F27. I understand that there are laws about personal information. Do these privacy laws apply to our registered charity’s fundraising activities?

F27. I understand that there are laws about personal information. Do these privacy laws apply to our registered charity's fundraising activities?

Short answer

They may or may not. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) covers the collection, use, or disclosure of personal information in the course of any commercial activity within a province, including provincially regulated organizations. The definition of commercial activity is "any particular transaction, act or conduct or any regular course of conduct that is of commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists."

If you don't buy or sell donor lists, then it may not affect you. If you are involved in transferring these lists, you need to pay careful attention.

As well, where a charity contracts a for-profit third party to do its fundraising, the third party may be required to comply with PIPEDA in carrying out the contract.

Long answer

Based on this definition, the charity itself gathering information about donors in order to solicit them for a gift may not be considered commercial activity and is not covered by PIPEDA. Thus, the majority of fundraising functions conducted by a charity are exempt from the requirements of PIPEDA.

Charities will be affected, however, if they sell, barter, or lease their donor lists. If so, the charities would have to get the consent of an individual before they can put that person on a donor list that would be sold, bartered, or leased to another organization. Similarly, when leasing or renting external lists, charities must ensure that the source organization has complied with the PIPEDA.

As a matter of good risk management and to protect the groups reputation, it is prudent for charities contracting for-profit third parties for fundraising activities to require that they comply with all applicable legal requirements. However, in this circumstance, the final responsibility for compliance would rest with the service provider.

This same principle of consent applies for any other activity that might be considered a "commercial" activity. You will need to assess your activities to figure out if they fall under the definition of commercial activity.

A fact sheet from the Office of the Privacy Commissioner of Canada, "The Application of the Personal Information Protection and Electronic Documents Act (PIPEDA) to Charitable and Non-Profit Organizations," states that "although the Act does not generally apply to charities, associations and other similar organizations, we recommend that such organizations provide their members, donors or supporters with an opportunity to decline to receive further communications". This fact sheet is available here.

You and your fundraisers need to be aware of both the privacy legislation and the regulations associated with the legislation. Sometimes, the regulations may provide clear and specific details where the legislation is ambiguous or the regulations may provide more freedom than the legislation sets out.


FAQ F30 lists privacy legislation across the country.