CBSA should only retain travellers’ digital device passcodes when necessary
A Canadian returning to Canada complained that the Canada Border Services Agency (CBSA) contravened the Privacy Act by requiring him to provide his cell phone passcode for inspection. The OPC found that while the CBSA has the authority under the Customs Act to require passcodes, it must follow its own policies and only retain personal information when necessary. The CBSA acknowledged policy failures and committed to improved training and policy revisions.
- CBSA's authority to require digital device passcodes under the Customs Act
- Whether the collection of the passcode was necessary
- CBSA's adherence to its internal policies regarding personal information collection and retention
- The sensitivity of digital device passcodes as personal information
Complaint resolved by policy changes and commitments to improved training
The OPC accepted the CBSA's authority to collect passcodes but found it failed to follow its own policies and retained information unnecessarily. The CBSA subsequently committed to corrective measures.
AI-generated summary for reference only. Always verify against the official decision ↗
The CBSA revised its policy to ensure passcodes are handled more sensitively and committed to providing additional training to officers.
- Privacy Act
- Customs Act
This summary is informational only and not legal advice.