UPDATE ON THE APPLICATION OF PIPEDA TO MUNICIPALITIES, UNIVERSITIES, SCHOOLS
AND HOSPITALS

By U. Shen Goh, LL.B., LL.M., Trade-mark Agent

A. INTRODUCTION

As of January 1, 2004, the federal Personal Information Protection and Electronic Documents Act ("PIPEDA") applied to every organization in Canada that collects, uses and discloses personal information in the course of commercial activities.¹

Since the coming into force of PIPEDA, on January 1, 2004, many charitable and non-profit organizations have asked whether PIPEDA applies to them, i.e., whether the activities they engage in constitute commercial activities. Commercial activity is defined by PIPEDA as "any particular transaction, act or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or fundraising lists." While it is obvious that the legislators consider charitable and non-profit organizations capable of engaging in commercial activities, it is not obvious which activities charitable and non-profit organizations engage in will be considered commercial and which will not.²

B. FIRST FACT SHEET - CHARITABLE AND NON-PROFIT ORGANIZATIONS IN GENERAL

In response to this confusion, the Federal Privacy Commissioner released a fact sheet entitled "The Application of the Personal Information Protection and Electronic Documents Act to Charitable and Non-Profit Organizations" on March 31, 2004.³

The fact sheet made it clear that "[t]he bottom line is that non-profit status does not automatically exempt an organization from the application of [PIPEDA]." This affirmed the legal community's opinion that if charitable and non-profit organizations are not subject to PIPEDA, it is not because they are exempted as a class, but because they do not engage in commercial activities per se.

The fact sheet then made the general statement that, "[m]ost non-profits are not subject to [PIPEDA] because they do not engage in commercial activities. This is typically the case with most charities, minor hockey associations, clubs, community groups and advocacy organizations." In order to provide greater clarity, the fact sheet lists specific examples of what the Federal Privacy Commissioner does not consider commercial activities by stating that, "[c]ollecting membership fees, organizing club activities, compiling a list of members' names and addresses, and mailing out newsletters are not considered commercial activities. Similarly, fundraising is not a commercial activity."

However, the fact sheet also made it clear that to the extent that charitable and non-profit organizations did engage in commercial activities, they would be subject to PIPEDA, "for example, many golf clubs and athletic clubs, may be engaged in commercial activities."

C. SECOND FACT SHEET - MUNICIPALITIES, UNIVERSITIES, SCHOOLS AND HOSPITALS IN PARTICULAR

Since then, the Federal Privacy Commissioner has provided further clarity to the issue with its more recent fact sheet entitled "Municipalities, Universities, Schools, and Hospitals" on July 14, 2005.

The general rule is that municipalities, universities, schools and hospitals are not considered to engage in commercial activities and, as such, are not subject to PIPEDA. Although municipalities, universities, schools and hospitals sometimes charge a fee for their services, the Federal Privacy Commissioner is of the view that PIPEDA does not apply if the fee charged is for their "core activities", namely, those activities that are central to the mandate and responsibilities of the municipalities, universities, schools and hospitals. For example, charging a fee for the following services does not automatically trigger the application of PIPEDA:

Charging a fee for a private room;
Charging extra for a fiberglass cast;
Charging a per bag fee to collect garbage; or
Charging for the use of a playing field or arena.

There are specific exceptions, however, to the general rule discussed above.

First, private universities, schools and hospitals, as well as a private hospital's health care providers, are likely considered to be engaging in commercial activities and, as such, are likely subject to PIPEDA. In this regard, the Federal Privacy Commissioner has made it clear that:

Private educational institutions and private hospitals are in a different situation. These institutions are more clearly engaged in commercial activities and we would recommend that they operate on the assumption that they are subject to PIPEDA, unless substantially similar provincial legislation applies.

Health care providers in private practice such as doctors, dentists and chiropractors are engaged in a commercial activity and thus subject to the Act, unless substantially similar provincial legislation applies.

Second, municipalities, universities, schools and hospitals can be considered to engage in commercial activities and, as such, will be subject to PIPEDA if they charge a fee for "non-core activities", unless substantially similar provincial legislation applies. For example, charging a fee for the following services will trigger the application of PIPEDA, unless substantially similar provincial legislation applies:

Selling or bartering an alumni list;
Collecting personal information in the course of operating a parking garage;
Operating a coffee shop;
Running a TV rental service;
Operating a bookstore; or
Permitting a third party to operate any other business within the institution.

For more information on whether your charitable or non-profit organization is subject to substantially similar provincial legislation, please refer to Section C "Provincial Legislation and Its Application to Charitable and Non-Profit Organizations" of Charity Law Bulletin No. 70 "Privacy Legislation Increasingly Applied to Charitable and Non-Profit Organizations."

D. CONCLUSION

Since the implementation of PIPEDA on January 1, 2004, the Federal Privacy Commissioner has increasingly shed light on the meaning of commercial activities and, as such, what activities will be subject to PIPEDA. As this is a work in progress and there is still not much caselaw on this subject area, there are understandably still some areas of confusion. In such instances, it is highly recommended that charitable and non-profit organizations continue to voluntarily adhere to the underlying privacy principles of PIPEDA, in keeping with the reasonable expectation of donors and members that the charitable and non-profit organizations they support recognize their right to privacy as an essential issue.

Endnotes:

¹ For more information on PIPEDA, please refer to "Impact of the Personal Information Protection and Electronic Documents Act (PIPEDA) on Charitable and Non-Profit Organizations" (2003) Charity Law Bulletin No. 28, www.charitylawbulletin.ca.
² For more information on "commercial activities", please refer to "Update on the Application of The Personal Information Protection and Electronic Documents Act (PIPEDA) to Charitable and Non-Profit Organizations" (2004) Charity Law Bulletin No. 42, www.charitylawbulletin.ca.
³ For more information on PIPEDA's application to charitable or not-profit organizations, please refer to "Privacy Legislation Increasingly Applied to Charitable and Non-Profit Organizations" (2005) Charity Law Bulletin No. 70, www.charitylawbulletin.ca.