Individual alleged that bank request for SIN was unnecessary
PIPEDA Case Summary #2003-209
[Principle 4.4]
Complaint
An individual alleged that a bank had unnecessarily asked him to provide his Social Insurance Number (SIN) when he opened a savings account at one of its branches.
Summary of Investigation
An account holder at a bank opened a new personal savings account at a different branch of the bank and was asked twice for his SIN. When he refused to provide it, he was told that the bank could refuse to open the account without this information. The bank representative then printed out a form which stated that the SIN was required to open such an account. When the individual continued to refuse to provide his SIN, the bank allowed him to use his driver's licence as identification to open the account.
The complainant questioned both the necessity of providing his SIN to open an account and the bank's use of the CCRA as a rationale for the request.
In his assumption that the use of SINs should be limited, the complainant is correct. In fact, it is the federal government's position that the SIN should only be used for legislated purposes. However, while the SIN was originally created in 1964 to serve as a client account number in the administration of the Canada Pension Plan and Canada's various employment insurance programs, in the ensuing years, its legislated uses have expanded. Notably, under section 237 of the Income Tax Act, banks are required to ask for the SIN when opening any interest-bearing account. To explain this requirement, the CCRA issued an Information Circular stating that information slip preparers must make a reasonable effort to obtain the SIN of the clients for whom they are preparing information slips.
The bank confirmed that, in the course of opening an interest-bearing personal account, the complainant was asked to provide his SIN and was shown the CCRA document explaining the Income Tax Act requirement. The bank also stated that, as part of its welcome kit, the individual would have been given a copy of its privacy code stating that the SIN is required for products which earn investment income, to comply with Income Tax Act requirements. According to the bank, the complainant would also have signed a Financial Services Agreement stating that his SIN was required by law.
Commissioner's Findings
Issued August 5, 2003
Jurisdiction: As of January 1, 2001, the Personal Information Protection and Electronic Documents Act (the Act) applies to any federal work, undertaking, or business. The Commissioner had jurisdiction in this case because the bank is a federal work, undertaking or business as defined in the Act.
Application: Principle 4.4 states that the collection of personal information shall be limited to that which is necessary for the purposes identified by the organization, and that information shall be collected by fair and lawful means.
The Commissioner was satisfied that, under the Income Tax Act, banks are required to collect the SIN of individuals who open a personal, interest-bearing account, in order to supply CCRA with reports of income on deposits. He determined that the bank had adequately informed the complainant of its purpose in attempting to collect his SIN, and that its actions were in compliance with Principle 4.4.
The Commissioner therefore concluded that the complaint was not well-founded.
- Date modified: