Personal Information Protection in the Face of Crime and Terror: Information Sharing by Private Enterprises for National Security and Law Enforcement Purposes
A report prepared by Tamir Israel, Ali Mian, Aba Stevens, and Michelle Yau
Supervised by Andrea Slane
Centre for Innovation Law and Policy
March 2008
Funded by the Contributions Program 2007-2008
Office of the Privacy Commissioner of Canada
TABLE OF CONTENTS
Executive Summary .......................................................................1
Approach of this Report.................................................................... 1
Summary of Recommendations............................................................ 1
The Telecommunications Industry........................................................1
The Retail Industry........................................................................... 2
The Banking Industry........................................................................ 3
The Airlines Industry......................................................................... 4
I. General Introduction................................................................... 5
A) PIPEDA – Overview....................................................................... 6
B) Section 8 of the Canadian Charter of Rights and Freedoms
– Overview..................................................................................... 7
1) Search or Seizure......................................................................... 8
2) When is a Search or Seizure Unreasonable?....................................... 9
C) Collection, Use and Disclosure of Personal Information........................ 10
1) Collection................................................................................... 10
Where Private Organizations Act as Agents of the State.......................... 11
2) Use ........................................................................................... 12
3) Disclosure................................................................................... 13
a) Warrants.................................................................................... 13
b) Subpoenas/Demands for Information................................................ 14
c) Court Orders............................................................................... 14
d) Warrantless Search or Seizures....................................................... 14
D) Analysis of Industries.................................................................... 17
1) The Telecommunications Industry.................................................... 18
2) The Retail Industry........................................................................ 18
3) The Banking Industry..................................................................... 18
4) The Airline Industry....................................................................... 19
II. Telecommunications Industry..................................................... 20
Introduction.................................................................................... 20
A) Overview of the Industry and How it is Regulated by Law.................... 21
B) Information Collected by the Industry.............................................. 22
1) Nature of Information Collection...................................................... 22
2) Legal Regime Governing Information Collection................................... 24
C) Personal Information of Interest to Law Enforcement and Legal
Mechanisms Shaping Information Sharing.............................................. 27
1) Information of Interest to Law Enforcement and the Desire
for Law Reform................................................................................. 27
2) Legal Mechanisms Shaping the Sharing of Information.......................... 31
a) Relationship between PIPEDA and the CRTC’s protection of
Privacy under the Telecommunications Act........................................... 31
b) The Agent of the State Test and the Charter.................................... 35
D) Formal and Informal Information Sharing Practices............................... 37
1) The Exercise of Discretionary Authority as Reflected in Terms of
Services and Acceptable Use Policies.................................................... 37
2) An Emerging Practice in Cases of Child Pornography............................. 39
E) Gaps and Controversies.................................................................. 40
1) Legal Uncertainty.......................................................................... 41
2) The Controversy of the Law Reform Agenda....................................... 42
F) Conclusions and Recommendations................................................... 44
1) Recommendations.......................................................................... 44
2) Conclusion.................................................................................... 45
III. Retail Industry........................................................................... 46
Introduction...................................................................................... 46
A) Overview of Industry and How it is Regulated...................................... 48
B) Information Collected by the Industry................................................. 51
C) Personal Information of Interest to Law Enforcement and Legal
Mechanisms Shaping Information Sharing................................................. 54
D) Formal and Informal Information Sharing Practices................................. 57
E) Gaps and Controversies..................................................................... 58
F) Conclusions and Recommendations...................................................... 60
IV. Banking Industry.......................................................................... 62
Introduction........................................................................................ 62
A) Overview of Industry and How it is Regulated........................................ 62
B) Information Collected by the Industry................................................... 63
1) Nature of Information Collected........................................................... 63
a) Required Collection............................................................................ 63
b) Collection Beyond Statutory Requirements.............................................. 64
c) Written Personal Information Collection Policies of the
Major Banks.......................................................................................... 65
i) Similarities.......................................................................................... 65
ii) Differences........................................................................................ 66
2) Legal Regime Governing Information Collection.......................................... 67
C) Personal Information of Interest to Law Enforcement and Legal
Mechanisms Shaping Information Sharing..................................................... 71
1) Interest of Law Enforcement................................................................. 71
2) Legal Mechanisms Shaping the Sharing of Information................................ 72
a) S. 8 Charter Jurisprudence.................................................................... 72
b) Laws Governing Warrantless Disclosures of Bank Records............................ 74
i) Subpoena and Court Orders.................................................................... 74
ii) Lawful Authority................................................................................... 75
iii) National or International Security Threat.................................................. 75
iv) Voluntary Bank Disclosures.................................................................... 76
v) FINTRAC............................................................................................. 76
D) Formal and Informal Information Sharing Practices...................................... 76
1) Formal Personal Information Sharing......................................................... 76
2) Informal Personal Information Sharing....................................................... 77
a) Requests for bank records pursuant to some ‘other’ legal
authority................................................................................................. 77
b) Proactive Release of Bank Records............................................................ 78
E) Gaps and Controversies.......................................................................... 79
F) Conclusions and Recommendations ........................................................... 80
V. Airlines Industry.................................................................................. 82
Introduction.............................................................................................. 82
A) Overview of Industry and How it is Regulated.............................................. 82
B) Information Collected by the Industry......................................................... 83
1) Nature of Information Collection................................................................. 83
2) Legal Regime Governing Information Collection............................................... 85
C) Personal Information of Interest to Law Enforcement and Legal
Mechanisms Shaping Information Sharing.......................................................... 85
D) Formal and Informal Information Sharing Practices.......................................... 91
1) Formal Information Sharing......................................................................... 92
a) Westjet.................................................................................................. 92
b) An Anonymous Airline................................................................................ 92
2) Informal Information Sharing....................................................................... 93
E) Gaps and Controversies.............................................................................. 93
1) The PAXIS Database.................................................................................. 94
2) Passenger Protect Program.......................................................................... 94
F) Conclusions and Recommendations................................................................ 97
Appendix I: Information Typically Collected in the Retail Sector...................... 101
Appendix II: Author Biographies………………………………………..........................……...102
·