Blackbaud Canadian Privacy Document
Blackbaud Canada works with more than 1,000 Canadian nonprofits and is acutely aware with the market’s specific need for data privacy. Our desire to meet your requests and provide world class data security led us to establish a technology environment that meets the highest international standards.
Blackbaud’s data privacy standards comply with all applicable requirements set forth in Canadian privacy laws. In addition, we have applied for and obtained a Safe Harbour Certificate to proactively meet the data privacy standards provided by the European Union.
For more information on the Safe Harbour Certificate:
Blackbaud has a formal security policy focused around adherence to industry standards such as PCI-DSS Compliance and Certified SCO2 SSAE16 Type II data centres. These regulations govern many of Blackbaud’s over-arching security guidelines and dictate how we protect our environment and data.
When considering data privacy as it applies to Canada, Canadian Federal Law does not prohibit Canadian organizations from transferring Personal Information to the United States. The Personal Information Protection and Electronic Document Act (“PIPEDA”), Canada’s federal private sector privacy law, permits organizations that are otherwise compliant with the law’s requirements to transfer personal information across the border if it makes business sense to do so. Although British Columbia and Nova Scotia have enacted legislation that limits the transfer of “personal information” for public sector entities (“FOIPA”), every other province’s laws permit the transfer of personal information across the border.
See also: Guidelines for Processing Data Across Borders -These guidelines confirm our understanding that commercial transfers of data outside Canada are permitted under the Canadian privacy law (PIPEDA).
In our experience, potential disclosure requests pursuant to the US Patriot Act are a non-issue. It’s important to note that Canada has Mutual Lateral Assistance Treaties (“MLATs”) with many countries - including the United States. Historically, these MLATs are the basis for any cross-border disclosure requests; hence the United States Patriot Act, despite its notoriety, does not provide any additional powers that were not already in place.
Although it is not a legal obligation, many Canadian organizations elect to place a privacy disclosure within their website. This helps maintain a positive and transparent relationship with your constituency.
As a global company, Blackbaud has invested in a redundant, technology infrastructure (such as servers, network, storage, etc) that includes co-location facilities throughout North America. This delivers a stable backbone to manage Blackbaud solutions and ensures we can support your performance-based requirements. For Canadian customers, the Vancouver, BC data centre is the primary data facility for The Raiser’s Edge®, The Financial Edge™, and Blackbaud Net Community™. Blackbaud also leverages servers in Irvine, CA and Waltham, MA for all United States-based customers and all North American customers of the following solutions: Blackbaud Sphere®, Blackbaud eTapestry®, and Blackbaud Merchant Services™. Additionally, Irvine and Waltham also hold all data back-ups for all Blackbaud’s hosted solutions.

For information on the Blackbaud Privacy Sheild Certification Notices:

Click here for the pdf version of the document:
The information provided above does not constitute legal advice, and should not be construed as legal