Domini Impact Investments LLC logo
Domini Impact Investments LLC

Domini Impact Investments: Critical Legal Risks in Privacy and Data Sharing Clauses

A legal case study of Domini Impact Investments LLC's Terms & Conditions reveals privacy, data sharing, and compliance risks that may expose the company to regulatory fines and litigation. See key redlines and solutions.

When We Examined Domini Impact Investments’ Legal Framework: Four Costly Risks Revealed

Imagine a scenario where a single ambiguous clause in your privacy policy could expose your company to millions in GDPR or CCPA fines. Our analysis of Domini Impact Investments LLC’s Terms & Conditions uncovers four critical issues—each with direct financial and regulatory consequences.

1. Vague Data Sharing After Customer Relationship Ends Domini’s policy states: “When you are no longer our customer, we continue to share your information as described in this notice.” This clause lacks specificity on the purposes and legal basis for continued data sharing, risking non-compliance with GDPR Article 17 (Right to Erasure) and CCPA deletion rights. Regulatory penalties for violating these provisions can reach €20 million or 4% of annual global turnover under GDPR.

Legal Analysis
high Risk
Removed
Added
When you are no longer our customer, we continue to sharewill cease sharing your personal information except as describedrequired by law or for legitimate business purposes, and will comply with applicable data deletion and erasure requests in this noticeaccordance with GDPR, CCPA, and other relevant regulations.

Legal Explanation

The original clause is vague and fails to address the right to erasure under GDPR and CCPA. The revision clarifies post-relationship data handling and aligns with regulatory requirements, reducing risk of non-compliance.

2. Insufficient Opt-Out Mechanism for Data Sharing The notice provides: “To limit our sharing, send us an email at privacy@domini.com or call 1-800-582-6757.” However, the opt-out process is not clearly described, lacks confirmation, and does not specify response timeframes. This ambiguity can result in consumer complaints, regulatory scrutiny, and potential class-action litigation, with settlements in similar cases exceeding $1 million.

Legal Analysis
medium Risk
Removed
Added
To limit our sharing, send us anyou may submit a request via email at privacy@domini.com or callby calling 1-800-582-6757. We will confirm receipt of your request within 10 business days and fulfill your request within 45 days, as required by applicable law.

Legal Explanation

The original clause lacks a clear process, confirmation, and timeline for opt-out requests. The revision provides a compliant, transparent opt-out mechanism, reducing litigation and regulatory risk.

3. Overly Broad Use of Personal Information for Marketing The clause: “For our marketing purposes – to offer our products and services to you – Yes – No” is ambiguous and does not clarify the scope, consent mechanism, or opt-out rights for marketing communications. This exposes Domini to TCPA and CAN-SPAM Act violations, which can result in statutory damages of $500–$1,500 per unsolicited message.

Legal Analysis
high Risk
Removed
Added
For our marketing purposes – to offer our products and services to you – Yes – Nowe will only use your personal information with your explicit consent, and you may opt out of marketing communications at any time as required by the TCPA and CAN-SPAM Act.

Legal Explanation

The original clause is ambiguous and does not specify consent or opt-out rights. The revision ensures compliance with marketing laws and clarifies user rights, reducing exposure to statutory damages.

4. Lack of State-Specific Privacy Disclosures While the policy references federal law, it omits required disclosures for residents of states like California (CCPA/CPRA), Virginia (VCDPA), and Colorado (CPA). This omission can trigger state attorney general investigations and statutory damages of $2,500–$7,500 per violation, per consumer.

Legal Analysis
critical Risk
Removed
Added
Federal law gives you the right to limit only: Sharing for affiliates’ everyday business purposes—information about your creditworthiness Affiliates from using your information to market to you Sharing for nonaffiliates to market to you Stateand state laws, including but not limited to CCPA/CPRA (California), VCDPA (Virginia), and individual companiesCPA (Colorado), may giveprovide you with additional rights to limit sharing, request access, deletion, or correction of your personal information. Please refer to the state-specific disclosures below.

Legal Explanation

The original clause omits required state-specific privacy disclosures. The revision incorporates mandatory language for state law compliance, reducing risk of state attorney general enforcement.

---

Conclusion: Proactive Redlining for Legal Protection Our analysis reveals that Domini’s current terms could expose the company to multi-million dollar regulatory fines, litigation costs, and reputational damage. Proactive redlining and legal review are essential to mitigate these risks and strengthen enforceability.

**Are your company’s privacy terms exposing you to hidden liabilities? How often do you review your compliance with evolving state and federal privacy laws? What would a single regulatory investigation cost your business?**

*This analysis is for educational purposes only and does not constitute legal advice. For actual legal guidance, consult with a licensed attorney. This assessment is based on publicly available information and professional legal analysis. See erayaha.ai’s terms of service for liability limitations.*