Fasten Your Privacy Policy Seatbelt - Cookies, CASL & Collection

Fasten Your Privacy Policy Seatbelt - Cookies, CASL & Collection

Law For Non-Profits is a simple and low-barrier digital platform. It’s designed to help non-profit leaders understand their legal obligations. This tool was created for non-profits working in BC, however, many of the concepts are general in nature and may apply in many provinces in Canada that have similar laws. Read more about using these resources from other regions of Canada here.

2024 marks the 20th anniversary of BC’s Personal Information Protection Act coming into effect. Now that we’ve got 20 years of privacy legislation under our respective belts, we’re all experienced hands at it by now. We’ve learned all the ins and outs and follow all best practices and have no questions related to our privacy obligations.

Wouldn’t it be great if that were true? If only creating a privacy policy was as easy as fastening a seatbelt. Actually, it’s been 47 years since seatbelts became mandatory in BC and we’re not always perfect at that either.

Though it might sound intimidating, a privacy policy is simply a document that describes how your non-profit collects, uses, retains (keeps) and discloses (shares) personal information from people. Not only is it essential for an organization to have a privacy policy, It is important that an organization’s privacy policy be transparent. It should include these key elements:

What Information Are You Collecting?
Personal information is information unique to an individual - name, address, phone number, SIN number, IP address and more. The specific information your organization collects and retains will depend on what is required to adequately serve your community. Collect only what you need. Don’t keep what you don’t need.

How Will You Collect Information?
Collection means gathering personal details from different sources in a variety of ways. Methods of collection include phone, mail, email, social media, online (analytics), and in-person.

How Will You Use The Information You Have Collected?
At a minimum, most organizations collect and keep personal information in order to communicate with people about their activities and programs. Many non-profits (and even many businesses) will include a clause in their privacy policy ensuring that they will not sell or trade the information they collect. Organizations that do intend to sell information must disclose that intention. You can only use information for your stated purposes. Likewise, when communicating with people (using the information you have collected according to your privacy policy) bear in mind Canada’s anti-spam legislation. 

Do I need a cookie policy pop up on my website?
You’ve likely noticed website popups for consent to cookies. If you’re unfamiliar, a cookie is a small text file that is downloaded on your browser to track your website preferences. These are used to collect website preferences, track user behaviour on the site, and to deliver targeted advertisements among other things.  Your privacy policy should address how cookies are used on your website.  You may choose to take a more transparent approach in your policy, and create a cookie policy pop-up.

How long has it been since you reviewed your privacy policy? If it’s time for a check up we recommend starting with our Privacy Legal Help Guide. Answer a series of questions about your non-profit and you’ll receive an instant To Do list of any areas that should be addressed. We even have some sample privacy policies.