by Dev User | Aug 30, 2018 | Uncategorized
Aug 2018 Charity & NFP Law Update
On August 3, 2018, the Canadian Bar Association Charities and Not-for-Profit Law Section (“CBA”) provided recommendations to the federal government in response to the government’s call for submissions and recommendations on the 2019 Pre-Budget Consultation, as reported in the June 2018 Charity & NFP Law Update. The CBA advocated for the modernization of the regime for charities and not-for-profits, for amendments to the ITA to allow charities and not-for-profits to innovate, conduct business and earn tax-exempt profit in certain circumstances, and for the removal of barriers that restrict registered charities from working with non-registered charities or other not-for-profit organizations in order to maximize the work of the groups.
With regard to modernization of the regime for charities and not-for-profits, the CBA highlighted the federal government’s support for social enterprise and social finance initiatives, and stated that a modern regulatory system was not only in line with the government’s interests, but that it was needed to allow organizations to work more effectively and promote a sustainable environment within the sector. With regard to amendments to the ITA, the CBA recommended that the ITA should “clarify that charities and not-for-profit organizations must be able to innovate, carry on business activities and earn tax exempt profits, as long as those profits are used for the purposes of the organization and not for the undue benefit of any party or the personal benefit of any director, shareholder or member, directly or indirectly.”
The CBA indicated that these changes would benefit charities and not-for-profits by increasing certainty in the area of compliance to the law and decreasing the administrative costs and burden of dealing with compliance issues. This increased efficiency and productivity would in effect not only result in a sustainable regulatory environment for the organizations, but also “significantly increase its contributions to the growth and expansion of Canada’s economy.” Given that the deadline to submit recommendations for Budget 2019 has now passed, charities and not-for-profits will need to wait until the government’s release of Budget 2019, generally done in the spring, to see its impact on the charitable and not-for-profit sector.
Read the August 2018 Year Charity & NFP Law Update
by Dev User | Aug 30, 2018 | Uncategorized
Aug 2018 Charity & NFP Law Update
On June 22, 2018, the Ontario Court of Appeal released its decision in Amberber v IBM Canada Ltd., which case dealt with the enforceability of a termination clause within a written contract of employment. In this case, the employer, IBM Canada Ltd., successfully appealed a summary judgment where the motion judge held that the termination clause was unenforceable in precluding an employee from claiming common law damages regarding reasonable notice. The Court of Appeal, in reversing the summary judgment order and declaring that the clause was in fact enforceable, clarified certain contract interpretation principles pertaining to the termination clause. Of particular importance to the construction and interpretation of contracts was the aspect of the decision dealing with the need to read the entire clause as a whole and avoiding ambiguity when interpreting contracts. This decision is relevant to charities and not-for-profits that are seeking to enforce termination clauses in employment contracts with their employees.
For the balance of this Bulletin, please see Charity & NFP Law Bulletin No. 427.
Read the August 2018 Year Charity & NFP Law Update
by Dev User | Aug 30, 2018 | Uncategorized
Aug 2018 Charity & NFP Law Update
On July 11, 2018, the Ponemon Institute, LLC published the results of its annual study of the financial impact of data breaches on organizations in its 2018 Cost of a Data Breach Study: Global Overview (“Study”). The Study surveyed IT, data protection and compliance professionals in fifteen countries or regions whose organizations had experienced data breaches over the past year. According to the Study’s findings, the cost of data breaches on organizations’ bottom lines has continued to rise and more consumer records are lost or stolen every year.
In calculating costs to organizations, the Study broke the cost of a privacy breach into four cost centres: (1) costs related to detection, reporting and escalation of data breaches; (2) costs of notifying the individuals whose data was breached, notifying regulators and carrying out regulatory activities and communications; (3) costs of the post-breach response, including implementing processes to help individuals whose data was compromised and to pay for redress and reparations; and (4) the costs of lost business resulting from the data breach, such as business disruption, system downtime, customer “churn,” revenue losses and loss of reputation and goodwill.
The Study found that the average cost of a data breach has increased around the world, with the highest average per capita costs of a data breach being in the United States ($233 USD) and Canada ($202 USD). Canada had the highest direct costs per compromised record, at $81 USD per record, including expenses such as forensic expert costs, legal costs and identity protection services for victims. The United States had the highest indirect per capital cost of a data breach at $152 USD, such as the costs of using organizational resources for breach-related activities as well as the loss of goodwill and customer churn, with Canada in second place at $116 USD. It also found that criminal and malicious attacks cause the most data breaches, with organizations in the United States ($258 USD) and Canada ($213 USD) spending the most money to resolve malicious or criminal attacks on personal data. According to the Study, data breaches resulting from human error or system failure are less expensive to resolve.
The Study identified a number of factors that will affect the cost of a data breach. The top five cost-reducing factors include having an incident response team, extensive use of encryption, business community management involvement, employee training and participation in threat sharing. The top five cost-increasing factors include third-party involvement, extensive cloud migration, compliance failures, extensive use of mobile platforms and lost or stolen devices. Generally, the Study found that organizations that identified and contained data breaches more quickly were able to keep costs lower; costs for organizations that took over 100 days to do so were on average $1 million USD higher than those who took fewer than 100 days. The Study also identified a consistent relationship between the number of records lost and the cost of the data breach. The more records are lost, the higher the cost of the breach.
As data breaches can impact any organization, charities and not-for-profits should review the findings of the Study and of the potential costs to organizations for breaches of personal data. The Study serves as a reminder that the costs of data breaches can be extremely high and that charities and not-for-profits should adopt internal policies to prevent data breaches. Additionally, its outline of the factors that influence these costs may be a useful resource to guide charities and not-for-profits in implementing best practices to decrease costs when responding to data breaches.
Read the August 2018 Year Charity & NFP Law Update
