Recently, the Privacy Commissioner of Canada (the "Commissioner") released a series of findings based on individual complaints under the Personal Information Protection and Electronic Documents Act ("PIPEDA"):
- An individual complained that his bank had disclosed his personal information, through its collection agency, to a lawyer and his family members without his consent. The Commissioner considered s.7(3)(b) of PIPEDA, which provides that an organization may disclose personal information without an individual's knowledge or consent only if the disclosure is for the purpose of collecting a debt that the individual owes to the organization. Upon investigation, the Commissioner found that the information provided to the complainant's ex-wife was limited to a reference to the outstanding debt and that there was no evidence that there had been any excessive disclosure of the personal information to any other individual. In light of these findings, the Commissioner held that the agent's actions were consistent with s.7(3)(b) and that the bank did not contravene PIDEDA.
For a copy of the Commissioner's findings, visit: http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030304_4_e.asp - An individual complained that a local cable company was improperly collecting personal information, by means of a video camera installed outside its office, and broadcasting the information on its local television channel and Web site. The Commissioner's investigation revealed that the camera was positioned in such a manner that it was not possible to identify an individual or discern any identifying license plate number.
Section 2 of PIPEDA defines personal information as "…information about an identifiable individual". Since it was not possible to identify any individual from the video broadcasts, the Commissioner found that the information collected was not personal information for the purposes of s.2 of PIPEDA and dismissed the complaint.
To view the Commissioner's decision, visit: http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030306_9_e.asp - The Commissioner investigated a customer's complaint that her bank had: (1) improperly refused to open an account in her child's name unless the child's social insurance number (SIN) was provided; and (2) unnecessarily made photocopies of her identification cards and retained them on file without her consent.
Principle 4.3.3 of PIPEDA states that an organization must not, as a condition for supplying a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill explicitly stated and legitimate purposes. In light of this principle, the Commissioner concluded that the bank had contravened PIPEDA by demanding a SIN be provided in order to open the child's account.
With respect to the identification cards, the Commissioner determined that since the photocopies of the cards contained more information than was required by the bank's identification purposes, the customer's consent to such collection was essential. The Commissioner concluded that by failing to ask for consent and persisting in photocopying and retaining the copies on file despite the customer's objection, the bank also contravened PIPEDA on the second count of the complaint.
For a copy of the Commissioner's decision, visit: http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030306_10_e.asp
E-TIPS® ISSUE
03 04 24
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.
