The Privacy Act monster

Drawing the line on who needs what type of personal information is pertinent in today's world.
Drawing the line on who needs what type of personal information is pertinent in today’s world.

By Dorothy Dobbie

When it started out in 1983, the Privacy Act was a simple move to protect Canadians from having their personal information used against them by government departments. Soon, however, exemptions and exceptions stimulated by lobby groups, started flowing into the way the Act was interpreted and managed.

Slowly our once very private social insurance numbers could be demanded of us by everyone from banks to brokers to racetracks if there was a financial gain to be made by the SIN holder. Some of this was enacted under the screen of the Privacy Act. Some of it came under the Federal Bank Act. It is, however, still the law and while you can withhold your SIN from a bank where no interest is to be gained, good luck opening the account. The same is true of getting a new credit card. While landlords cannot force you to give them your SIN, they can simply refuse you accommodation unless you comply and there is no law against this. You can, however, simply refuse to give your information (including your driver’s licence or health card) to a retailer, unless it’s stated policy somewhere easily available to you and for reasons of verifying your credit or you are trying to return something, or . . .

Supposedly, anyone who collects this information is strictly governed by the Personal Information Protection and Electronic Documents Act (PIPEDA).

Wikipedia tells us that, “PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.”

Since then the Act has turned into a monster used to beat small business and frustrate consumers. It has placed a huge burden of paperwork on business. (To be “compliant”, there is a list of some 250 to 275 items on a check list that you need to follow as a business. Warned by legal teams of dire consequences to those who do not comply, large business has created a nightmare for consumers and a huge burden of internal costs in trying to protect themselves.)

First, the exemptions started flowing in. Wikipedia summarizes this in the following way. “However, there are a number of exceptions to the Code where information can be collected, used and disclosed without the consent of the individual. Examples include reasons of national security, international affairs, and emergencies. Under the act, personal information can also be disclosed without knowledge or consent to investigations related to law enforcement, whether federal, provincial or foreign. There are also exceptions to the general rule that an individual shall be given access to his or her personal information. Exceptions may include information that would likely reveal personal information about a third party, information that cannot be disclosed for certain legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client privilege.”

As is always the case when heavy handed rules are applied, some people will immediately use the rules to find exceptions or loopholes where they can gain advantage. These exceptions are loaded with invasions to our privacy that were never contemplated before the Act was passed.

This poses a big problem for consumers. The way the Act is interpreted by many big businesses and government departments to cover their own, ahem, assets can be obtrusive and obstructive.

For example, have you ever tried to get information about your telephone account if the number is listed under your spouse’s name? Or how about accessing the service provided by your Internet provider or his supplier in India? They know the name of my mother’s father, even if my kids don’t remember it.

Have you tried to deal with a credit card problem used by the family but issued in the name of one or the other spouse? You can get all the information about your balance and you next due date by pushing buttons with information found on your statement, but not a word from the telemarketer at the other end of the line unless you provide a whole lot of very personal information to prove who you are.

Have you tried to open a bank account for a child in your household and been told that the child required a Social Insurance Number to do this? If the kid is 12, it’s unlikely that she will have one, but this is what happened to one victim of the Act who had the courage to file a complaint to the Privacy commissioner. Her complaint was found to be justified, but this shows the kind of lunacy that has come out of the originally well-intentioned Act.

How would you like to be the mother of an 18-year-old who tries to obtain health and treatment information about a dependent child from their doctor only to be told that the child is now a legal adult and that Mom no longer has a right to the information under the Privacy Act? Consider that the child id bi-polar or addicted to a substance and that Mom is trying to help and you can see that frustration can actually morph into dangerous.

I am sure you can give me a hundred other issues where the Privacy Act or PIPEDA (and FIPPA in Manitoba, the provincial Act that deal with similar issues) have created misery and exposed your personal information to places where you’d prefer it not to be exposed.

Why should my broker need to know my Social Insurance Number? Worse, why would the Canadian What Board need to know my SIN? Those are rhetorical questions, of course. All the authorized users (listed here as a side bar) have one thing in common: your income and how the tax man can keep an avaricious finger in your financial pie.

Who can ask for my
SIN number?

Your Social Insurance Number (SIN) is a confidential number that is restricted to income reporting purposes. There are a select and limited number of federal government departments and programs specifically authorized to collect the SIN.

The authority to collect and use the SIN is tied to a specific legislated purpose, not necessarily to a particular body. For example, an employer can collect an employee’s SIN to provide them with Records of Employment and T-4 slips for income tax purposes, as can provincial or municipal agencies to report financial assistance payments for income tax purposes.

Institutions from which you earn interest or income, such as banks, credit unions and trust companies, must also ask for your SIN.

You are not required to provide your SIN number to any other private-sector organization or person such as a landlord. There is no law preventing private-sector organizations from asking for the SIN for other purposes, such as identification, but they do need to make people aware that collection of a SIN is optional and not a condition of service.

The OFC office recommends that no private-sector organization request the SIN from a customer, and that no customer give the SIN to a private-sector organization, unless the organization is required by law to request it.

Any organization that collects your SIN, whether it operates under PIPEDA or the public-sector Privacy Act, a must do so under strict rules to protect your privacy.

Legislated uses of the SIN (or legislation that regulates its use) include:
-Canada Pension Plan, Old Age Security and Employment Insurance contributions or claims (the original purposes for the SIN)
-Income Tax identification; Banks, trust companies, caisse populaires and stock brokers when they sell you financial products (GICs or Canada Savings Bonds) or services (bank accounts) that generate interest. They declare your interest to Canada Revenue Agency (CRA) for income tax purposes;
-Various Veterans Affairs benefit programs;
-Canada Student Loans or Canada Student Financial Assistance;
-Canada Education Savings Grants;
-Gasoline and Aviation Gasoline Excise Tax Applications;
-Canadian Wheat Board Act;
-Labour Adjustment Benefits Act;
-Tax Rebate Discounting Regulations;
-Race Track Supervision Regulations;
-Garnishment Regulations (Family Orders and Agreements Enforcement Assistance Act);
-Canada Elections Act;
-Canadian Labour Standards Regulations (Canada Labour Code);
-Farm Income Protection.
-Programs authorized to use the SIN
-Immigration Adjustment Assistance Program;
-Income and Health Care Programs;
-Income Tax Appeals and Adverse Decisions;
-Labour Adjustment Review Board;
-National Dose Registry for Occupational Exposures to Radiation;
-Rural and Native Housing Program;
-Social Assistance and Economic Development Program

Source: Office of the Privacy Commissioner of Canada website.

Let's talk...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s