The Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5 (“PIPEDA”), is a privacy legislation enacted by the federal government for purposes of protecting personal information collected, used or disclosed in certain circumstances. It also governs the use of electronic means to communicate or record information or transactions.
PIPEDA applies to all private organizations regarding personal information that the organization collects, uses or discloses in the source of commercial activities. There is uncertainty about whether a condominium corporation would be found to engage in commercial activities. A “commercial activity” means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character.
The main obligation under PIPEDA is not to disclose any personal information collected except for proper purposes of the organization and without the appropriate informed consent of the person whose information it is.
Personal information is information about an “identifiable individual”. There are two broad categories of personal information covered by PIPEDA:
a. Information collected, used or disclosed by any organization in the course of commercial activities; and
b. Employee information collected, used or disclosed in connection with the operation of a federal work, undertaking or business.
PIPEDA could conceivably apply to any information about an individual that a condominium might collect, subject to some exceptions:
For the most part, information collected such as names, addresses, and telephone numbers, would not require the consent of unit owners for general use as long as it is related to the operation of the condominium. General use would include notices of owners meetings, notices of liens, and information in a Status Certificate. In contrast, information such as unlisted telephone numbers, or banking information would require consent to be used.
To release personal information to another organization, the condominium must obtain consent of the owner except in a few circumstances, when the information is:
How a condominium stores this information is just as important as how it uses it. There is no single proper procedure for safeguarding Personal Information, but the following should be considered:
This list is by no means exhaustive, but should be used as a starting point for complying with privacy laws.
It is clear from section 55 of the Condominium Act, 1998, (the “Act”) that owners cannot:
This means that corporations will have to be cautious when allowing individual unit owners to access records if there is a chance they may obtain Personal Information relating to other owners.
It is imperative that Personal Information of an owner is kept in their own unit file. There should also be a separate file for each litigation or insurance claim. Documents should be looked over before they are shown to an owner to make sure they don’t contain personal information of other owners.
A proper procedure would be to have the individual asking for records fill out a standard form including a statement as to why they are requesting the information. The form should also make it clear that the owner agrees that the information:
PIPEDA requires that a corporation:
I. the kind and limits of information collected;
II. how and for what purposes such information is used; and
It is highly unlikely PIPEDA will be found to apply to residential condominium corporations. Residential Condominiums that do not sell information, goods or services for profit, are not involved in commercial activities. PIPEDA was enacted in 2000, and there is yet to be a court case involving a residential condominium corporation.
Although it appears that PIPEDA would not apply to a residential Condominium corporation, it is clear that it does apply to Condominium Management companies that collect, use and disclose personal information about residents during their ‘commercial activities’. Condominium Management companies would be considered to be performing commercial activities when they are handling the financial affairs, or performing other jobs for the corporation.
PIPEDA case #2006-342 makes it clear that the legislation applies to a landlord, as they are engaged in a commercial activity. Even though the landlord was subject to PIPEDA in this case, the privacy commissioner found that the ‘summary of lease or renewal form’ which discloses personal information of the tenant still had to be filled out by the landlord because it is required by law.
PIPEDA case #2006-343 followed the same logic and stated that a landlord could provide personal information about a tenant to an insurance company, as the insurance company’s purpose for obtaining this information was reasonable.
Although it does not appear that PIPEDA applies to residential condominium corporations it would be wise, for cautions sake, to enforce privacy policies in line with PIPEDA’s principles. This would diminish any risk of contravening the relevant sections of the Condominium Act, and would ensure compliance with PIPEDA in the event this legislation was ever found to apply to your condominium corporation.
Before proceeding, please note:
If you are not a current client of Cheadles LLP, please do not include any information in this email that you or someone else considers to be confidential or secret in nature. Prior to the establishment of a lawyer-client relationship, unsolicited emails from non-clients containing confidential or secret information cannot be protected from disclosure.