Bill C-12, An Act to Amend the Personal Information Protection and Electronic Documents Act ("PIPEDA"), was introduced in the House of Commons on September 29, 2011. It proposes changes to federal privacy legislation regarding organizations' collection, use and disclosure of individuals' personal information. Also referred to as the Safeguarding Canadians' Personal Information Act, it was previously introduced as Bill C-29 in May 2010 during the last session of Parliament, but died on the order paper when Parliament was dissolved in March 2011.

Disclosure requirements changed

The Bill includes amendments which will affect personal information disclosure by charities and nonprofits. In particular, proposed amendments would:

• Permit organizations to disclose personal information to another organization without the knowledge or consent of the individual where the disclosure is necessary to investigate a breach of an agreement, a contravention of the laws of Canada, or in order to "prevent, detect or suppress fraud";
• Permit organizations to disclose personal information to an individual's next of kin, authorized representative or to a government institution without the knowledge or consent of the individual where the organization believes that the individual has been the victim of financial abuse; and
• Restrict organizations from informing individuals that their personal information has been shared with enforcement and security agencies where the government institution to whom the information was disclosed objects. This includes situations involving government institution requests for information under the national security, law enforcement or policing services exemptions, including a request for disclosure under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

Catching up with digital world

Additionally, keeping pace with digital technologies is a focus of the Bill. In this regard, Bill C-12 re-introduces amendments that will clarify organizations' responsibilities under PIPEDA.

The Bill also introduces new responsibilities, such as requiring organizations to report breaches of security safeguards involving personal information. As charities and nonprofits continue to use rapidly evolving technology to enhance the exchange of information in their operations, legislative changes to personal information and privacy laws will require continued compliance efforts and monitoring of information practices.

More detailed information about Bill C-12 can be found in the legislative summary of the Library of Parliament, or view the entire Bill.

Colin J. Thurston is an associate in the Orangeville office of Carters Professional Corporation practicing intellectual property, information technology and privacy law, and can be reached by email.