Last week, the Office of the Privacy Commissioner in Canada (OPC) issued important guidance under Canada’s national privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).  The guidance highlights various scenarios in which PIPEDA applies based on judicial opinions and previous OPC interpretations.  In general, PIPEDA applies to the personal information that an organization collects, uses or discloses in the course of “commercial activities.”  The term “commercial activities” is defined broadly in PIPEDA to mean “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.”

The guidance outlines scenarios in which PIPEDA applies or does not apply based on the conduct of commercial activities, including:

  • An intermediary who relays financial information into and out of Canada for international transactions involving Canadian banks is engaged in a commercial activity.
  • A non-profit daycare organization partially subsidized by a municipal government is engaged in a commercial activity. 
  • A landlord who collects, uses or discloses tenants’ personal information to administer a lease or for insurance purposes is an organization engaged in a commercial activity.
  • An educational institution is not engaged in a commercial activity if the institution’s core activity is the provision of educational services and the institution does not have as one of its objectives the goal of earning a profit for the owners of the institution.

Organizations with Canadian business operations or seeking to do business in Canada should be aware of PIPEDA’s broad-based applicability and requirements, which include customer consent provisions, limitations on information use, disclosure, and retention, and obligations to safeguard personal information.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.