Nov 2018 Charity & NFP Law Update
There is a growing global emphasis on and regulation of privacy as well as increasing stakeholder awareness and expectations with respect to how organizations handle their personal information. For example, the General Data Protection Regulation, which harmonizes data protection and privacy laws across all European Union jurisdictions, was implemented across the European Union on May 25, 2018. Further, on September 30, 2018, the negotiations were completed for the US-Mexico-Canada Agreement, which contains significant provisions on the transfer of personal information and data localization.
As well, in May 2018, the Office of the Privacy Commissioner of Canada (“OPC”) published two guidances for organizations subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Canada’s federal private sector privacy legislation – one regarding the concept of meaningful consent (which is to come into effect on January 1, 2019) and one on inappropriate data practices (which came into effect on July 1, 2018). Most recently, on November 1, 2018, the new data breach reporting and recordkeeping regime under PIPEDA came into force.
In light of these changes, many charities and not-for-profits have asked whether, and how, PIPEDA impacts them. As such, this bulletin provides a brief discussion on the intersection between PIPEDA and charities and not-for-profits, and recommends that charities and not-for-profits bring their policies and procedures into compliance with PIPEDA’s breach reporting and recordkeeping rules, even in circumstances where compliance may be voluntary.
For the balance of this Bulletin, please see Charity & NFP Law Bulletin No. 437.
