Who is exempt from PIPEDA: collecting PII
PIPEDA applies to organizations that collect PII, so if you do not collect PII, then you may be exempt. Most modern websites collect PII, which is defined as any factual or subjective information, recorded or not, about an identifiable person. Examples of PII include:
- Phone number; and
- Physical address.
Websites usually collect PII through tools such as contact forms, newsletter sign up forms, account set up forms, and analytics. Though it is unlikely, if you website does not collect PII, then you may be exempt from the requirements of PIPEDA.
Participating in non-commercial activities
The next answer to the question of who is exempt from PIPEDA is organizations that are not engaging in commercial activities. PIPEDA defines “commercial activity” as any particular transaction, act or conduct or regular course of conduct that is of a commercial character. This means that your organization may be exempt from PIPEDA if it is a not-for-profit, charity group, political party or association. These entities should note that if they participate in activities such as selling, bartering or leasing of donor or other lists, they may lose the protected status and still have to comply with PIPEDA.
Who is exempt from PIPEDA – other examples
The purpose of PIPEDA is to protect the PII of Canadians collected by companies that may exploit that PII for aggressive marketing or profit so it makes sense that certain activities are exempt from the reach of the law. The following is a list of instances of who is exempt from PIPEDA:
- PII held by federal government organizations listed under the Privacy Act;
- Provincial or territorial governments and their agents;
- Business contact information (e.g. an employee’s name, email, title, business address and phone number) that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession;
- An individual’s collection, use or disclosure of PII strictly for personal purposes; and
- An organization’s collection, use or disclosure of PII solely for journalistic, artistic or literary purposes.
Donata is the Co-founder and President of Termageddon, an auto-updating generator of website and application policies. She is a licensed attorney and Certified Information Privacy Professional. She also serves as the Vice-Chair of the American Bar Association’s ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals. In her free time, Donata enjoys beekeeping, hunting for morel mushrooms, and walks with her husband and two dogs.