Telecommunications company accused of inappropriately using customer information

PIPEDA Case Summary #2002-38

[Principle 4.3, Schedule 1; section 7(2)(c.1) of the Act; and paragraph 1(a) of the Regulations Specifying Publicly Available Information]

Complaint

A customer complained that his telecommunications company had used for secondary purposes, without his knowledge and consent, personal information that it had collected from him for purposes of his wireline telephone service.

Summary of Investigation

The company in question has a division that develops software application services. The complainant, a wireline customer of the parent company, alleged that the division in question routinely utilized, for its own specific business purposes, personal information obtained directly from the parent company's customer database. The division does in fact utilize some information deriving from the parent company's database - specifically, customers' names, addresses, and telephone numbers. However, the division does not obtain the information from that source, but rather from the company's white-pages directory. The same directory is available to anyone, including the complainant.

The investigation found no evidence that the company had disclosed personal information of any kind to its division by any other means. Under CRTC regulations, telecommunications companies are required to provide white-pages directories. Under the regulations to the Personal Information Protection and Electronic Documents Act (the Act), the information published in such directories is deemed to be publicly available.

Telecommunications companies are also required to remove any customer's personal information from list services upon request. In this case, the complainant made such a request, and the company has complied. The complainant will be "de-listed" from the next edition of the company's white-pages directory.

Commissioner's Findings

Issued January 22, 2002

Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act applies to federal works, undertakings, or businesses. The Commissioner had jurisdiction in this case because telecommunications companies are federal works, undertakings, or businesses, as defined in the Act.

Application: Principle 4.3 of Schedule 1 states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information. Section 7(2)(c.1) of the Act cites publicly available information specified in the regulations as being an exception to Principle 4.3. For purposes of this section, paragraph 1(a) of the Regulations Specifying Publicly Available Information specifies information appearing in a telephone directory, provided that the subscriber can refuse to have the personal information appear in the directory.

The Commissioner determined that, upon initiation of telephone service with the company, the complainant had consented to have his personal information published in its directory. He further determined that the information at issue was duly specified to be publicly available information. He found that the company was not in violation of the Act.

He concluded therefore that the complaint was not well-founded.