I was wondering what obligations a Non-Profit has in protecting personal information? For example, say a non-profit collects names, addresses, phone numbers, and birthdates from individuals for entry in their Information System. They also, run credit cards for purchases that are sent over their network to a third party for processing. Please give me some refrences in your response. Thanks!