As of January 1, 2004, the federal privacy legislation
("PIPEDA") applies to the operations of all profit and non-profit
organizations that collect information for the purposes of conducting
commercial activities. This federal act balances an individual's right
to the privacy of personal information with the need of organizations
to collect, use or disclose personal information for legitimate business
purposes.
Conversant board members, senior staff, and fundraisers
know the difference between "confidential information" and
"personal information." Moreover, even if their organization
does not engage in any "commercial" activities as defined
in PIPEDA, there are important reasons why all non-profit organizations
should take the issue of privacy seriously. PIPEDA is and will be the
starting point for Ontario's privacy legislation. Both laws are responding
to the publics' demand for greater privacy. People will be expecting
organizations to use their private information appropriately and to
have privacy policies and procedures in place. While the government
may make a distinction between commercial and non-commercial activities,
your average constituent (volunteer/donor) may not. Therefore, ignoring
privacy issues sends a message that your organization does not respect
privacy wishes. Consequently, all organizations should develop privacy
policies and analyze how private information is being used and for what
purposes.
Commercial activities for non-profits may be defined as:
Client/Consumer lists
Special Events - participants, volunteers, pledgers
Online donors
In memorial gifts
Door to door campaigns
Third party lists
Ancillary business
Learn how to safeguard the privacy rights issues in your organization.
Envision the future and develop a Privacy Policy that will be
flexible and responsive to possible future challenges and opportunities.
Include privacy assessment and audit on:
internal and external communications and forms
security safeguards i.e. physical, organization, and technological
measures including third party contracts.
dissemination of privacy policy information to constituents and
training
policy for staff and volunteers
employee privacy policy and employment contracts
Direction - set goals and role clarity for the project/task/working
group(s).
Resources - secure resources to achieve the desired results.
M
Monitor - periodically review the relationship between organizational
vision and direction, ensuring that the privacy policy is well maintained
and progressive, within "developing" legal limits, toward
the desired end results.
Accountability - ensure efficient use of resources, reporting
progress and detours to the Board of Directors.
What you do not know can hurt you.
Latest Update Feb 23, 2004
Is fundraising considered a commercial activity?
Response: "PIPEDA as is, 'in general' does not cover
non-profit fundraising."
Can a complaint be lodged federally against a non-profit
for non-compliance?
Response: Yes.
Source: Personal Communication, February 23, 2004. Privacy
Commissioner of Canada Auditor.
Legal Disclaimer: Information and resource material provided is
based on current research and is for general information purposes
only. The material reflects interpretations and practices regarded
as valid as of the date the documents were developed based on available
information at that time. The material is not intended, and should
not be construed, as legal advice or opinion nor is it intended
to be endorsed as lawful practice.
In a time of limited resources and pending limitations on non-profit
"sustainability lifelines" and philanthropic appeals,
you need to get it right as expeditiously as possible.
For further information call:
Sue Aubin, Community Conscious Consulting
905-788-0795
