Commissaire a la protection of Canada de la vie privee du Canada
112, rue Kent Ottawa (Ontario) K1A1H3
Tel.:(613) 995-8210 Telec: (613) 947-6850 1-800-282-1376
Oct. 16 2002
Ms Philippa Lawson
Public Interest Advocacy Centre
1 Nicholas Street, Suite 1204
Ottawa, ON K1 N 7B7
Dear Ms Lawson:
This letter constitutes my report of findings with regard to the complaint you filed against the Loyalty Management Group Canada Inc. (Loyalty) under the Personal Information Protection and Electronic Documents Act (the Act). In your complaint received in my Office on October 18, 2001, you made reference to Principle 4.3 (Consent) of Schedule 1 to the Act and alleged that Loyalty, in conducting its AIR MILES Reward Program (AMRP), was not obtaining informed consent from individuals for the collection, use, or disclosure of personal information for secondary marketing purposes.
Specifically, you made three allegations of failure on Loyalty’s part: (1) failure to adequately bring to the attention of its AMRP members its practices of using and sharing members’ data with affiliates for secondary marketing purposes and the opportunity for members to opt out of such practices; (2) failure to provide full and clear information as to potential secondary uses and sharing of members’ data; and (3) failure to provide members with an opting-out method that can be executed immediately, easily, and at minimal effort and cost.
I have determined, first of all, that the subject matter of your complaint does fall within my jurisdiction under the Act. As of January 1, 2001, the Act applies not only to any federal work, undertaking, or business, but also to any company that discloses personal information across borders for consideration. Upon making the determination that Loyalty is a company of the latter type, I was required under section 12 of the Act to accept and investigate your complaint.
I have also determined from the facts of the case that the information at issue is personal information for purposes of the Act. Section 2 of the Act defines personal information to be ”.. .information about an identifiable individual…”. It is clear from the wording of your complaint that your concern is information about Loyalty’s AMRP members as identifiable individuals.
Before I provide you with my other findings, let me first outline the facts obtained in the course of my Office’s investigation.
You have filed similar complaints against several organizations, one of which is Loyalty. For all of these complaints, you have formulated a general position, in support of which you have submitted a market research survey conducted by EKOS Research Associates Inc. I summarize your position as follows:
- It is always appropriate to ensure the individual’s knowledge and consent in respect of secondary marketing purposes.
- There is a clear difference, however, between marketers and the marketed on the issue of what form of consent is appropriate – that is, express consent versus implied consent.
- Companies often appear to take the view that a customer’s consent to secondary marketing can be taken as implied provided that the policy in question is stated in some document that is accessible to the customer. However, companies have an obligation not merely to state purposes in a policy document, but also to bring to the attention of the individual customer the practices in question and the negative option attached.
- Companies commonly fall short of meeting this obligation in several ways:
- reliance on a document not provided to the individual customer, but rather left up to the customer to find on his or her own initiative;
- reliance on fine print buried in a long document;
- failure to use clear, plain language understandable to the ordinary consumer;
- failure to provide customers with adequately detailed information about the extent and purpose of contemplated uses and sharing of their personal information; and
- failure to provide an easily executable opting-out procedure.
- The EKOS marketing survey shows a preference for opt-in versus opt-out consent among a clear majority of respondents. Opt-out consent is considered acceptable only under conditions where the opting-out provision is brought to the customer’s attention, is clearly worded and sufficiently detailed, and is easy to execute.
Loyalty, a wholly owned subsidiary of Alliance Data Systems Corporation of Dallas, Texas, itself comprises a number of divisions or affiliates, which are not separate corporate legal entities and which the company calls its “business units”. The AMRP is one of these business units. It is a frequent-buyer program that rewards members (“Collectors”) for loyal shopping by giving them “air miles’ for their purchases from more than 100 participating companies (“Sponsors”) at more than 12,000 retail locations across Canada. Through the AMRP, Loyalty aims at creating value for these Sponsors by enhancing loyalty among their existing customer relationships or by developing new customer relationships.
When a Collector shops at a Sponsor location and presents an AIR MILES card, the Sponsor records the following information:
- card number;
- basic transaction data, comprising date of transaction, name and address of store, dollar value of purchase, the number of reward miles earned;
- on occasion, the product category (e.g., gasoline) or the type of Collector by the type of card carried (95 percent of Collectors hold a blue card; 5 percent hold a gold card, signifying “best customers” who receive bonus opportunities and privileges).
