The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, February 15, 2005
The Boston Channel WCBV-TV is carrying a report about intrusive and more than slightly creepy questions that credit card companies are asking to verify the identity of card holders. After a string of "suspicious" purchases prompted a credit card company to put a fraud alert on a consumer's card, the customer was required to answer a number of unexpected questions to prove she is who she says she is:
TheBostonChannel.com - Money - Are Credit Card Companies Getting Too Personal?:
"... 'And they said, 'In order to get your card reactivated and take the fraud protection off, we're going to have to ask you some questions.' And she said, 'I want to warn you that some of these questions might sound a little unusual,'' Santilli said.
Unusual and, according to Santilli, invasive.
'Well, the first question was the age group of a former husband of mine,' Santilli said. 'But then the next question that came up was about my former husband's sister. And they asked me, 'In which county is she likely to live,' and they asked her name specifically.'
'I said, 'I can't believe you're asking me this.' And then she apologized again,' Santilli said.
Santilli answered the questions; Providian removed the fraud alert. But the experience left Santilli shaken.
'I was expecting to be asked my mother's maiden name, my Social Security number, maybe what I purchased that day and for what amounts. Anything else but questions about a past relationship,' Santilli said.
WJAR-TV contacted Providian. It reported Providian uses a security system that gathers information about card holders.
'When the customer calls in, we use an electronic system. It automatically generates verification questions using public sources,' Providian spokeswoman Beth Haiken said.
Where do they get that information? The station reported that companies like Providian can get it at city and town halls or anywhere else public records are available. It's all legal because they're public records, according to the station."
It's probably worth noting that this wouldn't fly in Canada. Publicly available information may be used without consent, but only for the purposes for which it is made available in the first place. I can't see that municipal records are made available for this purpose.
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.