3
Topics
Charitable Gaming Laws
Child Protection Law
Data Security Breach Reporting
FOIA/CRIIA
4
Charitable Gaming Laws:
Bingo Act
Permits nonprofits to raise money for lawful purposes
through bingo games, raffles, and other charitable games
awarding prizes
Defines “prize” as anything of value (monetary or nonmonetary) given for attending or winning a game
Defines (in guide) raffle as charging people or requiring them
to provide something of value to participate in drawing for a
prize
Distinguishes between small and large raffles
Small: Total value of all prizes for all drawings ≤ $500 per day
Large: Total value of all prizes for all drawings > $500 per day
5
Charitable Gaming Laws:
Bingo Act
Generally requires license for each raffle
Application must be submitted by nonprofit’s highest ranking
officer
Fee depends on nature of game involved and number of drawings
BUT creates exception for certain small raffles
Total value of prizes ≤ $100
No presale of tickets
Single gathering
6
Charitable Gaming Laws:
Penal Code
Defines game promotion
Game of chance
For a prize
With no consideration
Requires descriptions of the following:
Area/number of outlets in which will be conducted
Accurate prize description
Minimum number/value of cash prizes
Minimum number of each type of other prizes
7
Scenario #1
IRB at non-profit institution reviews research
application that states that PI hopes to
encourage participation by offering chance to
win 1 of 5 iPads to all who complete survey
Any issues with scenario? If so, any ways to fix?
8
Scenario #2
IRB at for-profit institution reviews research
application that states that PI hopes to
encourage participation by offering chance to
win 1 of 3 $25 prizes.
Any issues with scenario? If so, any ways to fix?
9
Child Protection Law
Defines child as person under 18
Defines child abuse and child neglect as harm/threatened
harm to child’s health/welfare
If child neglect:
By parent/guardian
By any other person responsible for child’s health/welfare
If child abuse:
By any of the above
By teacher
By member of clergy
10
Child Protection Law
Mandates reports by individuals in specified
professions – examples include:
Teachers
Social workers
Health care professionals
Counselors
Encourages reports by all others
11
Scenario #3
PI, a social worker, is conducting a study that asks
subjects about physical and emotional abuse (whether
inflicted or suffered).
Is PI a mandatory reporter? If so, what are implications, if
any, for informed consent process?
PI interviews 19-year-old subject who discloses having
been physically abused two years prior by teacher, who
has since retired.
Does PI have obligation to report? What if teacher were
still teaching?
12
Scenario #4
• Same study topic as before, but PI is simply a
university professor. Consent form advises
subjects that “The study team will keep
responses confidential unless required to
disclose by law.” Subject discloses that he beat
his child at least three times in the past year.
• Must PI report? Can she?
13
Data Security Breach
Reporting
Applies to persons and agencies (which include
state institutions of higher education)
Defines “personal information” and “personal
identifying information”
Defines “security breach”
14
Data Security Breach
Reporting
Requires notification to state residents of security
breaches if either:
Unencrypted/unredacted personal information
accessed/acquired by unauthorized person
Encrypted personal information accessed/acquired by
person with unauthorized access to encryption key
Waives notification requirement if breach has
not/unlikely to cause substantial loss/injury to, or
identity theft re:, state resident
15
FOIA/CRIIA
FOIA generally requires public institutions to
disclose records, upon request
FOIA exempts from disclosure (among other
things):
Information whose disclosure would constitute
clearly unwarranted invasion of privacy
Records protected by FERPA (mandatory
exemption)
16
FOIA/CRIIA
CRIIA adds other FOIA exemptions for public higher education
institutions
First, CRIIA exempts certain information provided by external
sources
Must be used only for research purposes
Must have been designated as “confidential” by time provided
Must be covered by written confidentiality agreement
Must keep general description of covered information, source, etc.
centrally at higher education institution
Cannot be otherwise publicly available
Cannot have been submitted as condition of receiving government
contract or benefit
17
FOIA/CRIIA
Second, CRIIA exempts from disclosure certain other
information created by employee or contractor for
research or education activities
IP, until reasonable opportunity to publish in timely
manner in forum intended to convey information to
academic community
Original works of authorship, until reasonable
opportunity to secure copyright registration (cannot
exceed 12 months)
18
Questions?