The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

Privacy Calendar

Links

RSS FEED for this site

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Wednesday, December 14, 2005

Churches and the federal privacy law

Focus on the Family is running the following article in their "Today's Family News":

Churches fear breaching privacy laws
December 14, 2005
Recent privacy legislation is causing some churches to fear they could be breaking the law simply by circulating the addresses of members, praying aloud for people by name, and – at least in Ontario – making hospital visits, the Ottawa Citizen reported.
At the heart of their concern, which some think is exaggerated, is the Personal Information Protection and Electronic Documents Act, which Parliament passed in January 2004. It primarily affects businesses and would only apply to churches that sold their parish or membership lists or charged for their services.
Even so, it has prompted some pastors to question whether even making public the names and addresses of the people in their congregations might be deemed illegal under the Act.
One church in Halifax, for example, removed a “prayer board” in its foyer listing the names of people in hospital. Others have adopted privacy policies and some have even appointed privacy officers to oversee the correct handling of information.
For clergy in Ontario, the province’s year-old Personal Health Information Protection Act has made it more difficult from them to visit hospital patients, even if they belong to the same denomination.
Patients when being admitted have the option of indicating their faith background, which James Christie, dean of the faculty of theology at the University of Winnipeg, says clergy have assumed indicated they would welcome “some sort of pastoral presence.” But now, as he told the Citizen, “that graciousness is gone.”
But London, Ontario, lawyer Janet Allinson, a specialist in privacy law, believes many churches “are misunderstanding the legislation altogether. I get quite a few calls from people very concerned, they are so afraid of the Privacy Act.”
"I think it's important that they don't lose the spirit and treat it like a business" added Allinson.

The impact of the federal private sector privacy law has been very misunderstood by churches and other non-profits.

The Personal Information Protection and Electronic Documents Act, or PIPEDA as it is commonly known, applies to the collection, use and disclosure of personal information in the course of commercial activities, except in those provinces that have enacted substantially similar legislation. Ontario has not enacted legislation that is substantially similar to PIPEDA (other than the Personal Health Information Protection Act which may hinder the abilities of health information custodians to share information with visiting clergy, but does not regulate churches directly). In short, PIPEDA applies to personal information that is handled in connection with commercial activities, other than in Alberta, BC and Quebec.

The reason for the commercial activity connection is that the Federal Government is relying upon its constitutional jurisdiction over general trade and commerce in Canada to implement PIPEDA. It can use this power to regulate commerce generally, but is not able to regulate the non-profit sector using this power except to the extent that the non-profit organization actually is engaged in commercial activity. There are some activities that a non-profit can engage in that are deemed commercial activities and some activities can be sufficiently commercial to invoke PIPEDA. The deemed activities are generally limited to certain kinds of dealing with membership and donor lists. If a church exchanges, sells, trades or leases its membership list, that is a deemed commercial activity and PIPEDA applies (including requiring consent for the transfer). The key is an exchange of value. If a list is freely given with no expectation of any value in return, there is no commercial activity and PIPEDA is not triggered. Also, if a church veers away from its core not-for-profit objectives, it can be seen to be engaged in commercial activity. Charging admission to a benefit concert for the church is not commercial activity. Operating a business within the church may be commercial. Church fund-raising is not a commercial activity, nor is praying out loud or listing members in a directory.

This does not mean that a church or a non-profit shoudn't follow fair information practices. This is not because it is required by PIPEDA or any other law, but rather because it is just the right thing to do. Churches are entrusted with sensitive personal information. Having a privacy policy that is reasonable and consistently followed sends a positive message to the members of the congregation who are more privacy aware.

Labels: alberta, health information, information breaches, phipa, privacy