The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, January 06, 2004
Commissioner's Findings - September 4, 2003 - Privacy Commissioner of Canada: PIPED Act Case Summary #211: Bank accused of improperly disclosing overdraft information to another bank
Among other complaints to the OPC, a couple complained that they were not allowed to withdraw their consent for future information disclosure to other lenders, credit bureaus or credit-reporting agencies. The couple's account had become delinquent and was referred to the bank's collections division. The couple got a loan from another bank and wanted to refuse to allow the original bank to communicate their credit information to other parties.
The first bank's position was that it had the couple's consent to the disclosure of their personal information by virtue of the personal loan service authorization they had signed a few years earlier when their personal credit reserve was arranged. This document stated that the couple authorized the bank to disclose to other lenders, credit bureaus or other credit-reporting agencies personal and credit information about them. The bank further stated that the couple could not withdraw their consent for future disclosure because the sharing of such personal information is required to maintain the integrity of the Canadian credit-granting system.
Commissioner's Findings ...
It has been confirmed in other cases considered by the Office that the credit system in Canada depends upon the fulfillment of myriad contractual and legal obligations.
If individuals could withdraw their consent to disclosure of their credit history with a particular lender, the credit system would not work.
On this basis, the Commissioner determined that the bank was justified, on legal and contractual grounds, in refusing to honour the couple's request for withdrawal of consent to the sharing of their personal financial information with other lenders, credit bureaus or credit-reporting agencies. He found, therefore, that the bank was not in contravention of Principle 4.3.8.
This finding appears to answer (albeit not definitively) a relatively common query among credit grantors when informed that PIPEDA contains the following provision:
4.3.8 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The organization shall inform the individual of the implications of such withdrawal.
It appears that as long as the credit agreement contains a consent to the exchange of credit information with the usual parties, the debtor is not able to unilaterally withdraw that consent. Prudence would suggest that credit grantors would want to include language that explicitly informed individuals that they are not able to withdraw consent.
Labels: information breaches, pipeda findings
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.