CHARITY LAW BULLETIN No. 42

April 23, 2004
Editor: Terrance S. Carter

UPDATE ON THE APPLICATION OF THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) TO CHARITABLE AND NON-PROFIT ORGANIZATIONS

By Mark J. Wong, B.A., LL.B., and U. Shen Goh, LL.B, LL.M.

A. INTRODUCTION

As of January 1, 2004, the Personal Information Protection and Electronic Documents Act ("PIPEDA" or the "Act") applies to every organization that collects, uses or discloses personal information in the course of commercial activities. In November of 2003, Charity Law Bulletin No. 28 was published and provides a full discussion of the impact of PIPEDA on charitable and non-profit organizations, it is available at http://www.charitylawbulletin.ca//2003/chylb28.pdf. On March 31, 2004, the Office of the Privacy Commissioner of Canada (the "Privacy Commissioner") released a Fact Sheet (the "Fact Sheet") entitled "The Application of the Personal Information Protection and Electronic Documents Act to Charitable and Non-Profit Organizations", a copy of which can be found at http://www.privcom.gc.ca/fs-fi/02_05_d_19_e.asp. In the Fact Sheet, the Privacy Commissioner stated, "The bottom line is that non-profit status does not automatically exempt an organization from the application of the Act."

B. APPLICATION OF PIPEDA TO CHARITABLE AND NON-PROFIT ORGANIZATIONS

All charitable and non-profit organizations should be aware of the Fact Sheet released on March 31, 2004, which clarifies the application of PIPEDA to these organizations. The only exception from PIPEDA is in provinces that enact legislation that is substantially similar to PIPEDA. To date, the only provinces which have enacted privacy legislation are Quebec, Alberta and British Columbia. Ontario is currently proposing Bill 31, The Health Information Protection Act, to regulate the collection of personal health information. As the bill is not yet law, all organizations in Ontario that collect, use or disclose personal information, including personal health information, in the course of commercial activities are subject to PIPEDA. Whether a charitable or non-profit organization will be subject to PIPEDA depends on whether the organization engages in the kind of commercial activities contemplated by the Act.

In the Fact Sheet, the Privacy Commissioner stated the following:

The presence of commercial activity is the most important consideration in determining whether or not an organization is subject to the Act. Section 2 of the Act defines "commercial activity" as:

"… any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists."

Whether or not an organization operates on a non-profit basis is not conclusive in determining the application of the Act. The term non-profit or not-for-profit is a technical term that is not found in PIPEDA. The bottom line is that non-profit status does not automatically exempt an organization from the application of the Act.

In addition, the Privacy Commissioner made the following points in the Fact Sheet:

- Most non-profits are not subject to the Act because they do not engage in commercial activities. This is typically the case with most charities, minor hockey associations, clubs, community groups and advocacy organizations.

- Collecting membership fees, organizing club activities, compiling a list of members' names and addresses, and mailing out newsletters are not considered commercial activities.

- Fundraising is not a commercial activity. However, some clubs, for example many golf clubs and athletic clubs, may be engaged in commercial activities which are subject to the Act.

- Although the Act does not generally apply to charities, associations and other similar organizations, [the Privacy Commissioner] recommend[s] that such organizations provide their members, donors or supporters with an opportunity to decline to receive further communications.

Accordingly, charitable and non-profit organizations should carry out privacy audits to determine what personal information they collect, use and disclose, and whether such personal information is subject to PIPEDA.

C. CONCLUDING COMMENTS

Although a charity may not be subject to PIPEDA, it is still important for the charity to adhere to the underlying privacy principles. In this day and age, donors and members expect charities to recognize that an individual's right to privacy is an essential issue. As such, charities need to demonstrate that they understand the importance of maintaining the anonymity of donors and protecting personal information in their care and control, as their relationship with those that support their activities is founded on trust and they must show a commitment to maintaining this trust.

For these reasons, it is still recommended that charities have a privacy policy to provide all the safeguards as standardized in PIPEDA. The privacy policy confirms a charity's dedication to protecting privacy and maintaining the trust that its donors and members have placed in the charity.

 

DISCLAIMER: This Charity Law Bulletin is a summary of current legal issues provided as an information service by Carters Professional Corporation. It is current only as of the date of the Bulletin and does not reflect subsequent changes in the law. The Charity Law Bulletin is distributed with the understanding that it does not constitute legal advice or establish the solicitor/client relationship by way of any information contained herein. The contents are intended for general information purposes only and under no circumstances can be relied upon for legal decision-making. Readers are advised to consult with a qualified lawyer and obtain a written opinion concerning the specifics of their particular situation.
© 2008 Carters Professional Corporation