The British Columbia Information and Privacy Commissioner’s drivers license swiping case (from July 21st) nicely illustrates some points about justifying personal information collection under a necessity standard – a standard for collection common to both public and private sector Canadian data protection legislation.
The IPC’s most significant finding was that Vancouver’s “Wild Coyote Club” could not require patrons to consent to a drivers license swipe (or surrender a piece of ID) as a condition of service because the related collection of personal information went beyond what is “necessary to provide the product or service.” It affirmed that British Columbia PIPA requires that a mandatory collection be reasonably necessary rather than strictly necessary. It also articulated the following two-part test (emphasis added):
For personal information to be “necessary” for the purpose of s. 7(2) of PIPA, the purposes for the collection, use or disclosure must be integral to the provision of the product or service. In addition, the personal information must fulfill a significant role in enabling the organization to achieve that purpose.
The IPC said that these questions will be assessed in light of the sensitivity of the personal information being collected and whether there are less intrusive means of meeting a legitimate objective for collecting the information.
In one sense, the decision demonstrates that broad grounds of justification based on theories of human behavior are hard to argue. In this case, every patron whose license was swiped also had his or her picture taken. The picture was matched with the information from the license, so the club (and law enforcement) had access to picture-based index of all individuals in the establishment on any given night. The club and the other parties who participated in support of swiping argued that such a system would significantly reduce incidents of violence. Though their theory – that individuals would modify their behavior if they know they are identifiable – is logical, the respondent and intervenors did not present any evidence (either statistical or from social science) to show that their theory was true, or to at least show that swiping provided a significantly better violence deterrent than video surveillance alone. (The IPC addressed the club’s need to keep banned individuals from entering the club separately, and approved of the matching of identifying information other than drivers license numbers against like identifying information in a banned individuals database.)
In another sense, the decision illustrates that having a better record of an event will not ordinarily be sufficient to justify collecting personal information. One cannot dispute that a drivers license swipe creates a highly accurate record of (1) the fact that a patron presented a drivers license and (2) that the drivers license presented contained certain data in electronic form. So the scanning system in place at the club gave it a very accurate record of due diligence, but this wasn’t sufficient justification for the collection of identifying information itself. On this point, the IPC noted correctly that a drivers license swiping system only records the identification someone presents and does not ordinarily aid in authenticating the individual, which still must be done by a door person’s visual inspection of picture identification. The IPC acknowledged a swiping system protects against “passbacks” – a scheme which involves the use of the same identification piece by two different people – but said the club had presented no evidence to demonstrate that passbacks were a significant problem that it encountered in enforcing the terms of its liquor license.
David Fraser has covered the ID swiping issue very well. Click here for an index of his posts.