A telecommunications company requires two pieces of identification from a new subscriber
PIPEDA Case Summary #2003-202
[Principles 4.3.3, 4.4 of Schedule 1; subsection 5(3)]
Complaint
An individual complained that a telecommunications company required two pieces of identification when he asked to have his call-answer service at home interrupted, and to have the name on the bill changed.
Summary of Investigation
When the complainant asked to have his ex-wife's account closed and to have another one opened under his name, he was asked by a representative of the telecommunications company to provide two pieces of identification. Given that the complainant was considered to be a new subscriber, the company's standard practice was to inform him that such a request had been made in order to assess his credit standing. The investigation established that the individual had indeed been informed of the reasons for this collection of information. As the individual was unwilling to provide a second piece of identification, the company accepted only one piece, his driver's licence, to make the requested changes.
Commissioner's Findings
Issued August 5, 2003
Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act (the Act) applies to any federal work, undertaking or business. The Commissioner had jurisdiction in this case because the telecommunications company is a federal work, undertaking or business as defined in the Act.
Application: Principle 4.3.3 of Schedule 1 of the Act stipulates that an organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use or disclosure of information beyond that required to fulfil the explicitly specified, and legitimate purposes. Principe 4.4 indicates that the collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. Finally, subsection 5(3) of the Act stipulates that an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.
In similar cases, the Commissioner has already established that a reasonable person would find that the organization collects personal information properly in order to verify the consumer's identity or to confirm a potential client's credit standing. He therefore found that the collection of information was not unreasonable and that the company respected Principle 4.3.3 of Schedule 1 and subsection 5(3) of the Act.
Moreover, the Commissioner indicated that the companies that collect information for the purpose of a credit check or to confirm the person's identity, must limit the collection to information that is necessary for the purposes identified by the organization, as mentioned in Principle 4.4 of Schedule 1 of the Act. The investigation revealed that the company asked for tow pieces of identification, that the complainant only provided driver's licence number and that the company made the requested changes. The Commissioner therefore believed that the company limited its collection to information that was necessary, and, thus, complied with Principle 4.4 of Schedule 1 of the Act.
The Commissioner found that the complaint was not well-founded.
- Date modified: