Volume I

Issue : 11: November 27, 2003

• European Court Rules that Sounds Can be Trade-Marks
• Privacy Commissioner Finds After-the-fact Consent Ineffective
• UN Releases E-Commerce and Development Report 2003
• Internet E-Commerce Complaints Make Top Ten List in Consumer Complaints Survey
• Coca-Cola Ltd. Wins Right to "cocacola.ca" Via CIRA Domain Name Dispute Process
• FTC Comments on Consumer-Directed Promotion of Prescription Drugs
• Extraction of Public Domain Data from a Database Does Not Breach Copyright
• Supreme Court Hears Arguments in Landmark Case (Tariff 22)
• Alberta Enacts Privacy Legislation

Home > Volume I > Issue 11: November 27, 2003 > Privacy Commissioner Finds After-the-fact Consent Ineffective

Privacy Commissioner Finds After-the-fact Consent Ineffective

The Privacy Commissioner of Canada has determined that the failure of a bank to obtain authorization for credit checks was a violation of Principle 4.3 of the Personal Information Protection and Electronic Documents Act ("PIPEDA"). The violation occurred when the branch manager of the bank conducted credit checks on customers for the purposes of pre-approving the customers for overdraft protection. Once the credit checks were conducted, customers qualifying for pre-approval were notified and asked to sign an authorization for the previously conducted credit check if accepting the overdraft protection.

Principle 4.3, found in Schedule 1 of PIPEDA states, "The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate." The Commissioner found it was undisputed that the bank had collected and used personal information without the consent of the individual and had therefore violated Principle 4.3. The bank in question had taken immediate steps to correct the situation, acting even before being notified of the involvement of the Privacy Commission.

For additional information, visit:

http://www.privcom.gc.ca/cf-dc/2003/cf-dc_030807_e.asp