Cautionary Tale For The Helpful Employee


On February 22, 2013, the Office of the Privacy Commissioner of Canada (OPC) released a report of findings in connection with a complaint that an employee at a mobile phone company improperly altered a phone contract of a customer at the direction of an unauthorized party.

The facts of the case, as reported by the OPC, were relatively straightforward. The stepson of a customer was authorized to use a phone on his stepfather’s account. The stepson visited a mobile phone store and requested changes to his services. The stepson impersonated his stepfather. Bad on the stepson, perhaps, but the OPC concluded that the employee did not follow the mobile phone store’s customer validation process. In particular, the employee did not request identification to authenticate the customer by means of two pieces of identification. The changes requested by the stepson generated a new three year contract. Trouble was that the stepson was not authorized to make those changes and the stepfather was none too pleased.

The employee might have just been trying to be helpful, but the OPC found two violations of the federal privacy principles established by the Personal Information and Electronic Documents Act (PIPEDA).

  • Principle 4.3: “The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.”

The use of the real customer’s personal information to renew the contract was not done with that customer’s consent.

  • Principle 4.7 and 4.7.1: “Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.” “The security safeguards shall protect personal information against loss or theft, as well as unauthorized access disclosure, copying, use or modification.”

There were procedures in place but the employee violated them, thereby failing to protect the personal information from unauthorized use.

Are your employees aware of these principles and that they apply to them? Maybe understanding that these principles are not just the ravings of a compliance department but are also federal law might help convince them that these principles are important.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.