Language selection


Telephone company demands identification from new subscribers

PIPEDA Case Summary #2002-56

[Principles 4.2, 4.2.3 and 4.3, 4.3.2, 4.3.3 Schedule1; and section 5(3)]


An individual complained that a telecommunications company's collection of personal information from new subscribers was inappropriate, in that the company required a deposit from new customers who refused to supply the information.

Summary of Investigation

When the complainant attempted to obtain a new telephone service from the company in question, an operator asked her to supply two pieces of personal identification. When the complainant expressed reluctance, the operator told her that she would have to provide a deposit if she did not comply.

It is company policy for operators to ask new subscribers for two pieces of identification, to demand a deposit in cases of refusal, and to explain the information collection simply as confirmation of identity. However, in cases where an applicant is a new customer with no previous business relationship with the company, the actual purpose of the collection is to run a credit check on the applicant, in accordance with CRTC regulations, given that the provision of telephone services constitutes an extension of credit on the company's part.

Commissioner's Findings

Issued July 2, 2002

Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act applies to federal works, undertakings, or businesses. The Commissioner had jurisdiction in this case because telecommunications companies are federal works, undertakings, or businesses, as defined in the Act.

Application: Principle 4.2.3 states that purposes should be identified at or before the time of collection. Principle 4.3.2 states that organizations must make a reasonable effort to advise the individual concerned of the purposes for which the information will be used and must do so in such manner that the individual can reasonably understand. Principle 4.3.3 states that organizations must not, as a condition of supplying a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified and legitimate purposes. Section 5(3) states that an organization may collect, use, or disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances.

Regarding Principle 4.3.3 and section 5(3), the Commissioner determined that a reasonable person would consider it appropriate for the company to collect personal information for the purpose of confirming whether a potential customer is credit worthy or, in the case of repeat customers, confirming identity.

He concluded that this aspect of the complaint was not well-founded.

Regarding Principles 4.2.3 and 4.3.2, the Commissioner determined that a reasonable person would conclude that the company did not explicitly state the purpose for its collection of personal information with respect to first-time subscribers.

He concluded that this aspect of the complaint was well-founded.

Further Considerations

As a result of the investigation of a similar complaint, the company in question had agreed to amend its practice in identifying purposes. Specifically, the company was to inform first-time subscribers that the purpose of its information collection is to assess credit-worthiness given that the company supplies credit in the form of long-distance calling service. It had not had time to implement the agreed upon changes when the complainant in this instance filed her complaint.

The Commissioner noted that he had received two reports from the company with respect to its progress in this matter. It had updated its training material and a number of resource documents that deal with credit screening and collections. As well, it had assigned responsibility for monitoring the company's compliance with these changes in practice to a senior management position. The company in question continues to report to the Office of the Privacy Commissioner with regards to its compliance with his recommendations.

Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):


Date modified: