The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Wednesday, August 03, 2005

Alberta Commissioner releases report concerning collection and retention of personal information by two retail stores 

It has become common practice for retailers to demand personal information in order to process returns and refunds. (See The Canadian Privacy Law Blog: Retailers demanding ID, tracking returns and The Canadian Privacy Law Blog: Article: New privacy sprouts forest of complaints).

Today, the Alberta Information and Privacy Commissioner's office released a decision that faulted two large retailers for collecting drivers' license data for input into a centralized. All retailers in Canada who collect ID to deter fraud should be aware of this decision.

From the Commissioner's news release:

Commissioner releases report concerning collection and retention of personal information by two retail stores

Commissioner Frank Work authorized an investigation under the Personal Information Protection Act (""PIPA"" or ""the Act"") after receiving complaints alleging that two Canadian Tire stores contravened the Act.

The complainants reported that a Canadian Tire store in Calgary and a Canadian Tire Store in Sherwood Park refused to complete a return of good transaction unless the customers provided their Drivers'' Licence (D/L) numbers or other identification.

The investigator found that the Calgary store contravened the Act by collecting and retaining D/L numbers in its merchandise return system. There was no evidence that the Sherwood Park Store retained the complainant''s D/L number.

The investigation revealed that:

  • For the purposes of deterring fraud, the stores collect certain personal information of individuals returning goods. Simply asking for a name, address and telephone number was sufficient to meet their purposes.
  • Viewing picture identification to confirm the name, address and telephone number in some cases was sufficient; it was not necessary to collect and retain more sensitive personal information such as a D/L number.

In response to this Office''s investigation, the Calgary Store immediately ceased collecting and retaining ID as part of its return of goods transactions. As well, Canadian Tire Corporation Limited, in consultation with the Canadian Tire Dealers'' Association (CTDA) committed to redesign the merchandise return computer system used by all Canadian Tire stores so that ID can no longer be entered into the system. They also agreed to purge the existing numbers from the system. The CTDA agreed to communicate this report to all Canadian Tire Associate Dealers, and to revise corporate merchandise return policies required as a result of this report. This will assist in harmonizing the practices across all Canadian Tire stores.

The circumstances in this case illustrate that organizations need to carefully consider and limit the amount of personal information collected for legitimate business purposes.

To obtain a copy of Investigation Report P2005-IR-007 contact:

Office of the Information and Privacy Commissioner
410, 9925 - 109th Street
Edmonton AB T5K 2J8
Phone: (780) 422-6860
E-mail: generalinfo@oipc.ab.ca
Website: www.oipc.ab.ca

Labels: , , ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs