PIPEDA Case Summary #2009-017
An advocate for tenants’ rights complained that, without obtaining proper consent, an organization was collecting, using and disclosing sensitive personal information about tenants for various purposes. This personal information was disclosed to the organization’s paying members (i.e., landlords). It was available from the organization’s web site, and, at one point, a portion of it was available to anyone with access to the Internet.
The Assistant Commissioner found that since both the organization and the landlords were collecting, using or disclosing the information, they were both required to ensure that proper consent from the individuals was obtained for the purposes to which the information was being applied. As a third party, the organization must ensure that the information had been collected from tenants with their knowledge of and consent for the purposes explained at the time of the collection. The Assistant Commissioner also determined that, for the most part, the documents used by the organization and the landlords were not adequate to inform tenants or prospective tenants how their personal information would be used or disclosed; neither could these documents be considered a valid consent form for these purposes. Although the Assistant Commissioner made recommendations to the organization, we were unable to follow up on them because the organization is no longer active.
Read more about the investigation and findings here.
Source: Office of the Privacy Commissioner of Canada