Was I notified either verbally or in writing, of the reason each piece of my information is being collected?

Recently, I was in a local brewery buying a keg, and they asked for a copy of my driver’s licence to write down the number on the deposit form. And then a few days ago, I was filling out an online form for a social network that required I specify my gender to create an account. It is cases like this that inspired me to write this article.

The Personal Information Protection and Electronic Documents Act (PIPEDA) handles protection of personal information in the private sector in Canada. This applies to small business owners as well as federal corporations. Today I will write on one of the 10 principles of the act, which refers to identifying the purpose for which the information is collected. Whenever a Canadian business asks you (a consumer) for your information, you should first ask yourself, “Was I notified either verbally or in writing, of the reason each piece of my information is being collected?” If not, you can ask for this to be explained to you, and the organization must respond.

For small business owners, this means you should now have a written policy on why you are collecting any and all personal information, and for what reason each piece of information is being requested. You should not be asking for any information that is above basic requirements for you and your clients to complete the transaction. If at any time you have a new purpose for this information, you should seek consent from the individual before using it. These requirements will also help you with the Openness and Individual Access principles that I will write about at a future date.

From section 11 of PIPEDA:

An individual may file with the Commissioner a written complaint against an organization for contravening a provision of Division 1 or for not following a recommendation set out in Schedule 1.

For more reading:

The Canadian Privacy Commisioner’s website

PIPEDA

One Reply to “Was I notified either verbally or in writing, of the reason each piece of my information is being collected?”

  1. PIPEDA governs the collection use and disclosure of personal information *generally* in Canada, but not in provinces with substantially similar legislation. BC is one of those provinces – so to know your rights the next time you’re at the brewery, check the Personal Information Protection Act. The only time PIPEDA applies in BC, is when you are dealing with a federally regulated organization, like a bank or railway.

    Also, those same rights to know the purpose for collecting your information and the legal authority for collecting it apply in BC (and in Alberta, Ontario, Nova Scotia, etc) when you are dealing with government. Section 27 of the Freedom of Information and Protection of Privacy Act requires government to give you information about the collection of your information, even if you don’t ask.

    Thanks for letting me comment! 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

*