Quality Mark
Last Reviewed: May 2023
Reviewed by: LFNP Contributors
Time to Read: 15 minutes

This Fact Sheet provides information about the legal rules non-profits must follow for collecting personal information.

Privacy law requires a non-profit to follow certain rules about the collection of personal information. Personal information is that which is unique to an individual. Some examples include: name, address, email address, birthdate, Social Insurance Number(SIN), gender, medical information, educational history, employment status, IP address, family status, and income. 

Prior to collecting any personal information, a non-profit must identify the purpose for its collection and get consent. 


  • Purpose: Non-profits should only collect personal information for valid reasons i.e., to help fulfill its mission. Non-profits must provide the reason(s) for collecting personal information and how it might be used. Non-profits may only use personal information for those reasons and for nothing else. These reasons might include: communicating with members, sending newsletters and invitations, service phone calls and emails, audit purposes, soliciting donations, and issuing tax receipts.
  • Consent: Non-profits should have the consent prior to collecting personal information. Consent means permission or voluntary agreement to the collection of their personal information. This usually happens in one of two ways.
    • Implicit consent means that the individual has consented based on their purchase of a ticket.  In order to buy the ticket they have to pay for it and provide a credit card number. Purchasing the ticket is their implicit consent to the collection of their credit card number which is personal information. 

    • Explicit consent is where a consent form is provided to the person. For example, consent forms are routinely used for the sharing of personal information between medical practitioners.