Federal (Canada) Privacy Decisions

An individual complained that a bank failed to obtain adequate consent for using and sharing customer data with affiliates for secondary marketing purposes, arguing the bank did not clearly inform customers or provide an easy opt-out mechanism. The Office of the Privacy Commissioner of Canada (OPC) investigated and found the bank's practices and materials, including informing customers of privacy policies and providing an opt-out process, constituted a reasonable effort to ensure customer knowledge and consent. The OPC concluded the bank was in compliance with PIPEDA principles regarding secondary marketing.

• Adequacy of consent for secondary marketing purposes
• Clarity of information provided to customers about data use and sharing
• Availability and ease of the opt-out process
• Bank's compliance with PIPEDA principles on knowledge and consent

The Privacy Commissioner investigated a complaint regarding Canada Post's National Change of Address (NCOA) service. The complainant argued that Canada Post failed to adequately inform subscribers that their new addresses would be disclosed to third-party "mailers" (including mass marketers and direct marketers) for commercial purposes. The Commissioner found that Canada Post contravened sections 5(2) and 8 of the Privacy Act by not clearly identifying this purpose of disclosure and by failing to obtain the necessary consent from individuals.

• Adequacy of information provided to NCOA service subscribers regarding disclosure of new addresses to third parties.
• Whether consent obtained for NCOA service implicitly includes consent for disclosure to mass marketers and direct marketers.
• Canada Post's use of "negative consent" (opt-out) versus "positive consent" (opt-in) for disclosure of personal information.