This project is complete!

This project has been completed thanks to the efforts of our volunteers.

Visit the Project Directory to check out other projects that still need your help!

completed
Code for America

Help Organization with Org-Wide Privacy Policy Analysis and Development

We believe government can work for the people, by the people, in the digital age. To reach people and build their trust, we need to ensure our policy protects both individuals and CFA.

Posted February 16, 2021

Background & Context

We work on projects focused on helping individuals most impacted by government systems. Some of our programs include:
Integrated Benefits-Simplifying how Americans access safety net services when they need them most
GetCalFresh-Improving how government delivers food assistance to families in need
ClearMyRecord-Giving people a second chance to get jobs and housing by clearing past convictions
GetYourRefund-Closing the Earned Income Tax Credit participation gap and providing free tax help
Plus, we have a nationwide network of brigades working locally on issues that matter most to their communities.

We recently worked with an amazing attorney here on WTA on a site specific privacy policy for GetYourRefund. Her recommendation was to have a unified privacy policy for the whole organization (including programmatic sites). We want to explore this possibility.

Immediate Problem

We have multiple sites that are under the umbrella of services supported by our organization, plus we have our main site and brigade specific projects. We are required to be HIPAA compliant for some programs, and looking into SOC2 compliance for our tax benefits work. We want to ensure we are on the right side of our security and privacy requirements.

In many ways, I expect this will be a "start from scratch" project, and the commitment may be over the next few months.

Work & Deliverables

Given some of the complex nature of the work, we'd like to start by:

1. meeting to discuss current systems, policy, and concerns
2. explore recommendations, options, timelines, and general Q/A
3. CFA and Attorney consult to determine if we should pursue this route.

If we do decide to pursue single org-wide policy, we'd like to:
4. Review all current privacy policies currently in use and timeline out when the best time for change would be (for instance, not changing tax policy until end of tax season)
5. Edit/Review/Draft Org-Wide Privacy Policy
6. Determine if individual sites need any special or site specific language, and how that language may need to be integrated or addressed

This project is complete!

This project has been completed thanks to the efforts of our volunteers.

Visit the Project Directory to check out other projects that still need your help!

Additional Information

  • Time Commitment: 21+ hours
  • Training Provided: No
  • Site-Preference: Remote
  • Open to Law Students: No
  • Bar License(s) required: Any Bar License
  • Required Languages: None
  • Required Legal Expertise: Privacy and Data Security
  • Mentoring Provided: No
  • Supervision Provided: Yes
Code for America

Code for America uses the principles and practices of the digital age to improve how government serves the American public, and how the public improves government. We are a network of people making government work for the people, by the people, in the digital age. How do we get there? With government services that are simple, effective, and easy to use, working at scale to help all Americans, starting with the people who need them most.

Others have also checked out