On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time.
Yes you did volunteer the information when they asked for it. The law presumed you have a choice in the matter. There are enough providers who don't collect SIN numbers that you could have used one of them. You jumped into the canyon by wanting services immediately. There is an old saw that says decide in haste, repent at leisure. The law of contracts is offer and acceptance. Getting a cell phone contract is not the same as applying for a loan. The business may do a credit check and withdraw the offer if you don't meet a credit threshold, but they don't need a SIN number to do that. However having the SIN it makes it easier for them to get access to your funds through the court system if you owe them a significant debt.
So now the Telecom provider has my SIN. Are they free to use as they wish?
No, they have a fiduciary duty to you to protect that sensitive information. It was collected as a kind of trust article. Could they use it as my client ID and paste it on the front the bills they
send out to me?
I think if they did that you could sue for injunctive relief, assuming that they didn't reveal that was their contractual policy at the outset. It would be on your copy of the contract if they did.
Part of my concern was that enough personal information for someone to completely steal my identity was provided to a call center in a third world country with little or no oversight.
You don't have to live in a marginalized area of the world to suffer from a lack of oversight in your own actions. Just saying ...
How did that happen? You purchased the service from a brick and mortar location, in Canada I presume. Accounting and financial data are different than technical and service information. It would be highly unlikely that a service technician or even a first tier collection representative would have access to your complete data file.
The carrier should have an obligation of care with my information.
But the only obligation that the carrier has is to maximize the shareholder
value.
Cybercare of personal information starts with the individual, unfortunately it's all downhill from there.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell