Individual objects to request for information as condition of supply of service

PIPEDA Case Summary #2002-94

[Principles 4.3.3 and 4.4, Schedule 1, section 5(3)]

Complaint

An individual complained that a telecommunications company had unreasonably attempted to collect from him, as a condition of the supply of service, personal information beyond what was necessary to fulfil legitimate purposes. Specifically, the complainant objected to the company's request for certain information to confirm his identity and facilitate a credit check, and to the company's requirement that he pay a fee to have an unlisted telephone number.

Summary of Investigation

The individual called the company to apply for telephone service at his new residence. He consented to a credit check, which is required of all new customers. When asked to provide the file numbers from any two pieces of several acceptable identification cards, he refused. He explained that he was concerned about unlawful access to his personal information, especially since he would be providing it over the telephone, which he believed to be an insecure medium. The company representative replied that, unless he agreed to provide the requested information, she would be unable to process his application for service.

The complainant was subsequently advised by a second company representative that his application for service had been refused, pending receipt of either the two pieces of identification requested or a security deposit, which he was unwilling to pay. He also objected to paying a monthly fee for an unlisted telephone number which, the Commissioner established, is approved under the Canadian Radio-television and Telecommunications Commission Telecom Order 98-109.

The individual claims that he spoke with four company representatives over three days during which he proposed several alternative methods of identifying himself - all of which were declined by the company as being insufficient for purposes of running a credit check.

The company's position is that the collection in question was proper and necessary for the purpose of confirming the individual's credit-worthiness and that a reasonable person would have considered it appropriate in the circumstances.

To assess the reasonableness of the collection, the Commissioner's Office made inquiries to two national credit-reporting agencies. Both organizations indicated that, given the current incidence of fraud and the technological potential for reproduction or alteration of identification documents, they regularly require two pieces of clear and unaltered identification before running a credit check.

Commissioner's Findings

Issued December 2, 2002

Jurisdiction: As of January 1, 2001 the Personal Information Protection and Electronic Documents Act applies to any federal work, undertaking, or business. The Commissioner has jurisdiction in this case because any telecommunications company is a federal work, undertaking, or business as defined in the Act.

Application: Principle 4.3.3 states that an organization must not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil explicitly specified and legitimate purposes. Principle 4.4 states that the collection of personal information must be limited to that which is necessary for the purposes identified by the organization. Section 5(3) states that an organization may collect, use, or disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances.

The Commissioner determined, firstly, that it is the company's usual policy to require, as a condition of initiating service for a new customer, the provision of either the personal information in question or a security deposit.

The Commissioner stated that there is no dispute that the company did tell the individual that the two pieces of personal information requested were required for purposes of clarification and facilitating a credit check, given that he was a new customer. He was satisfied therefore that the company did explicitly specify to the individual the purposes for the collection. He is also of the view that, since initiating telephone service would have meant extending credit to the individual as a new customer, the company's intention to run a credit check was a legitimate purpose in the circumstances.

The Commissioner noted that, although the collection was an acknowledged condition of the supply of service, it was not an absolute condition, in that the company as a matter of policy allowed an alternative in the form of a security deposit - an alternative the Commissioner did not deem to be unreasonable. All things considered, he found that the company was in compliance with Principle 4.3.3.

He also determined that, since credit reporting agencies themselves normally require two pieces of clear and unaltered identification before running a credit check, the company's own requirement for two pieces of identification from among four possible options was neither excessive nor improper. He found therefore that the company was in compliance with Principle 4.4.

The Commissioner was satisfied that a reasonable person would have considered it entirely appropriate in the circumstances for the company to request the personal information in question from the individual for the purpose of facilitating a credit check. He found therefore that the company was in compliance with section 5(3).

Finally, having confirmed that the company has the authority to charge its customers a monthly fee for non-published telephone service, the Commissioner did not find this practice to be unreasonable or otherwise in contravention of the Act.

The Commissioner concluded that the complaint was not well-founded.