8. Security, privacy and government Regulation

  https://www.alienvault.com/blogs/security-essentials/security-for-non-profit-organizations-helping-those-who-help-others#sthash.U0DoPh8S.dpuf
 * ==Security for Non-Profit Organizations: 10 Tips to Help Those Who Help Others==
 * 1) Support your local sheriff. You need to have someone in-house who is in charge, ready not only to lay down the law, but to defend it regarding security matters. This person will be your key resource, and liaison with external support.
 * 2) You’ve got to have a plan. A Disaster Recovery/Business Continuity Plan. Daily news gives us all the reasons we need: fire, severe storms, acts of nature, and increasingly cyber attacks and ransomware. Putting a plan in place ensures that you have data saved from a recent point in time that you can restore from.
 * 3) Back it up. This is fundamental to your security and your ability to restore should something happen. Decide what data is most crucial and back that up daily. Other information can be done weekly. There are a range of flexible and affordable options utilizing cloud storage. The key is to backup frequently and have redundancy.
 * 4) Show them how. Your staff needs guidance on what they can and cannot do while at work, or with remote access, or if they bring in their own devices. Your organization is accountable to the donors whose information is on record, as well as to your own team and their safety.
 * 5) Stay current. Keep your software and operating systems updated regularly. This is one of the most effective things you can do because it will limit system vulnerabilities that hackers find and exploit. Check for monthly security patches and then install them. Outdated software does not receive security patches or support, leaving you exposed.
 * 6) Invest in technologies like an enterprise level firewall. This item is over and above the software firewall offered by Windows or extended anti-virus programs. But the cost is less than you think. Firewalls work to keep intruders out by blocking inbound internet traffic, and the risks are high when you connect via DSL or broadband cable and are always on.
 * 7) Restricted access. Who has access to your data, especially the most critical or sensitive data? Is this data accessible remotely? You need to restrict access so that accidents don’t happen via social engineering tactics frequently used by hackers.
 * 8) Passwords, encryption and VPNs. These all put up safe barriers against unwanted intrusion. Passwords are the first line of defence but can only be effective if the basic rules are followed: Strong passwords that are 10 characters minimum, combining numbers, letters and special character, with alternating cases. Never use the same password for more than one purpose. And change up passwords because once a hacker finds it, they will keep using it. Do you encrypt what you send out? If not, you should be, particularly for sensitive data. Consider an email provider like Constant Contact or MailChimp to send email blasts and fundraising appeals. Encrypt stored data on site by using tools to encrypt the entire hard drive. Examples are Bitlocker for Windows and FileVault for Mac. VPNs or Virtual Private Networks allow you to securely send data between two points through a digital or virtual tunnel, shielding it from outside threats. These can be easily set up, and much safer than sending via the open Internet.
 * 9) Pay now or pay later. How do you handle you online payment processing and payment processing in general? Your method needs to be secure, but it cannot be complicated because you don’t want to discourage donors.
 * 10) Secure Your Wireless Network. Many small organizations use wireless routers. But they leave the default settings in place. Hackers know these and use them to get right into your network. Change your default SSID or wireless network name, and the default or admin password. And again, change up your password.



2. For the purpose of subsection 44(1) of the Act, the prescribed information is
 * ==Canada Not-for-profit Corporations Regulations ==
 * GENERAL == Corporate Records and Registers ==

3. For the purpose of subsection 21(4) of the Act, the prescribed period is six years after the end of the financial year to which the accounting records relate.

4. For the purposes of subsections 22(4), 24(2) and 107(1) of the Act, the prescribed information that has to be set out in the list of debt obligation holders is the following information drawn from the debt obligations register:


 * 1. (1) For the purpose of subsection 21(2) of the Act, the prescribed information for the register of directors is


 * (a) the name of each director;
 * (b) the current residential address of each director;
 * (c) an email address if the director has consented to receiving information or documents by electronic means; and
 * (d) for each person named in the register, the date on which that person became a director and, if applicable, the date on which that person ceased to be a director.
 * (2) For the purpose of subsection 21(2) of the Act, the prescribed information for the register of officers is


 * (a) the name of each officer;
 * (b) the current residential address of each officer;
 * (c) an email address if the officer has consented to receiving information or documents by electronic means; and
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(d) for each person named in the register, the date on which that person became an officer and, if applicable, the date on which that person ceased to be an officer.
 * <p class="Subsection" style="margin-top:0.7em;margin-right:10px;margin-left:10px;text-indent:1.5em;">(3) For the purpose of subsection 21(2) of the Act, the prescribed information for the register of members is


 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(a) the name of each member;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(b) the current residential or business address of each member;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(c) an email address if the member has consented to receiving information or documents by electronic means;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(d) for each person named in the register, the date on which that person became a member and, if applicable, the date on which that person ceased to be a member; and
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(e) the class or group of membership of each member, if any.
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(a) the name of each debt obligation holder;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(b) the residential or business address of each debt obligation holder;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(c) an email address if the debt obligation holder has consented to receiving information or documents by electronic means;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(d) for each person named in the register, the date on which that person became a debt obligation holder and, if applicable, the date on which that person ceased to be a debt obligation holder; and
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(e) the principal amount of each of the outstanding debt obligations of each debt obligation holder.
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(a) the names, in alphabetical order, and addresses of the registered debt obligation holders;
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(b) the principal amount of outstanding debt obligations for each debt obligation holder; and
 * <p class="Paragraph" style="margin-top:0.7em;margin-right:10px;margin-left:1.5em;">(c) the aggregate principal amount of the outstanding debt obligations.
 * For more information, please visit http://laws-lois.justice.gc.ca/eng/regulations/sor-2011-223/page-1.html