CBA Submits Recommendations for 2019 Pre-Budget Consultations

by Dev User | Aug 30, 2018 | Uncategorized

Aug 2018 Charity & NFP Law Update

On August 3, 2018, the Canadian Bar Association Charities and Not-for-Profit Law Section (“CBA”) provided recommendations to the federal government in response to the government’s call for submissions and recommendations on the 2019 Pre-Budget Consultation, as reported in the June 2018 Charity & NFP Law Update. The CBA advocated for the modernization of the regime for charities and not-for-profits, for amendments to the ITA to allow charities and not-for-profits to innovate, conduct business and earn tax-exempt profit in certain circumstances, and for the removal of barriers that restrict registered charities from working with non-registered charities or other not-for-profit organizations in order to maximize the work of the groups.

With regard to modernization of the regime for charities and not-for-profits, the CBA highlighted the federal government’s support for social enterprise and social finance initiatives, and stated that a modern regulatory system was not only in line with the government’s interests, but that it was needed to allow organizations to work more effectively and promote a sustainable environment within the sector. With regard to amendments to the ITA, the CBA recommended that the ITA should “clarify that charities and not-for-profit organizations must be able to innovate, carry on business activities and earn tax exempt profits, as long as those profits are used for the purposes of the organization and not for the undue benefit of any party or the personal benefit of any director, shareholder or member, directly or indirectly.”

The CBA indicated that these changes would benefit charities and not-for-profits by increasing certainty in the area of compliance to the law and decreasing the administrative costs and burden of dealing with compliance issues. This increased efficiency and productivity would in effect not only result in a sustainable regulatory environment for the organizations, but also “significantly increase its contributions to the growth and expansion of Canada’s economy.” Given that the deadline to submit recommendations for Budget 2019 has now passed, charities and not-for-profits will need to wait until the government’s release of Budget 2019, generally done in the spring, to see its impact on the charitable and not-for-profit sector.

​Read the August 2018 Year Charity & NFP Law Update

Court of Appeal: Termination Clause Excludes Common Law Damages

by Dev User | Aug 30, 2018 | Uncategorized

Aug 2018 Charity & NFP Law Update

On June 22, 2018, the Ontario Court of Appeal released its decision in Amberber v IBM Canada Ltd., which case dealt with the enforceability of a termination clause within a written contract of employment. In this case, the employer, IBM Canada Ltd., successfully appealed a summary judgment where the motion judge held that the termination clause was unenforceable in precluding an employee from claiming common law damages regarding reasonable notice. The Court of Appeal, in reversing the summary judgment order and declaring that the clause was in fact enforceable, clarified certain contract interpretation principles pertaining to the termination clause. Of particular importance to the construction and interpretation of contracts was the aspect of the decision dealing with the need to read the entire clause as a whole and avoiding ambiguity when interpreting contracts. This decision is relevant to charities and not-for-profits that are seeking to enforce termination clauses in employment contracts with their employees.

For the balance of this Bulletin, please see Charity & NFP Law Bulletin No. 427.

​Read the August 2018 Year Charity & NFP Law Update

Data Breach Costs in Canada Among the Highest in the World – Ponemon Institute

by Dev User | Aug 30, 2018 | Uncategorized

Aug 2018 Charity & NFP Law Update

On July 11, 2018, the Ponemon Institute, LLC published the results of its annual study of the financial impact of data breaches on organizations in its 2018 Cost of a Data Breach Study: Global Overview (“Study”). The Study surveyed IT, data protection and compliance professionals in fifteen countries or regions whose organizations had experienced data breaches over the past year. According to the Study’s findings, the cost of data breaches on organizations’ bottom lines has continued to rise and more consumer records are lost or stolen every year.

In calculating costs to organizations, the Study broke the cost of a privacy breach into four cost centres: (1) costs related to detection, reporting and escalation of data breaches; (2) costs of notifying the individuals whose data was breached, notifying regulators and carrying out regulatory activities and communications; (3) costs of the post-breach response, including implementing processes to help individuals whose data was compromised and to pay for redress and reparations; and (4) the costs of lost business resulting from the data breach, such as business disruption, system downtime, customer “churn,” revenue losses and loss of reputation and goodwill.

The Study found that the average cost of a data breach has increased around the world, with the highest average per capita costs of a data breach being in the United States ($233 USD) and Canada ($202 USD). Canada had the highest direct costs per compromised record, at $81 USD per record, including expenses such as forensic expert costs, legal costs and identity protection services for victims. The United States had the highest indirect per capital cost of a data breach at $152 USD, such as the costs of using organizational resources for breach-related activities as well as the loss of goodwill and customer churn, with Canada in second place at $116 USD. It also found that criminal and malicious attacks cause the most data breaches, with organizations in the United States ($258 USD) and Canada ($213 USD) spending the most money to resolve malicious or criminal attacks on personal data. According to the Study, data breaches resulting from human error or system failure are less expensive to resolve.

The Study identified a number of factors that will affect the cost of a data breach. The top five cost-reducing factors include having an incident response team, extensive use of encryption, business community management involvement, employee training and participation in threat sharing. The top five cost-increasing factors include third-party involvement, extensive cloud migration, compliance failures, extensive use of mobile platforms and lost or stolen devices. Generally, the Study found that organizations that identified and contained data breaches more quickly were able to keep costs lower; costs for organizations that took over 100 days to do so were on average $1 million USD higher than those who took fewer than 100 days. The Study also identified a consistent relationship between the number of records lost and the cost of the data breach. The more records are lost, the higher the cost of the breach.

As data breaches can impact any organization, charities and not-for-profits should review the findings of the Study and of the potential costs to organizations for breaches of personal data. The Study serves as a reminder that the costs of data breaches can be extremely high and that charities and not-for-profits should adopt internal policies to prevent data breaches. Additionally, its outline of the factors that influence these costs may be a useful resource to guide charities and not-for-profits in implementing best practices to decrease costs when responding to data breaches.

​Read the August 2018 Year Charity & NFP Law Update

Federal Court Upholds Privacy of Personal Information Against CRA

by Dev User | Aug 30, 2018 | Uncategorized

Aug 2018 Charity & NFP Law Update

On June 15, 2018, the Federal Court released its decision in Canada (National Revenue) v Hydro-Québec, in which the court denied the Minister of National Revenue’s (“Minister”) request for authorization to receive customer information from Hydro-Québec, notwithstanding the fact that Hydro-Québec was prepared to surrender the information to the Minister. This information would have included the names, addresses, phone numbers and billing dates, among other things, of Hydro-Québec’s customers who were paying a business rate for services (“business customers”).

The Minister has a broad power to collect information or documents from any person for the purpose of administering and enforcing the ITA under subsection 231.2(1). However this power is subject to subsection 231.2(2) of the ITA, which requires the Minister to first obtain the authorization of a judge if the requested information or documents relate to “one or more unnamed persons.” Since the Minister wished to collect information relating to unnamed persons from Hydro-Québec, it brought an application to the court for authorization. The court denied the application on grounds that it did not meet the criteria required for judicial authorization to be granted under the ITA. The court also exercised its judicial discretion to deny the request due to the “practically unlimited scope of the request and a complete lack of consideration for the invasion of privacy.”

In its analysis, the court examined the statutory test by which a court may grant judicial authorization under subsection 231.2(3) of the ITA, which requires two conditions to be met: (1) that the person or group to whom the information relates is ascertainable, and (2) that the information is to verify that the person or group is complying with any duty or obligation under the ITA. The court rejected the Minister’s interpretation of the ITA provision on the basis that it was overly broad and would enable “an unlimited invasion of privacy.” Adopting a strict reading of the ITA test, the court found that “the information and documents that may be required are those that shed light on compliance with the Act of an ascertainable group within the meaning of the ITA”. The court held that the “mere identity of the business clients of a public utility does not meet that requirement.” Further, the court noted that in determining whether a group is ascertainable, the judge must ensure that “the requested documents be part of a tax audit conducted in good faith, with a genuine factual basis.”

The court therefore held that the Minister failed to sufficiently demonstrate either part of the test under subsection 231.2(3). Importantly, it unequivocally stated that, even if the conditions were met, it would have refused to grant judicial authorization because of the extent of the intrusion requested by the Minister. Emphasizing that the court retained discretion to grant authorization whether or not the conditions were met, it held that judicial intervention was required to prevent an “invasion of the privacy of many people”.

This case is particularly relevant to the rising concerns with privacy protection and gives some assurance to charities and not-for-profits that the government does not have limitless authority to collect the information of taxpayers. Rather, the court clearly affirms that the public significantly has the right to privacy from the state and in this case held it to be more important than the Minister’s request for information under the ITA. Charities and not-for-profits that receive requests from the CRA to collect information of unnamed persons may therefore be able to deny such requests, and should seek legal advice prior to divesting such information.

​Read the August 2018 Year Charity & NFP Law Update