Nonprofits act as stewards of the information entrusted to them by donors, beneficiaries, program participants, volunteers, and employees. Under numerous state, federal, and international legal frameworks, they are charged with protecting sensitive personal data. These new and quickly changing privacy laws address data storage and processing both domestically and internationally, with a complex web of requirements governing a wide range of information held by nonprofits. Proactive nonprofits act on emerging opportunities for data privacy compliance, online presence, and program-specific data handling, including programs related to minors. In doing so, they also mitigate risk of costly penalties, disruption of operations, and harm to the organization's reputation. Nonprofits need to respond well to data breaches or other incidents in order to comply with applicable regulations, mitigate risks, and communicate well with donors and other possibly affected parties. By incorporating data privacy by design into their corporate policies and culture, nonprofits can continue to serve at the vanguard of mission-driven work while serving as trusted stewards of both money and information.