<$BlogRSDUrl$>
 

This page is powered by Blogger. Isn't yours?

 Feedblitz email:
 RSS: http://linkingintegrity.blogspot.com/atom.xml

 

linking INTEGRITY

Integrity - use of values or principles to guide action in the situation at hand.

Below are links and discussion related to the values of freedom, hope, trust, privacy, responsibility, safety, and well-being, within business and government situations arising in the areas of security, privacy, technology, corporate governance, sustainability, and CSR.

Inadvertant privacy breaches, 22.7.04

Privacy Commissioner of Canada - PIPED Act Case Summary #270
Bank agrees to modify automated message
[Section 2; Principle 4.3, paragraph 7(3)(b)]
Complaint
An individual alleged that her bank improperly disclosed her personal information when it left an automated message on her answering machine stating that she was behind on making a payment on her credit card. She stated that she had not given her consent for the bank to leave a message that anyone in her family or a visitor could hear, and objected to this disclosure of her financial status in an unsecured and non-private forum.

[...]

Findings

Application: Section 2 defines personal information as "information about an identifiable individual"; and Principle 4.3 states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. An exception to this requirement is provided under paragraph 7(3)(b), which states that an organization may disclose personal information without the knowledge and consent of the individual only if the disclosure is for the purpose of collecting a debt owed by the individual to the organization.

The Assistant Privacy Commissioner rejected the bank's contention that the information at issue was not personal information, as defined under section 2. She noted that although the message did not name the complainant, it was sent to her telephone number, which she had provided to the bank. The Assistant Commissioner noted that an individual does not have to be named for something to constitute his or her personal information; rather, as the Act says, he or she has to be simply "identifiable." In the same way that removing the name of a person from a description of an event does not render the person unidentifiable if other people know the circumstances of the event, the fact that the complainant was the only credit card holder (of this bank) in the household made her identifiable as the individual for whom the message was intended. Thus, the Assistant Commissioner concluded that the information at issue was the complainant's personal information.

In considering the exception to consent cited by the bank, the Assistant Commissioner deliberated as follows:

  • The bank used the complainant's personal information to collect a debt, but it did not intend to disclose this information to her husband.
  • The disclosure, therefore, was inadvertent, and not done for the purpose contemplated in paragraph 7(3)(b). Consequently, the Assistant Commissioner determined that the exception provided under paragraph 7(3)(b) did not apply.
  • The Assistant Commissioner noted that the statement contained in the message to the effect that the cardholder is slightly behind in making a payment does reveal sensitive financial information.
  • While the Assistant Commissioner found it reasonable to alert customers to a problem, she was of the view that this could be done in a more privacy-conscious manner.
  • The bank acknowledged this, and agreed to review the wording of its message with a view to mitigating the privacy implications, while still alerting customers to a potential issue with their accounts.
  • The Assistant Commissioner was pleased with the bank's undertaking, and its active pursuit of options. The complainant indicated that she was also satisfied with this result.

  • Comments

    Post a Comment
    
    

     

    Google

    Integrity Incorporated

    Site Feed

     Feedblitz email:


     RSS: http://linkingintegrity.blogspot.com/atom.xml

    
    

    "We shall need compromises in the days ahead, to be sure. But these will be, or should be, compromises of issues, not principles. We can compromise our political positions, but not ourselves. We can resolve the clash of interests without conceding our ideals. And even the necessity for the right kind of compromise does not eliminate the need for those idealists and reformers who keep our compromises moving ahead, who prevent all political situations from meeting the description supplied by Shaw: "smirched with compromise, rotted with opportunism, mildewed by expedience, stretched out of shape with wirepulling and putrefied with permeation.
    Compromise need not mean cowardice. .."

    John Fitzgerald Kennedy, "Profiles in Courage"

    Archives

    07.03   08.03   09.03   10.03   11.03   12.03   01.04   02.04   03.04   04.04   05.04   06.04   07.04   08.04   09.04   10.04   11.04   12.04   01.05   02.05   03.05   04.05   05.05   06.05   07.05   08.05   09.05   10.05   11.05   12.05   01.06   02.06   03.06   04.06   05.06   06.06   08.06   09.06   10.06   11.06   01.07   02.07   03.07   04.07   07.07   08.07   09.07   10.07   05.08   06.08