Federal (Canada) Privacy Decisions

An individual complained that a property management company was over-collecting personal information, including Social Insurance Number (SIN), driver's licence information, and banking information, on its rental application forms. The Office of the Privacy Commissioner of Canada (OPC) also investigated the company's lack of a privacy policy. The company committed to making it clear that the request for SIN, driver's licence, and banking information was optional and to posting a privacy policy on its website. The complainant was satisfied with these changes.

• Collection of SIN, driver's licence, and banking information on rental applications
• Requirement for a privacy policy on the company website
• Responsibility for third-party practices

A bank customer complained that the bank improperly demanded to record information from his driver's license when picking up a replacement credit card. The bank initially claimed this was for anti-money laundering purposes, but later admitted this explanation was incorrect. The Office found the demand for information was not well-founded as no information was actually collected. However, the bank contravened PIPEDA by misinforming the customer about the purpose of the collection, a contravention that was resolved by revised bank procedures and staff training.

• Whether the bank limited the collection of personal information to what was necessary.
• Whether the bank's employees could explain the purposes for collecting personal information.