A privacy officer is a person designated by a non-profit to answer questions about how it collects, uses, keeps, and discloses personal information. Best practice is to include this person’s contact information in the non-profit’s privacy policy i.e. privacyofficer@society.org

A privacy officer will receive and may decide upon requests for access to a non-profit’s records. Best practice is for a non-profit to establish clear guidelines for the privacy officer to follow in making these decisions. At least one member of the Board should have sufficient knowledge or training to advise the privacy officer if specific concerns arise.