You Might be Interested In

On Data Privacy 2010 we’d like to take a moment to remind everyone that is the responsibility of both individuals and companies to make sure that personal information is safe.

If you own a company, or work for a big one: in the past, you may have had to ensure that your customers’ name and address information (and in some cases credit card and billing information) were safe. Now, many of you are providing technology and tools for your customers to put increasing amounts of personal information online. Does your company have the systems in place to safeguard this information? Do you give your customers the tools and options to control how their information is used?

If you are a user of new and cool technology: in the past a telephone was a telephone, a video game was a video game, a stuffed toy was simply that – a stuffed toy. Today, more and more toys and handheld tools come with the ability to go online. Do you understand how to enjoy your toys and gadgets without putting your personal information at risk?

If you are a parent or guardian, teacher, coach or caregiver: do the young people in your life understand how to use all these new toys and gadgets while keeping their personal information safe? Our office has recently made youth privacy a key priority. Today, we have posted some new resources to the Parents & Teachers section of our youth web site. The resources include information on 12 privacy issues (such as the importance of privacy settings and knowing who your friends are on social networking sites), along with ideas for generating discussion about each issue with young people. You can use these resources to start discussion about personal privacy and the importance of thinking about what you post on the Internet.

Regardless of which group you are in – if you need any information about how to keep personal information secure, visit our web sites – priv.gc.ca and youthprivacy.ca.

Is there anything more annoying that 100 people ahead of you in line when you are trying to purchase that perfect holiday gift? Well what about while you are in the midst of your harried purchase, being asked to pull out your driver’s licence so the retailer can record the number? Not only can this be annoying, but it might also be a violation of your personal privacy.

The Office of the Privacy Commissioner and the Information and Privacy Commissioners of Alberta and British Columbia recently announced the release of a guide for retailers who make it a practice to collect driver’s licence information and numbers. This guide is meant to help these retailers better protect the privacy of their customers.

In general, privacy legislation (such as the federal Personal Information Protection and Electronic Documents Act, PIPEDA, and Alberta’s and British Columbia’s respective Personal Information Protection Acts) requires an organization to collect, use or disclose personal information for appropriate and reasonable purposes, to limit collection to what is necessary to meet their purposes, and to make sure this information is properly safeguarded.

In practice, retailers often record or photocopy a driver’s licence for a number of purposes, such as to verify an individual’s identity. However, this may be accomplished in a less privacy intrusive manner, such as examining the driver’s licence to confirm information, or in some cases limiting collection to the name and address that appears on the card.

The guide indicates that a driver’s licence contains sensitive information. Recording, scanning or photocopying the card may result in the collection of information such as a photograph, height, physical descriptions and other information – far more detail than what the retailer needs to conduct their business.

There may be some cases where it is ok to record some of this information, for example the collection of limited personal information during a refund or exchange (PIPEDA Case Summary #361). However it may not be reasonable to record driver’s licence numbers for the return of products (Settled Case # 16).

You can always ask for an explanation as to why your driver’s licence information is being collected, especially if it is being photocopied. If you still have concerns whether this collection is appropriate, you can visit the OPC website, refer to this guide or contact the appropriate Privacy Commissioner’s Office for further information.