Version 2.0  – August 28, 2015

The Consumer Federation of America supports privacy rights.  We also support robust privacy policies and practices.  This CFA policy reflects our commitment to privacy and to Fair Information Practices. We do what we advocate.

We would like to have a single, short, simple privacy policy, but the world and the Internet are too complicated.  We offer this short overview of our privacy policy with a link to the complete policy below.  Some of our webpages have slightly different privacy policies in part because we work with partners who have other requirements or because the activities on those websites vary.

This CFA privacy policy applies to our interactions with individuals over the Internet, through conferences and events, and by email and postal mail.  CFA members are non-profit organizations and government agencies, and this policy does not cover them or their representatives.  This policy does not cover CFA’s media activities or advocacy activities by individual CFA staff members.

The most important elements of our privacy policy are:

  • We do not routinely sell, rent, share, or otherwise voluntarily disclose our lists, donor lists, or other personally identifiable information.
  • We do not track individuals who use our website or allow third party trackers.
  • We collect and maintain your personal information only if you provide it by registering, asking a question, making a contribution, or signing up for a list or a service.
  • If you receive any communications from us and do not want more, let us know and we will do our best to comply with your request.
  • Our privacy policy implements Fair Information Practices.

There are many more details in the full privacy policy below.  However, the “fine print” does not vary our commitment to privacy.

Full CFA Privacy Policy

Version 2.0 – August 28, 2015

Fair Information Practices

Our privacy policy implements Fair Information Practices (FIPs).  FIPs are an internationally recognized set of privacy practices that form the basis for all national privacy laws and some US privacy laws.  CFA advocates that privacy laws and practices should meet the standards established by FIPs.  Accordingly, we organize this policy around the elements of FIPs.  To learn more about FIPs, search for Fair Information Practices with your favorite search engine.

This CFA privacy policy applies to our interactions with individuals over the Internet, through conferences and events, and by email and postal mail.  CFA members are non-profit organizations and government agencies, and this policy does not cover them or their representatives.  This policy does not cover CFA’s media activities or advocacy activities by individual CFA staff members.  However, if anyone does not want to hear from us, we will do our best to honor his or her wishes whether the policy covers them or not.

This policy applies to all CFA websites except where an individual CFA website has its own additional privacy policy.  For example, some of our websites allow visitors to sign up for programs or activities, and the websites collect and maintain the personal information provided to us.  The details are explained in separate policies that we also reference later in this policy.


CFA maintains this privacy policy to let everyone know that we are committed to privacy and to privacy principles that respect the rights and interests of individuals who interact with us.

This policy may change from time to time because our activities or organizational structure may change, because new laws may be enacted, because we may work with new partners, or because technology may change.  It’s normal for a privacy policy to reserve the right to change.  However, we will never change our commitment to respect the privacy rights and interests of individuals.  We expect that we will never sell or share an individual’s information without his or her affirmative consent except as provided in this policy.

Whenever we change this policy, we will change the date and version number.  We will also do our best to provide advance notice of a material change through a notice on our website, but we may not always be able to provide advance notice.  At the end of this policy, we maintain a policy history that identifies earlier versions and changes.  We did a major revision and update of our privacy policy in 2015.    To see previous privacy policies, click here.

Collection Limitation

If you sign up for a newsletter, register for a conference, teleconference, webinar, or other event, send us an email, or participate in any of the activities or services that we provide, we have only the personal information that you give us.  We do not routinely collect identifiable information about website visitors.

A cookie is a string of information that a website stores on a visitor’s computer.  We may use cookies with website analytics services to tell us more about how visitors use our website, to learn how visitors reached our website, or to make it easier for you to navigate through our website.  All cookies are session cookies, and they disappear when you close your browser.  We don’t allow third party tracking cookies.  You can still use our website even if you set your browser to reject our cookies.  To learn more about how you can control cookies, search for control browser cookies with your favorite search engine.

We collect non-identifiable data and aggregate statistics about users.  We do not track any activities of identifiable users over time.   We use programs and services to analyze usage of our website.   We use Google Analytics for this purpose.  See for more information.

Our Internet Service Provider may maintain logs with information about website visitors.  This includes the IP address of website visitors.  An IP address is a numerical label assigned to each device on the Internet.  We consider IP addresses to be personal identifiers.  We do not normally obtain the IP addresses of website visitors from our ISP.  To learn more about IP addresses, search for IP address with your favorite search engine.

Data Quality

We seek to maintain all personal information with an appropriate degree of relevance, accuracy, necessity, completeness, and currency.  Since any personal information we have comes from you, we generally rely on you to tell us if we have the wrong email address or other outdated or incorrect information.  See the access and correction section below.

We do not have a fixed schedule for the disposal of personal information.  We keep data as long as we consider it relevant and useful.  We will erase your identifiable data upon your request unless we are required to keep the data for contractual or legal reasons.  For example, we may need to keep records if you use a credit card or make a contribution.

Purpose Specification & Use Limitation 

We use personal information only for the purpose for which we obtained it from you, and we may continue to do so unless you tell us to stop.  You can opt-out of some or all communications from us at any time.

If we ever want to use personal information in a way that is not consistent with this policy, we will seek your affirmative consent.

If you sign up for one of our email issue updates, we send you that update.  If you sign up for text messages, we will send you text messages.  If you come to one of our conferences, dinners, assemblies, or other events, or if you use any of our services, we may use your information to send you information about that event or about other similar events, activities, and services.  At our conferences, meetings, and other events, we may share a list of attendees, their affiliations, and contact information with other attendees.  If you make a contribution, we use your information to thank you, and we may ask for additional contributions.

We sometimes add an individual to one of our issue updates or other lists because a CFA staff member interacted with that individual and believes that he or she would be interested.  If you ask us for more information about our activities, we might add you to a CFA list.  We make these decisions on a case-by-case basis.  CFA does not buy or rent lists for mass mailings.  Many of our emails contain opt-out links.  We remove anyone from any or all lists upon request.  We send postal invitations for some of our events, and we honor any opt-out requests that we receive for postal lists.

If you use a credit card to pay CFA or make a contribution, our credit card processor handles the processing of the transaction.  This is how credit card activities occur, and it is normal.  The credit card processor and your credit card company use your information subject to their own privacy policies and legal requirements.  We normally do not see or maintain your credit card number, but we do have your name, card type, expiration, and last four digits of the card number.

If you pay for a CFA event or make a payment or contribution through an electronic funds transfer provider, we normally have no information other than your name, the amount, and a confirmation that you sent us a payment or contribution.  Each electronic funds transfer provider has its own privacy policy and terms of service that you agreed to when you set up your account with the provider.

We may disclose any personal information we collect to contractors who provide administrative services and support for CFA.  This includes our Internet Service Provider, database providers, consultants, lawyers, auditors, and others.  We try to avoid sharing personal information, but vendors support some of our services so sharing is essential.  For example, we maintain some databases with cloud service providers.  We try to select vendors and contractors who have reasonable privacy and security policies.

Whenever practical, CFA makes anyone working for CFA who has access to personal information aware of this privacy policy.  Contractors who manage mailings for us may use web beacons (also known as web bugs) that allow them to determine if you opened an email.  You can block web beacons if you choose.  To learn more about web beacons, search for web beacon with your favorite search engine.

As required by law, we disclose personal information in response to a subpoena, search warrant, court order, or similar demand.  We may or may not contest any demand for data.  We think it is highly unlikely that we will receive a demand for individual records, but we feel obliged to let you know about the possibility.  If we find it practicable, we will make reasonable attempts (via telephone, email, or through our website) to tell you about any of these disclosures, either before or after they occur.  We can’t guarantee that we will have the time or resources to notify you, however.  Our attempts may fail if we do not have current contact information.

We also reserve the right to disclose any information that we believe to be necessary or appropriate to protect the security or integrity of our website or service; to take precautions against liability; or to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety.  These disclosures are also unlikely.

We may voluntarily disclose data to law enforcement, to our Internet Service Provider, to security investigators, or to others who can assist us in identifying or preventing illegal or improper activities on our website.  We may ask our Internet Service Provider to make appropriate disclosures for the same purpose, including disclosures of IP addresses and any other identifiable information that it maintains.

Security Safeguards

We keep some personal information on computers and in file cabinets in our office.  We believe that our building and our office have reasonable and appropriate administrative, technical, and physical safeguards.  Independent service providers maintain some personal information on our behalf elsewhere.  We rely on our Internet Service Providers and others who support our data, Internet, and cloud activities to maintain reasonable and appropriate security.  We cannot guarantee perfect security.  If we suffer a data breach involving your personal information, we will notify you about the breach as required by law and, if appropriate, we may notify you even if not required by law.

Access and Correction

If we have any personal information about you, we provide you with a copy of that information if you ask.  If you think that the information we have about you is not accurate, relevant, timely, or complete, you can ask us to change it.  If we do not make the change you requested, we tell you why in writing.  If you ask and we can do so, we delete your personal information.  We do not charge a fee for any of these requests.


The Consumer Federation of America is responsible for this privacy policy.  Our privacy officer responds to any questions or complaints about this policy or our privacy practices.  Write to the CFA privacy officer at  We will respond to all requests about our privacy policy.

We regularly instruct our staff members about our privacy and security policies and practices.  Staff members who access personal information must appropriately use and protect all personal information in the possession of CFA.  This is part of their job responsibilities, and we hold staff members accountable for compliance with our privacy and security policies.

CFA is located at

1620 I Street, NW – Suite 200
Washington, DC 20006

 Other CFA Websites

This policy applies to most CFA websites.  Some CFA websites have privacy policies with additional elements or other privacy policies.  These are:


Other websites:  We provide links on our websites to websites operated by other entities.  If you follow these links, you should understand that other privacy policies apply, and your personal information may be collected, used, and disclosed under different rules.

Children:  This website is not directed at children under 13 who have statutory protections under the Children’s Online Privacy Protection Act.  Some young children may use our website to obtain consumer information, but we do not expect that any will engage in activities that result in our obtaining personal information.

Social media:  We use social media including Facebook, Twitter, and other platforms to make consumer information available to individuals.  Social media sites have their own privacy policies.  If you participate in our social media activities and provide us with personal information, we may add that information to our records, and it will become subject to this policy.

International visitors:  If you use our service from outside the United States, you need to know that we store in the United States any personal information that you provide to us.  Despite CFA’s best efforts to push for better privacy legislation in the US, the protections of US law for personal information are often not as good as the protections under many national or provincial privacy laws elsewhere.  We welcome foreign users, and we do not collect their information unless they affirmatively provide it to us.  All visitors, domestic and foreign, have the same protections under CFA’s privacy policy.  Those who choose to share personal information with us must understand that there are differences in legal privacy protections in different jurisdictions.  If you provide us with personal information, you must accept these circumstances and consent to our processing and storing your information in the US.

Privacy Policy History

August 2015.  Version 2.0 of this policy was a major revision of the CFA privacy policy.  This version provided more details than earlier policies, and it explicitly used Fair Information Practices as the structure for the policy.  Policies for other CFA websites were more explicitly coordinated with the main privacy policy.

End of CFA Privacy Policy