Tax and Charity Law in Toronto, Canada
Aptlaw.com - A Tax and Charity Law Practice
Home Page Newsletters Charity Presentation Corporate Tax Charities Biography
 
Contact Adam		  
Sign-Up Now!
  "I recently gave a
presentation on Charities
and Politics Don’t Mix"

  
   
 


EMAIL Adam:
click here.

Call Adam:
(416) 712 - 2218

Privacy Policy

  
  Newsletters
 

 

Aptlaw.com
A law newsletter for charities and NFPs by Adam Aptowitzer LL.B.

  
 

 

A Note from the Editor

Welcome to the fourth and final part of our series on the new privacy legislation. Since the last issue, we have had a dramatic increase in the number of subscribers to this newsletter. I would like to welcome our many new subscribers and thank all of our original readers for forwarding this newsletter to so many people. Please continue to circulate this newsletter to anyone who you feel may benefit from it.

Practical PIPEDA for Charities and NPOs - Part IV

The last three newsletters dealt with the applicability of the Personal Information Protection and Electronic documents Act ( PIPEDA ) to charities and not-for-profits in Canada and the practical aspects of collection, storage, and use, of information collected from Canadians. The fourth and final part of this series is meant to deal with an organization's accountability for compliance with the legislation and its handling of complaints of noncompliance. Please keep in mind that this newsletter is for informative purposes only and should you require legal advice please feel free to contact me for a consultation.

By way of review, PIPEDA is based on the Canadian Standards Association's Model Code for the Protection of Personal Information. The code has ten principles, which, loosely categorized, govern the collection, use, and handling of personal information. A list of these principles and commentary on each of them is available at the website of the Privacy Commissioner of Canada .

Accountability

When an organization controls an individual's personal information it is accountable for its storage and use by either the organization or a third party to whom it is connected (such as fundraisers and mailhouses ). As part of ensuring accountability and proper compliance with PIPEDA , each organization must designate an individual who is responsible for the organization's compliance with the law (perhaps with a title such as the Chief Privacy Policies and Practices Officer or "C3PO" for Star Wars fans). This person must be intimately familiar with the organization's privacy policy, data collection, storage and use procedures and PIPEDA . Furthermore, a C3PO must have the support of the organization and authority to intervene on relevant privacy issues. Privacy training should also extend to all employees and ideally include their involvement in the development and implementation of personal information policies and practices. Finally, and while it might be trite to say, the accountability principle is a catch all phrase meaning that your organization is responsible for complying with the other principles of PIPEDA.

Provide Recourse

An individual is entitled to raise a challenge to an organization's PIPEDA compliance with the designated information officer (the C3PO) within the organization. In practical terms, this means an organization must have policies in place to comply with this principle, including:

- Simple and accessible complaint procedures,

- Investigative powers for the C3PO to investigate the relevant information and employees (and the proper training to not disrupt the work atmosphere), and

- Resolution procedures (for example, notifying the complainant of the investigator's conclusion and any changes that were made to the person's information or the organization's privacy policies as a result of the complaint).

This principle may be especially critical in maintaining your organization's reputation for professionalism. All organizations make mistakes but the thorough and careful resolution of complaints can make the difference between absolution and punishment.

The Commissioner's Role

The Privacy Commissioner will conduct an investigation of an organization's privacy practices and policies upon a written complaint from an individual or if it has reasonable grounds to do so. The Commissioner will also conduct an investigation (and for this purpose has certain investigative powers such as compelling witnesses to give evidence) and will generally try to mediate a settlement to the dispute and encourage a change in the organization's policies or practices where appropriate. Appeals from decisions of the Privacy Commissioner are made to the Federal Court.

  
    Home | Newsletters | Charity Presentation | Corporate | Tax | Charities | Biography  
    Privacy Policy. Site best viewed using Internet Explorer. © Design and Content 2005 Adam Aptowitzer. All rights reserved.