Standard A13 Explained

Why is it important to have a privacy policy? Protecting the personal information of nonprofit staff, volunteers, and clients fosters a strong reputation for integrity. This has become an essential part of a nonprofit’s accountability to its stakeholders, many of whom are increasingly concerned about how their personal information is stored, used, and transferred.1

What government legislation does my organization need to comply with when creating its privacy policy? In 2004, the federal government initiated the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to all nonprofits and charitable organizations that are conducting commercial activities, defined as “...any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists. " In certain provinces, including Alberta, BC, and Quebec, provincial privacy legislation has been deemed “substantially similar” to PIPEDA, and should be followed instead.2 Organizations in Alberta can use the Protecting Personal Information: A Workbook for Nonprofit Organizations. (Government of Alberta, March 2010) to determine what should be included in their privacy policy. The workbook also contains a sample privacy policy template.

From "Accreditation Preparation Workbook Section A: Board Governance,"  Katharine Zywert, Social Prosperity Wood Buffalo at the University of Waterloo, 2013.

  1. “Protecting Personal Information: A Workbook for Nonprofit Organizations,” Government of Alberta, March 2010.
  2. “Canada’s Federal and Provincial Privacy Laws for Nonprofits,” Blog by Tierney Smith for TechSoup Canada, June 9th, 2011.


Standards Reference Guide



Share this resource