Telecommunications company accused of refusing service unless SIN was provided

PIPEDA Case Summary #2003-204

[Principles 4.3.3 and 4.4; section 5(3)]

Complaint

An individual alleged that a telecommunications company refused to provide her with telephone service because she would not provide her social insurance number (SIN).

Summary of Investigation

When the complainant called the company to obtain service, she was asked to provide two pieces of identification out of the following: a driver's licence, a social insurance number, or a health care card number. When she declined, the company asked for a security deposit, which she refused to provide. The complainant objected to these requirements, arguing that it was unfair to individuals such as herself, who did not have a driver's licence and did not want to provide the company with their SINs or health care numbers, and did not have money to spare for a deposit.

The company stated that it requires identification for the purposes of conducting a credit check, in the case of a new subscriber, and confirming identity, in that of an established customer. As the company extends credit to customers for its telephone services and maintains a credit record on them, it needs to be able to assess the creditworthiness of a new subscriber. Its practice is to ask for two of four possible pieces of identification (date of birth, SIN, driver's licence, or health care card). If the request for service comes from someone with an established credit record with the company, the information is used to confirm that individual's identity. A security deposit is requested when the individual cannot or will not provide the requested identification.

According to established procedures, the company initially explained to the complainant that the information was for a credit check. The complainant offered to provide the company with the information needed to open a bank account or to make arrangements for the check to be done, but was refused. As she had been a customer from 1971 to 2000, she then proposed providing receipts showing her good payment history. The company declined, stating the information was needed to confirm her identity. According to the complainant, she was also informed that her SIN was required. The company, however, denied that she was told this.

In light of the complainant's reluctance to provide identification, the company decided to treat her as an existing customer, waiving its requirements for two pieces of identification, and asking for one piece instead. The complainant, however, declined and obtained telephone service from another provider.

Commissioner's Findings

Issued August 5, 2003

Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act (the Act) applies to any federal work, undertaking, or business. The Commissioner had jurisdiction in this case because a telecommunications company is a federal work, undertaking or business as defined in the Act.

Application: Principle 4.3.3 states that an organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified, and legitimate purposes. Principle 4.4 establishes that the collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Section 5(3) establishes that an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances.

In previous similar cases involving the same company, the Commissioner determined that a reasonable person would conclude that it is appropriate for the organization to collect personal information to confirm the identity or the creditworthiness of a potential customer. He therefore found, in this case, that the collection was not unreasonable and that the company satisfied Principle 4.3.3 of Schedule 1, and section 5(3) of the Act.

The Commissioner also noted that companies that collect information to conduct a credit check or confirm identity must limit the information to that which is needed to fulfil such purposes. Given that the company had provided the complainant with a choice of identification that she could provide, the security deposit option, as well as the offer to waive its requirements and accept only one piece of identification, the Commissioner was satisfied that the company had limited itself to the information necessary to fulfil its purposes, as stipulated in Principle 4.4.

The Commissioner therefore concluded that the complaint was not well-founded.

Further Considerations

Notwithstanding his finding, the Commissioner appreciated the complainant's concerns about providing her SIN. He noted that organizations that are subject to the Act often ask for the SIN for identification purposes and there is no legislation to prohibit them from doing so. However, the federal government's position is that the SIN should only be used for legislated purposes. In keeping with this, the Commissioner reiterated his view that Canadians should refrain from providing their SINs as identification. To do otherwise, as he noted, would be to risk making the SIN a de facto national identifier, instead of simply an individual's account number for social benefit purposes.

Date modified: