A new report from People United for Privacy Foundation and National Taxpayers Union Foundation details hidden threats to nonprofit donor privacy in the Corporate Transparency Act (CTA). Recent weeks have seen a back-and-forth in federal courts on the constitutional status of the law, which was enacted as a rider to the National Defense Authorization Act in early 2021. While a national injunction prohibiting the Department of the Treasury from enforcing the CTA remains in place, small business owners and nonprofits are still scrambling to understand the law’s ultimate impact.

The CTA aims to combat money laundering and other illicit activities by requiring companies to disclose their “beneficial owners.” While nonprofits are generally exempt from this requirement, the law’s broader scope and complex reporting mechanisms raise significant concerns for nonprofit donor privacy and governmental overreach.

The CTA mandates that “reporting companies” – corporations, limited liability companies (LLCs), and other entities authorized to do business in the U.S. – file beneficial ownership information (BOI) reports with the Financial Crimes Enforcement Network (FinCEN). This includes the names, birthdates, residential addresses, and identifying documents (such as passports or driver’s licenses) of individuals who either own or control at least 25 percent of a reporting company or exert substantial control over its operations. Trusts and general partnerships are largely excluded, but LLCs commonly used for philanthropic purposes fall squarely within the law’s scope.

While tax-exempt entities under section 501(c) of the Internal Revenue Code are exempt from the CTA’s reporting requirements – thanks to a successful bipartisan advocacy campaign – the law’s impacts on LLCs used as philanthropic vehicles act as an end-around to effectively require significant disclosures of certain nonprofit donors. Philanthropists increasingly value LLCs as a giving tool because they offer donors increased privacy and more control over their contributions, among other benefits. Under the CTA, LLCs must disclose their beneficial owners, effectively revealing the individual donors operating LLCs that donate to nonprofits.

Proponents of the CTA argue that the law enhances transparency and deters financial crimes, but this comes at the expense of individual privacy protections. The law creates a massive database of sensitive personal information accessible to a wide range of domestic and foreign governmental and non-governmental entities, including domestic law enforcement, foreign authorities, financial institutions, and regulatory agencies, potentially for purposes unrelated to combating money laundering.

This broad access to personal data contrasts sharply with recent trends enhancing safeguards for nonprofit donor privacy. After numerous instances of improper leaks from the IRS, the Department of Treasury finalized a rule in 2020 narrowing the types of nonprofit organizations required to file a Form 990 Schedule B, which lists a nonprofit’s major contributors. The CTA, however, moves in the opposite direction, exposing sensitive data to a far larger audience of bureaucrats with fewer restrictions. This expansive access to personal data exacerbates fears that donor information could be weaponized for political or other inappropriate purposes.

Despite assurances that BOI reports will remain confidential, leaks and hacks are an ever present risk in today’s world. The Department of the Treasury has itself previously failed to secure highly sensitive personal information. Last year, a Treasury Department contractor was convicted for illegally leaking tax records of prominent individuals to include Donald Trump and Elon Musk. In 2014, the IRS reached a settlement with the National Organization for Marriage for similarly leaking its donor list. Separately, a federal agency recently exposed the IRS’s vulnerability to hacking of the sensitive data it maintains, and watchdogs have taken notice. With this history of negligent handling of confidential documents, the possibility of unauthorized access or misuse of this data could deter donors from using LLCs for charitable purposes, consequently stifling charitable contributions and philanthropic initiatives.

The CTA has faced multiple legal challenges, with plaintiffs arguing that its reporting requirements violate constitutional rights, particularly the First Amendment right to free association. Cases like Texas Top Cop Shop, et al. v. Garland and Firestone v. Yellen invoke precedents set by Americans for Prosperity Foundation v. Bonta, which affirmed the right to privately associate without fear of government intrusion. The number of different lawsuits challenging the CTA across a multitude of jurisdictions makes it highly likely that the U.S. Supreme Court will ultimately review the law’s constitutionality.

The Corporate Transparency Act represents a shift away from recent trends prioritizing donor privacy. By requiring LLCs to disclose beneficial ownership, the law effectively bypasses safeguards for protecting donor privacy that nonprofits have fought hard to secure. The law’s expansive data collection and sharing framework are likely to create a chilling effect on philanthropic giving, undermining free speech and privacy rights.