The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar



Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, July 21, 2005

Alberta Commissioner releases report concerning disclosure and security of personal information by a collection agency 

On the privacy front, Alberta is apparently where it's at:

Commissioner releases report concerning disclosure and security of personal information by a collection agency

Commissioner Frank Work authorized an investigation under the Personal Information Protection Act ("PIPA" or "the Act") after receiving a complaint alleging that CBV Collection Services Ltd. ("CBV") contravened the Act.

The complainant reported that CBV faxed a form to the complainant's place of employment, and specifically to a non-confidential fax machine. In so doing, the complainant alleged CBV failed to adequately protect her personal information from possible disclosure to other colleagues and employees in her workplace

The investigator found that although CBV did have some policies and procedures in place to address information privacy and confidentiality requirements, a CBV employee acted to the contrary. As a result:

  • CBV disclosed the complainant's personal information when it faxed the form to the complainant's place of employment.
  • CBV contravened section 19 of the Act as the disclosure in this case was not for a reasonable purpose.
  • CBV contravened section 34 of PIPA by failing to make reasonable arrangements to mitigate the risks associated with sending personal information by fax.
  • In response to the incident and this Office's investigation, CBV revised its process and internal policy documents with respect to requesting verification of employment (VOE), particularly when doing so by fax, and developed a plan to communicate the new process to all offices across Canada. Among other things, the new process requires that:

    • A Collection Supervisor verify that a VOE is authorized in the circumstances.
    • The collector pre-arrange sending the VOE with the appropriate receiving party.
    • Fax transmissions must be sent to a confidential fax machine and must include a confidential cover sheet that does not state the name of the debtor.
    • The collector must confirm receipt of a fax or email within 30 minutes of sending it.

    The circumstances in this case illustrate that organizations need to be diligent in reviewing information privacy and confidentiality policies and procedures with their staff on an ongoing basis, and in following-up any failure to comply.

    With respect to transmitting personal information by fax, organizations must ensure their employees are aware of the potential risks involved, and implement appropriate measures to mitigate that risk."

Click here to download Investigation Report P2005-IR-006.

Labels: , ,

7/21/2005 04:24:00 PM  :: (5 comments)  ::  Backlinks
VERY INTERESTING.. I host a Canadian credit repair blog. Credit Repair Blog and as well. Canadian Credit Repair

CBV collection services are my least favorite collection agency. They have been as rude as possible.

My question regarding PIPEDA and collection agencies since you're a lawyer.

There are two potential violations that I see over and over again on credit reports.
1) A consumer doesn't consent to a creditor disclosing the consumers information to a collection agency. (Unless there's a transfer of rights, or assignment of rights in the agreement)
2) A consumer doesn't consent that the collection agency disclose the consumer's information to the credit reporting agency.

My understanding that PIPEDA 4.3 Consent says that the consumer must give consent to all parties to collect and disclose information to other parties.

I spoke to the Privacy Commissioners office about it. They indicated that even though there weren't any official rulings on my question just yet, they weren't willing to deal with it.

It's my strong opinion that somebody needs to challenge the creditors and collection agencies and credit bureaus on these points.

I would be very interested your comments.

Monty Loree - President
Express Credit Repair
This is my first post...

Collectors probably do not have to have permission through the usual sources cause the debtor already gave that permission in applications for the the VERY VERY VERY small print.

When the Bank etc transfer the account to the parasites in the collection business..the permission goes with the account...
Wouldn't the parasites be the people getting loans or using credit and not paying it back?

As for the original inquiry about credit information access for collection agencies: I would suggest you READ contracts before you sign them with a creditor. If you can't pay for something, don't take it.
This morning, CBV called our company 12 times within a 10 minute period. They provided detailed information regarding the debt they were trying to recover to most employees at our place of business. I have faxed them pointing out the law (they are apparently allowed to call 3 times in a 7 day period. If they believe they have a debt to recover, they can launch a law suit. I find them to be extremely rude and somewhat vulger. I do not understand why they have not had their license revoked.Is there a class action law suit against this company. How does one go about this?
You cannot assume that people who apply for a loan/credit are intentionally trying NOT to pay it back. Every individual has INDIVIDUAL circumstance. Just as every credit application does. People get laid off, divorced, die, seriously hurt/disabled. Bad things happen to good people. But, if the world was a perfect place, would we need credit to begin with? And, even when "collections" get involved, all they care about is getting back their investment +, as most buy out the deliquent accounts at a discount, and "hope" to get it back +. To all the collection agencies, you can't get blood from a stone. Perhaps you should invest your time and money in low risk investments, instead of trying to intimidate a buck out of some person who already has enough to deal with. If they had the money, they would had kept to their original credit agreement.

For people with deliquent accounts, keep up on your credit report. That company you owed, who sold your account to the parasite, may have wriiten off your debt. Therefore, even if you pay the parisite, it will not "better" your situation, it'll just put $$$ in parisites pocket.
Post a Comment

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs