Airline accused of refusing access to personal information about vacation incidents
PIPEDA Case Summary #2001-19
[Principles 4.1 and 4.9, Schedule 1]
Three air travellers complained that an airline company had denied them access to personal information about their experiences during a Mexican vacation.
Summary of Investigation
The complainants had requested access to all personal information the airline and its travel affiliate held regarding certain incidents they had experienced during a vacation in Mexico. A representative responded initially that the company was under no obligation to provide such information. On being advised of its obligations under the Personal Information Protection and Electronic Documents Act by the Office of the Privacy Commissioner, the company took immediate action to appoint an official to be accountable for compliance with the Act, processed the complainants' access request, and sent them the personal information requested. On reviewing this information, the complainants were of the opinion that the company had not included incident reports. The investigator for the Privacy Commissioner examined the company's original files containing the complainants' personal information, but found no evidence of information other than that which the complainants had already received. The company confirmed in writing that it did not have in its possession any additional information about the complainants, including incident reports.
Issued October 31, 2001
Jurisdiction: As of January 1, 2001, PIPEDA applies to federal works, undertakings, or businesses. The Commissioner had jurisdiction in this case because airlines are federal works, undertakings, or businesses, as defined in the Act.
Application: Principle 4.1, Schedule 1, states that an organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with [the principles in] Schedule 1. Principle 4.9 states that upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information.
Regarding Principle 4.1, the Commissioner determined that the airline company had not designated an individual until his Office intervened. He found therefore that the company had initially failed to comply with this principle. However, he also noted that the company had subsequently designated a senior official responsible for ensuring compliance with the Act. The Commissioner considered this issue resolved.
Regarding Principle 4.9, the Commissioner likewise determined that the company had provided the complainants with their personal information only after intervention by his Office. He found therefore that the company had not initially been in compliance with this principle. He noted, however, that the complainants were satisfied that they had received all of their personal information in the company's possession; they were also satisfied with the outcome of the investigation.
The Commissioner concluded that the complaint was well-founded and resolved.
Report a problem or mistake on this page
- Date modified: