On Wed, Dec 18, 2019, 11:16 AM Alvin Starr <[email protected]> wrote: > On 12/18/19 7:48 AM, Russell Reiter wrote: > > On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <[email protected]> > wrote: > >> On 12/17/19 2:27 PM, Russell Reiter via talk wrote: >> [snip] >> >> >> >>> | I wonder why, especially in this data stealing age, the practice is >>> not firmly >>> | against the law? >>> >>> Yes. And the boundaries clearly marked. >>> >> >> The problem is that its a matter of private law. The government would >> essentially fetter itself if it actually made it illegal for you to give >> out your SIN voluntarily. This might be the case in settlement if someone >> has sued you, won and now has the right to a full accounting of your income >> and assets. >> >> Enforcing laws is expensive and there is a threshold which is bounded by >> economy of scale. As a general matter of private law, caveat emptor (let >> the buyer beware) is the rule. >> >> Its kind of like the government is a national park with a grand canyon >> running through it. The can put up signs which say don't get too close to >> the edge or you may fall in but they can't really stop you from jumping off >> the edge. >> >> >> Its not that I was giving out my SIN voluntarily. It was a requirement of >> getting service from a telecom provider. >> Yes I could have refused to fill out the the application and walked out >> of the store. >> But then I would not have had the telecom service that I needed at the >> time. >> > > Yes you did volunteer the information when they asked for it. The law > presumed you have a choice in the matter. There are enough providers who > don't collect SIN numbers that you could have used one of them. You jumped > into the canyon by wanting services immediately. There is an old saw that > says decide in haste, repent at leisure. > > The law of contracts is offer and acceptance. Getting a cell phone > contract is not the same as applying for a loan. The business may do a > credit check and withdraw the offer if you don't meet a credit threshold, > but they don't need a SIN number to do that. However having the SIN it > makes it easier for them to get access to your funds through the court > system if you owe them a significant debt. > > Here is a bit of a thought experiment. > > Lets say I am interviewing to hire someone. > I ask the person for sexual favors to get the job. >
If you are a corporate employee that is grounds for sanction. You expose them to a lawsuit for sexual harassment. If you are a sole or small business proprietor, that's just plain creepy. If they say yes then they have accepted my offer and we have a contract. > This kind of agreement is not supported under contract law and the courts are enjoined to respect that fact and they cannot enforce it's terms. So its a lawful transaction and the person providing the favors has little > right to suffer buyers remorse following your logic. > As distasteful as the above example may be, it may still be legal. > > > Contracts are funny things. > > Clearly if you beat someone to force them to sign a contract, the > agreement is unenforceable. > If I gently say "Oh come on its a good deal" then likely the contract > would stand. > Where is the line between force and gentle coercion, then add into that a > power imbalance. > > > > >> So now the Telecom provider has my SIN. >> Are they free to use as they wish? >> > > No, they have a fiduciary duty to you to protect that sensitive > information. It was collected as a kind of trust article. > > The only fiduciary responsibility is to the shareholders. > Short of committing premeditated murder there is little that can pierce > the corporation other than doing something that deliberately dis-advantages > the shareholders. > > A corporation has a fiscal responsibility to shareholders, they have fiduciary obligations to all the person's they contract with. > > Could they use it as my client ID and paste it on the front the bills they >> send out to me? >> > > I think if they did that you could sue for injunctive relief, assuming > that they didn't reveal that was their contractual policy at the outset. It > would be on your copy of the contract if they did. > > It was an a bit of an extreme example but the point to be made is what are > the limits of the businesses use of that personal information. > > Yes there is always the remedy of legal action but that in general only > happens long after the damage is done. > > >> Part of my concern was that enough personal information for someone to >> completely steal my identity was provided to a call center in a third world >> country with little or no oversight. >> > > You don't have to live in a marginalized area of the world to suffer from > a lack of oversight in your own actions. Just saying ... > > I never actually said that I was hard done by or that I was taken > advantage of. > My point is that the personal information gleaned is being badly handled. > Just saying ... > > > How did that happen? You purchased the service from a brick and mortar > location, in Canada I presume. Accounting and financial data are different > than technical and service information. It would be highly unlikely that a > service technician or even a first tier collection representative would > have access to your complete data file. > > This was first tier support person who was asking for my SIN as a proof of > who I was. > The information he had included my address, account information, past > bills and my SIN. > The first questions were about my invoice/account and since I was on a > train I had not access to that information at which point I was asked for > my SIN. > The conversation stopped quickly at that point because there was no way I > was reading out my SIN in a crowded public location over a phone. > > This event occurred several(5-10) years after the initial purchase through > a bricks and mortar reseller. > > So if you believe that the first person you speak to on the phone at > Bell,Rogers et al does not have ALL your personal details on the screen in > front of them you are sadly mistaken. > I would hope, for billing and service inquiries, they would have all the personal information I provided to them. I wouldn't give my SIN to a phone provider tho. I don't ever remember giving it out to get a landline or cable service and the agents I use now never have asked me for a SIN in order start services. > > >> The carrier should have an obligation of care with my information. >> > But the only obligation that the carrier has is to maximize the >> shareholder value. >> > > Cybercare of personal information starts with the individual, > unfortunately it's all downhill from there. > > That is true and this was something like 30 years ago I was much more > naive then. > > The environment has changed in the intervening time. > When I was a child access to personal information was controlled by > physical access to paper and security was a matter of locks and keys. > The rules around information protection are woefully inadequate in today's > hyper connected environment. > > For example I later this morning will need to start looking at what of my > information LifeLabs has leaked. > As you say times have changed. I only recently found out, in the recent past, that they don't even issue replacement SIN cards anymore. > > -- > Alvin Starr || land: (647)478-6285 > Netvel Inc. || Cell: (416)[email protected] > || > > -- Russell >
--- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
