The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, August 14, 2005
Dun and Bradstreet, a consumer reporting agency serving clients in Australia, is suggesting that privacy laws are feeding the growth of identity theft. As an example, D&B is saying that more fraudsters are impersonating dead people because the credit agencies are not able to get the information necessary to determine whether a named applicant is actually alive: Privacy laws blamed for identity fraud rise.
UPDATE: I forwarded this article to Dennis Bailey at Open Society Paradox, because I was sure he would have something interesting to say. I was not disappointed: The Open Society Paradox: Privacy to Blame for Identity Theft?.
This particular article really highlights the tensions between privacy and identity. On one hand, I'm sure that most people who are concerned about privacy would not want credit agencies to be directly plugged into the massive government vital statistics databases. At the same time, reasonable people would say that there should be a way for credit grantors to check to make sure that the person asking for credit is who they say they are and that they are in fact not quite dead.
Dennis has always been a proponent of robust identity for a number of reasons, one of which is the issue at hand. If credit agencies take steps to verify the physical person applying is the same person named on the form, using reliable ID, much of the risk of fraud is eliminated. But this will slow down the "instant credit" that consumers are now used to.
In Canada, the only credit facility that really requires ID is getting a mortgage because lawyers are supposed to check ID before registering the mortgage at the registry. Every bit of credit I've ever gotten have relied upon other means of "identification". (To give my bank some credit, I've personally known my banker for years.) If you look at your average credit card application, you'll see the current system relies on the information provided by the applicant to determine identity, which is as unreliable as the data to which it is compared. If the name, address and date of birth on the application match the data at the credit bureau, we have a match! If that database doesn't say person X is dead, then someone with person X's information can pretend to be him and get credit in that name.
It's an important problem that needs to be solved by informed discussion between those in Dennis Bailey's camp and those in the pro-privacy camp. I hope it is solved, sooner rather than later.
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.