39
Article V Compensation
1. A voting member of the governing board who receives compensation, directly or indirectly, from the Organization for services is precluded from voting on matters pertaining to that member=s compensation.
2. A voting member of any committee whose jurisdiction included compensation matters and who receives compensation, directly or indirectly, from the Organization for services is precluded from voting on matters pertaining to that member=s compensation.
3. No voting member of the governing board or any committee whose jurisdiction includes compensation matters and who receives compensation, directly or indirectly, from the Organization, either individually or collectively, is prohibited from providing information to any committee regarding compensation.
Article VI Annual Statements
Each director, principal officer and member of a committee with governing board delegated powers shall annually sign a statement which affirms such person:
1. Has received a copy of the conflict of interest policy,
2. Has read and understands the policy,
3. Has agreed to comply with the policy, and
4. Understands the Organization is charitable and in corder to maintain its federal tax exemption it must engage primarily in activities which accomplish one or more of its tax-exempt purposes.
Article VII Periodic Reviews
To ensure the Organization operates in a manner consistent with charitable purposes and does not engage in activities that could jeopardize its tax-exempt status, periodic reviews shall be conducted. The periodic reviews shall, at a minimum, include the following subjects:
1. Whether compensation arrangements and benefits are reasonable, based on competent survey information, and the result of arm=s length bargaining.
2. Whether partnerships, joint ventures, and arrangements with management organizations conform to the Organization=s written policies, are properly recorded, reflect reasonable investment or payments for goods and services, further charitable purposes and do not result in inurement, impermissible private benefit or in prohibited transaction.
Article VIII Use of Outside Experts
When conducting the period reviews as provided for in Article VII, the Organization may, but need not, use outside advisors. If outside experts are used, their use shall not relieve the governing board of its responsibility for ensuring periodic reviews are conducted.
40
41
42
Statement of Purpose
This policy statement provides a framework for the management of the investable assets of _______________________, a Texas Non-profit Corporation (“____________” and “Fund”). This policy will assist the Board of Directors in supervising and monitoring the investments of the Fund. A subcommittee of the Board of Directors or an Investment Committee may be established (“Committee”) to implement and monitor the Fund in accordance with this policy statement. The guidelines allow for flexibility and a process to capture investment opportunities, while prudently and carefully setting forth reasonable risk control parameters for the investment program.
The statement of investment policy is intended to address asset deployment, liquidity and diversification requirements, which should not be violated over the planning horizon. Policy issues relate directly to the return requirements and risk parameters of the Fund and are to be considered and general principles governing