We work on projects focused on helping individuals most impacted by government systems. Some of our programs include:
Integrated Benefits-Simplifying how Americans access safety net services when they need them most
GetCalFresh-Improving how government delivers food assistance to families in need
ClearMyRecord-Giving people a second chance to get jobs and housing by clearing past convictions
GetYourRefund-Closing the Earned Income Tax Credit participation gap and providing free tax help
Plus, we have a nationwide network of brigades working locally on issues that matter most to their communities.

We recently worked with an amazing attorney here on WTA on a site specific privacy policy for GetYourRefund. Her recommendation was to have a unified privacy policy for the whole organization (including programmatic sites). We want to explore this possibility.

We have multiple sites that are under the umbrella of services supported by our organization, plus we have our main site and brigade specific projects. We are required to be HIPAA compliant for some programs, and looking into SOC2 compliance for our tax benefits work. We want to ensure we are on the right side of our security and privacy requirements.

In many ways, I expect this will be a "start from scratch" project, and the commitment may be over the next few months.

Given some of the complex nature of the work, we'd like to start by:

1. meeting to discuss current systems, policy, and concerns
2. explore recommendations, options, timelines, and general Q/A
3. CFA and Attorney consult to determine if we should pursue this route.

If we do decide to pursue single org-wide policy, we'd like to:
4. Review all current privacy policies currently in use and timeline out when the best time for change would be (for instance, not changing tax policy until end of tax season)
5. Edit/Review/Draft Org-Wide Privacy Policy
6. Determine if individual sites need any special or site specific language, and how that language may need to be integrated or addressed