The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Monday, January 09, 2006
Be prepared to fork over your personal information if you visit the website for "Grandma's Boy", an upcoming movie from 20th Century Fox. If you want to see the film's trailer, view clips and enter to win fabulous prizes, be prepared to fork over your name, date of birth and zip code. That's what it says on the front page, and there's no privacy policy link to tell you what the website will do with it. No notice. Nothing. Nada. Zilch.
According to DM News and New York Newsday, the site takes your data and matches it against a huge database compiled from US drivers' licenses. If your details match, you get in.
Once you get in, you can then read the 20th Century Fox privacy policy, which seems to say they'll never do what they just did. Read on:
Effective as of July 1, 2005PRIVACY POLICY
...
2. NOTICE - FOX FE WILL PROVIDE YOU WITH NOTICE ABOUT ITS PII COLLECTION PRACTICES:
When you voluntarily provide PII to Fox FE, we will make sure you are informed about who is collecting the information, how and why the information is being collected and the types of uses Fox FE will make of the information.
At the time you provide your PII, Fox FE will notify you of your options regarding our use of your PII, including whether we will share it with outside companies (See "Choice" below). This Policy describes the types of other companies that may want to send you information about their products and services and therefore want to share your personal information, provided you have given Fox FE permission to do so (See "Use" below).
Sometimes we collect PII from consumers in manual format or off-line, such as a post card or subscription form. Providing detailed notice in those situations often proves impractical, so consumers will instead be provided with a short notice that describes how to obtain the full text of this Policy and other relevant information from us.
...
3. CHOICE - FOX FE WILL PROVIDE YOU WITH CHOICES ABOUT THE USE OF YOUR PII:
Fox FE will not use the PII you provide to us for purposes different from the purpose for which it was submitted, or share your PII with third parties that are not affiliated with Fox FE (i.e., not a part of the News America Group), unless we obtain your permission.
...
7. REMEDIES AND COMPLIANCE - HOW TO CONTACT FOX FE ABOUT PRIVACY CONCERNS:
If you have any issues or complaints regarding this Privacy Policy, please contact:
Foxmovies.com Privacy Officer
P.O. Box 900
Beverly Hills, CA 90212(888) 369-0687
© 2005 Twentieth Century Fox. All Rights Reserved.
It's enough that there is no notice on at the time that very personal information is collected, but there is no mention anywhere what would be done with the info. Is is kept? Where does it go? Is it matched to anything else collected by the company or anyone else? It is so easy to just tell people why the information is being collected and what will be done with it.
Age verification may be a reasonable purpose to collect information like this, but doing it without notice or any reassurance makes it very easy for others (perhaps less reputable others) to follow suit. People may simply get more used to handing over sensitive personal information without knowing where it is going.
As an aside, I'm not sure how well their system works. Just try John Smith, 03/03/1970 living in Beverly Hills 90210.
Labels: identity theft, information breaches
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.