Extending Privacy Protection Obligations To Non-Profits In Alberta

more+
less-

Earlier this month, the Alberta Information and Privacy Commissioner, Jill Clayton, published the second instalment of her submissions with respect to the review of the Alberta Freedom of Information and Protection of Privacy Act (FIPPA). This second instalment involves technical suggestions regarding amendments to FIPPA.

One issue the Commissioner focused attention on was the application of privacy legislation to non-profit organizations, particularly when information is shared between public bodies and those non-profits. The Commissioner wrote:

There is an increasing movement towards citizen-centred service delivery involving cross-sectoral partners (public, private and health sectors). I am concerned that the personal information of Albertans may not be protected in situations where one of the partners is a non-profit organization that is not subject to privacy legislation.

Only certain non-profit organizations in Alberta are subject to the Personal Information Protection Act (PIPA) when they are collecting, using or disclosing personal information in connection with a commercial activity. The Commissioner recommends that PIPA be amended to apply to all non-profits.

In the meantime, however, the Commissioner recommends that when non-profits are engaged in cross-sectoral activities with public bodies subject to FIPPA, the public body should be accountable for the collection, use, disclosure and protection of personal information.

This is an intriguing suggestion. On the one hand, it could assist in lawful information sharing between the non-profit and the public body, while ensuring that there is accountability irrespective of where the information resides.

On the other hand, it could result in complicating these cross-sectoral partnerships as a result of the purpose limitation provisions of section 33 of FIPPA. Section 33 of FIPPA prohibits public bodies from collecting personal information unless it is expressly authorized by legislation, it is for law enforcement, or it “relates directly to and is necessary for an operating program or activity of the public body”. Any amendment that would make a public body accountable for the information collection activities of the non-profit must be drafted carefully to avoid having the effect of limiting the legitimate collection, use, retention and disclosure activities of the non-profit in that information, which may be different and broader than those of the public body and which could be part of the reason for the cross-sectoral partnership in the first place.

- See more at: http://www.datagovernancelaw.com/extending-privacy-protection-obligations-to-non-profits-in-alberta#sthash.Fxiwv8nk.dpuf

Earlier this month, the Alberta Information and Privacy Commissioner, Jill Clayton, published the second instalment of her submissions with respect to the review of the Alberta Freedom of Information and Protection of Privacy Act (FIPPA). This second instalment involves technical suggestions regarding amendments to FIPPA.

One issue the Commissioner focused attention on was the application of privacy legislation to non-profit organizations, particularly when information is shared between public bodies and those non-profits. The Commissioner wrote:

There is an increasing movement towards citizen-centred service delivery involving cross-sectoral partners (public, private and health sectors). I am concerned that the personal information of Albertans may not be protected in situations where one of the partners is a non-profit organization that is not subject to privacy legislation.

Only certain non-profit organizations in Alberta are subject to the Personal Information Protection Act (PIPA) when they are collecting, using or disclosing personal information in connection with a commercial activity. The Commissioner recommends that PIPA be amended to apply to all non-profits.

In the meantime, however, the Commissioner recommends that when non-profits are engaged in cross-sectoral activities with public bodies subject to FIPPA, the public body should be accountable for the collection, use, disclosure and protection of personal information.

This is an intriguing suggestion. On the one hand, it could assist in lawful information sharing between the non-profit and the public body, while ensuring that there is accountability irrespective of where the information resides.

On the other hand, it could result in complicating these cross-sectoral partnerships as a result of the purpose limitation provisions of section 33 of FIPPA. Section 33 of FIPPA prohibits public bodies from collecting personal information unless it is expressly authorized by legislation, it is for law enforcement, or it “relates directly to and is necessary for an operating program or activity of the public body”. Any amendment that would make a public body accountable for the information collection activities of the non-profit must be drafted carefully to avoid having the effect of limiting the legitimate collection, use, retention and disclosure activities of the non-profit in that information, which may be different and broader than those of the public body and which could be part of the reason for the cross-sectoral partnership in the first place.

Topics:  Canada, Data Protection, Employer Liability Issues, FIPPA, Non-Profits, Privacy Laws, Right to Privacy

Published In: General Business Updates, Nonprofits Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »