Note to readers: Whenever the decision below states that a complaint was “resolved,” it actually means I was right and that my complaint was deemed “well-founded.” Only one count of my complaint was not deemed well-founded.
File: 6100-00982, 6100-00983, 6100-00984, 6100-01576, 6100-01577
This letter is our report of findings with regard to the complaints you filed against Famous Players under the Personal Information Protection and Electronic Documents Act (the Act). In your complaint, received in our Office on April 26, 2004, you allege that Famous Players is unnecessarily collecting and using the personal information of individuals who use its viewer assist equipment; that Famous Players fails to safeguard the personal information collected; that its staff are not conversant with their responsibilities under the Act; and that the organization is not open about its privacy policies. You state that you tried to deal directly with the organization but were unable to resolve your concerns.
Before I provide you with the findings, let me first outline the facts obtained in the course of this Office’s investigation.
Summary of Investigation
In 2001 Famous Players installed the MoPix and Rear Window Captioning (RWC) and Descriptive Video Service (DVS) equipment into its theatres to help disabled people view movies. Shortly afterward, you were given a “Big Card,” which allows you and any guest(s) free access to the movies shown in its theatres. You were given this pass so that you could review captioned movies.
That is not true. The vice-president of corporate affairs previous to the current one gave me a Big Card out of friendly courtesy. There was no up-front expectation that I was to “review captioned movies.” The Big Card was renewed continuously through 2004.
Collection and Use
You indicate that when you would attend a Famous Player movie theatre and ask to be given accessibility equipment, you would be required to provide your name, address, and telephone number, in order to obtain the equipment.
Address was rarely ever requested. In fact, I cannot find any mention in my notes that it was ever requested.
This information would be recorded on a sheet of paper. At one theatre, you were asked to fill in the information sheet yourself. At some theatres, you were asked to supply identification, while at others, you were not. You object to having to supply any type of information to obtain the equipment, and to supply identification in support of the information given.
In your opinion, the organization should lend the equipment to patrons without collecting or using any personal information. You state that the equipment cannot be used elsewhere and is relatively inexpensive. You are also of the view that Famous Players is not consistent in asking for identification as you have sometimes been asked to provide it and other times have not.
Famous Players confirms that its policy is to ask persons who are using the equipment to supply their name, telephone number and address. This information is then to be confirmed against some type of identification, such as a provincially issued identification card. The information on the card, such as the card number, is not recorded. It is used for verifying the name only. According to the company, the information is collected to identify guests with custody of the equipment and is used to allow the company to follow up with the guest in the event that the equipment is returned damaged, or not at all, as well as to provide a disincentive to any mistreatment of the equipment. Famous Players believes that this collection and use of personal information protects the company against loss, damage or theft.
And here the Privacy Commissioner ignores my evidence that neither theft nor damage were ever reported to have happened, and only an unspecified but small number of items went “missing” at exactly one cinema. In other words, Famous Players’ actions were a remedy for a problem that almost never occurred.
You state that the information on the sheets is available to anyone filling out the sheet or having access to the clipboard that holds the sheets. In one instance, you state that you were handed a loose leaf binder, which you could peruse, and in which your friend wrote down his name and number. The desk where the binder was kept was unattended at the time.
In another instance, you state that when you were handed a clip board to sign in for the equipment, you were able to read the names and personal information of other persons who had signed in.
Famous Players states that normally personal information is collected and recorded by an employee and that customers should not be completing their own sheets. As an interim measure, the company took steps to remind its theatres and general managers of the importance of the privacy and security of guests’ personal information. It also instructed them to have staff cover up any previous guest identification information so that the guest signing out equipment cannot see it.
Famous Players indicates that it is designing a further revision to its practices, which will be implemented in the near future. The planned procedure involves collecting each user’s personal information on a separate, individual sheet of paper, on which the guest’s name and telephone number are recorded. The type of identification used to verify this information (but not the identification number) will also be recorded on the individual sheet. This individual information sheet will also describe the purposes for collecting the personal information requested, and will clarify to both the guest and the staff member that the piece of identification used to verify the information is not to be kept by staff during the guest’s visit.
The individual sheet containing the guest’s personal information is to be retained by guest services behind the counter, inaccessible to other users, for the duration of the guest’s visit. Any subsequent guests that request the equipment are to be given a fresh, blank information sheet, and will therefore not have access to a previous user’s information.
You state that on a number of occasions, you asked employees of Famous Player theatres if they were aware of the Privacy Act (sic).
I called it the Privacy Act so that the teenagers and young adults I dealt with would reasonably understand what I was talking about. Only experts even know what PIPEDA is, let alone what the acronym stands for.
As for training staff, Famous Players states that it did implement privacy training. Specifically, it sent an information package to all general managers on December 18, 2003. This package included the following:
- A memorandum to all Famous Players employees outlining the basic principles of the Act and the importance of compliance;
- Contact information for the company privacy officer, including a dedicated E-mail address and toll-free number, with instructions to contact the privacy officer with any concerns or questions; and
- Instructions to disseminate the information provided to theatre staff and to make them aware of Famous Players’ privacy compliance program.
The company’s privacy officer met with a group of Toronto theatre managers and conducted a conference call training session with theatre managers in the western provinces. The privacy officer has had other interactions with theatre and department managers to discuss privacy compliance issues as part of the ongoing training and awareness program implemented by the company.
Famous Players also states that it has established a privacy compliance committee that has met quarterly to discuss particular privacy issues that have arisen and to review and revise the company’s general practices and procedures to address those issues.
This is a serious misstatement of my complaint! I explained this very understandably in my complaint and on the telephone with the Privacy Commission investigator.
I did not claim that “many people do not have access to the Internet and therefore cannot obtain the information.” My only use of the term “access” and its derivatives related to people with disabilities. I stated in my complaint:
As author of Building Accessible Websites, I have expertise in Web accessibility. I have given Famous Players free expert advice that their Web site does not provide valid HTML and fails the Web Content Accessibility Guidelines in material respects. It is likely inaccessible to many people with disabilities, including blind people. Due to inept authoring, it’s impossible even to get past the language-choice splash screen in some browsers. Famous Players reacted with great defensiveness at the embarrassing, much-too-late realization that its expensive Web site is noncompliant and inaccessible, but it has refused to bring its site into compliance.
I will be writing to the Commissioner and Famous Players asking for a reassessement of this grounds for complaint and a revised decision. The Commissioner completely got it wrong.
You also expressed concern about the length of time the organization keeps the personal information it collects from accessibility equipment users. It would appear that different theatres had different retention schedules. Famous Players has since reviewed its policies and determined that keeping the information was unnecessary, as the information was only required until the equipment was returned. The company has a new policy in effect. From now on, when the equipment is returned, the individual sheet, or a torn-off portion containing the guest’s personal information, will be returned to the guest as a form of receipt. Famous Players will not retain any of the guest’s personal information collected as a result of borrowing the equipment.
In making our determinations, we applied Principle 4.1, which states that an organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles; Principle 4.1.4(c), which stipulates that organizations shall implement policies and practices to give effect to the principles, including training staff and communicating to staff information about the organization’s policies and practices; Principle 4.3.2, which provides that organizations shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used.
To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed; Principle 4.3.3, which stipulates that an organization shall not, as a condition of the supply of a product or service, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfil the explicitly specified, and legitimate purposes; Principle 4.5, which states that personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
Personal information shall be retained only as long as necessary for the fulfilment of those purposes; Principle 4.5.2, which suggests that organizations develop guidelines and implement procedures with respect to the retention of personal information. These guidelines should include minimum and maximum retention periods.
Personal information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made; Principle 4.7, which states that personal information shall be protected by security safeguards appropriate to the sensitivity of the information; Principle 4.8, which establishes that an organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information; and Principle 4.8.1, which indicates that organizations shall be open about their policies and practices with respect to the management of personal information. Individuals shall be able to acquire information about an organization’s policies and practices without unreasonable effort.
Collection and Use
Is it reasonable for Famous Players to make the provision of personal information a condition for the supply of its accessibility equipment? The company’s purpose for collecting and using such information is to ensure that it can follow up with a customer if the equipment is not returned or is damaged. To want the items returned in working condition is reasonable, and to ensure that there is accountability on the part of the customer for the item, the company is asking for the customer’s name, address and telephone number, as well as identification for verification purposes. The identification number is not recorded. Given the above, I am satisfied that Famous Players is not asking for more personal information than is required to meet its legitimate purposes, and I therefore find that the company is not contravening Principle 4.3.3.
I am also satisfied that a Famous Players’ employee did tell you the reason for the collection. You state that you were told that the information was required “because of all the money that has been spent on the equipment.” The same employee also directed you to the company’s Web site for more detailed information. In my view, this constitutes a reasonable effort to explain the purpose for the collection, and I find that Famous Players was in compliance with Principle 4.3.2.
Accordingly, I conclude that your collection and use complaint is not well-founded.
You alleged that the information collected was left unattended or accessible to other persons. Although Famous Players states that its policy was that information should not be accessible to others, it admits that there may have been occasions where the information could have been obtained because it was not properly safeguarded, as required by Principle 4.7. Famous Players has since changed its procedures to protect the information. In our opinion, the new procedures appear to be sufficient, and in keeping with Principle 4.7.
Accordingly, I conclude that your safeguards complaint is resolved.
In keeping with Principle 4.1, Famous Players has a designated privacy person who is accountable for the company’s compliance with the Act.
Accordingly, I conclude that your accountability complaint is resolved.
As for making information about its privacy policies and practices readily available, Famous Players did offer you the information via its Internet site. It states that it also would have supplied the policy by other means. The company will have a copy of the policy on site, and will continue to make it available in an alternative format if requested. On the whole, I find that Famous Players is meeting its obligations under Principles 4.8 and 4.8.1.
Accordingly, I conclude that your openness complaint is not well-founded.
There was some evidence that different theatres had different retention schedules for the personal information of customers. In my view, the company was keeping the information unnecessarily, and was therefore not meeting the requirements of Principles 4.5 and 4.5.2. However, Famous Players has since implemented a new policy, and will no longer retain any personal information once the borrowed equipment has been returned, and will give the sheet containing the information back to the customer.
Accordingly, I conclude that the retention complaint is resolved.
Now that you have my report, I must inform you that, pursuant to section 14 of the Act, you have the legal right to apply to the Federal Court of Canada for a hearing in respect of any matter that you complained about or that I have dealt with in my report, and that is referred to in clause 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 or 4.8 of Schedule 1, in clause 4.3, 4.5 or 4.9 of the Schedule as modified or clarified by the Act, in subsection 5(3), or 8(6) or (7) or in section 10.
Should you wish to proceed to the Court, we suggest you contact the Court office nearest you. It is located at 330 University Avenue, 7th Floor, Toronto, ON M5G 1R7, telephone (416) 973-3356. Normally, an application must be made within 45 days of the date of this letter.
You should also be aware that the Court has discretion to order that the costs of the other party be paid by you where the Court is of the view that this is appropriate. While this does not happen often, it is a possibility of which you should be aware. Conversely, the Court may order that your costs be paid where the Court finds, for instance, that your application raises an important issue or one of public interest.
This concludes the investigation of your complaints. If you have any questions or comments about the disposition of the complaints, I would invite you to contact , Privacy Investigator, at 1-800-282-1376.
– Yours sincerely,
Heather Black, Assistant Privacy Commissioner