The Sponsor transmits this basic contact information to Loyalty so that it can credit earned reward miles to the Collector’s account. Loyalty sends the Collector a summary of the account every quarter and invoices the Sponsor for the number of air miles credited to the Collector’s account.
Loyalty readily acknowledges that, in addition to these administrative exchanges of basic information, it uses (among its business units) and discloses (to Sponsors) information about its AMRP Collectors for marketing purposes. As far as disclosure of information to Sponsors is concerned, Loyalty maintains, and my Office’s investigation has confirmed, that the only personal information ever disclosed about any individual Collector consists solely of the following items: name, residential address, e-mail address (if applicable), card number, telephone number (if requested by the Sponsor), and collector type (i.e., according to whether the collector carries a regular blue card or a gold card signifying “best customer” status).
Loyalty provides this basic personal information in response to requests from Sponsors who wish to make offers to Collectors of a certain profile, according to broad search parameters. For example, a Sponsor may ask Loyalty to identify very active Collectors in Western Canada who have earned air miles from five or more different Sponsors over a specific period of time. Most of the time, Loyalty sends the information not directly to the requesting Sponsor, but rather in confidence to a production or mailing house that is under contract to either Loyalty or the Sponsor in question. By the terms of the contract, after preparing personalized direct-mailing packages and compiling a mailing list, the contractor then destroys the data files.
Loyalty’s disclosure of personal information to Sponsors is done under strict usage guidelines and agreements that have been in effect since the AMRP began in 1992. Sponsors are legally bound to treat as confidential the information disclosed to them. The agreements state that the list of Collectors is supplied for a one-time, direct mailing for a specified purpose, cannot be used for any follow-up telephone calls, further mailings, or other communications, and must be returned to the AMRP or destroyed by the Sponsor as agreed. Sponsors are not permitted to copy the information or otherwise retain records of it.
Loyalty does disclose other information about Collectors to Sponsors, but our investigation has confirmed that this is aggregate information that does not identify individuals. We have also confirmed that Loyalty’s AMRP database is not publicly accessible or directly accessible to Sponsors, that Loyalty neither collects from nor discloses to Sponsors information identifying specific items purchased, and that personal information pertaining to Collectors’ transactions with one Sponsor is never disclosed to any other Sponsor.
When an individual chooses to enrol in the AMRP, he or she gives consent to terms and conditions by signing an enrolment form, by word if speaking with a service centre representative or, if enrolment is online, by checking the appropriate box before submitting the form electronically.
Under the heading “Enrollment Terms and Conditions”, the forms display the following text:
/ agree to jbe bound by the Terms and Conditions of the AIR MILES Reward Program, and consent to the use of my personal information in accordance with the Privacy Pledge below.
This privacy pledge, which appears in relatively small print under the title, “Committed to Protecting your Privacy”, is a summary of Loyalty’s Privacy Commitment. Loyalty also publishes the pledge as a separate document, available as a handout or on the company website. I present the pledge in its entirety as follows:
The Loyalty Group, as creator and manager of the AIR MILES Reward Program in Canada, is committed to protecting the privacy of Personal Information obtained from Collectors and Sponsors. The Loyalty Group collects Personal Information for the following purposes:
- to administer the AIR MILES Reward Program, the AIR MILES For Business Program and AIR MILES INCENTIVES, including the management of Collector accounts, to accurately record and update reward mile balances;
- to process Collector redemptions, including the issuance of reward tickets and vouchers;
- to invoice Collector and Sponsor accounts, as appropriate;
- to communicate information and offers to Collectors, Sponsors, and Suppliers;
- to understand and analyze Collectors’ responses, needs and preferences;
- to develop, enhance, market and/or provide products and services to meet those needs; and
- to enable Collectors to participate in promotions and contests.
The Loyalty Group will use this information from time to time to promote additional products, services, Rewards, and special offers from the AIR MILES Reward Program and/or its Sponsors. Collector information is processed and stored in secure and confidential databases in Toronto, Ontario and Dallas, Texas. The Loyalty Group does not give, rent or sell Collector lists from the AIR MILES Reward Program to any organization or individual other than business units of the Loyalty Group, Sponsors and companies contracted to process and manage Collector transactions, redemption requests and communications. The Loyalty Group protects the privacy of Collectors when promoting products and services. If you do not wish to receive marketing or promotional communications other than AIR MILES Summaries, simply inform us in writing to: AIR MILES Customer Service, P.O. Box 602, Station A, Scarborough, Ontario M1K 5K7, or by e-mail to privacyoffice@airmiles. ca. Your ability to collect or redeem AIR MILES reward miles will not be affected. For complete details see our Privacy Commitment at www.airmiles.ca.
It should be noted here that the pledge does not name or otherwise define “business units of the Loyalty Group”. Nor, curiously, does it mention two points that I suspect many prospective members would be relieved to learn: (1) that Loyalty limits its disclosure of information to the items that I have listed above and does not identify specific purchases; and (2) that Loyalty does not disclose Collectors’ transaction information between Sponsors.
Although the pledge clearly indicates that the Collector may withdraw consent to receiving marketing or promotional communications, it only provides for doing so in writing or by e-mail. It does not provide for an immediate, easy, and inexpensive means of opting-out, such as a 1-800 number, for Collectors without internet access. Loyalty has offered the explanation that, for any change Collectors may wish to make to their accounts, the company prefers to have indisputable proof in writing. Loyalty also points out that, in cases where any Collector refuses to provide a written request, the company will accept the request verbally via a toll-free call to its service centre, although this option is not promoted or advertised.
The wording of the privacy pledge on hard-copy forms is identical to that on online forms. However, the script that Loyalty provides to its sales representatives who take applications verbally, usually over the telephone is different. Although this script does instruct the representatives to state purposes for information collection more or less as they are stated on the application forms, it contains none of the other privacy-related information that appears on the forms. For example, it does not make clear that Loyalty gives Collector information only to its own business units, Sponsors, and contractors. Most significantly, it makes no reference to any possibility of withdrawing consent to any of the stated purposes. The wording suggests that the applicant has no option in that regard:
Without this [personal] information and permission to use it for the purposes stated, I will be unable to process the enrollment. Thank-you for calling AIR MILES.
On the basis of these facts, I am required to determine whether Loyalty is in compliance with Principles 4.3 and 4.3.2 of Schedule 1 to the Act. In this case, where the central issue is consent, I am also obliged to take due account of Principle 4.3.5 in my deliberations.
Principle 4.3 states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Principle 4.3.2 stresses that knowledge is required as well as consent and states that organizations must make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used; it further stipulates that, for consent to be meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed. Principle 4.3.5 states that, in obtaining consent, the reasonable expectations of the individual are relevant.
Though not specifically at issue in your complaint against Loyalty, two other provisions of the Act have guided me in my deliberations regarding the general position that you have expressed. These are Principle 4.2.3, which states in part that the identified purposes should be specified at or before the time of collection to the individual from whom the personal information is collected, and Principle 4.3.1, which states in part that an organization will typically seek consent for the use or disclosure of the information at the time of collection.
I will begin by stating that I consider your expectations regarding consent, as you have expressed them in your submission, to be entirely reasonable and in keeping with the Act. First and foremost, I note that Principles 4.2.3 and 4.3.1 clearly support your expectation that an organization should not merely make policy documents generally available, but should actually bring to the attention of the individual at the time of collection its purposes in respect of collecting, using, and disclosing personal information. Since personal information is most often collected during an application or subscription process, it follows that organizations should take reasonable steps to inform individuals directly of purposes, either in writing or by word of mouth, at the time the individual applies or subscribes for a product, service, or program. Furthermore, Principle 4.3.2 clearly supports the expectation that consent be based on purposes stated in clear, plain language understandable to the ordinary consumer and in adequate detail for the consumer to appreciate the nature and extent of the collections, uses, and disclosures contemplated.
I am also in agreement that, where consent regarding personal information is to be sought, it is entirely reasonable for the individual to expect not to have to read fine print or search for information in a document that is not immediately at hand. Finally, where consent to optional secondary purposes is presented as a condition for supply of the primary product or service, I consider it only reasonable for the individual to expect to be provided with a convenient and well-advertised opting-out procedure that can be executed easily, immediately, and inexpensively.
The question now is, does Loyalty meet these reasonable expectations?
As I have suggested above, in considering this question my focus of concern has to be the information that Loyalty actually provides to individual subscribers at the time they subscribe to the AMRP. I am favourably impressed with Loyalty’s privacy-related communications effort in general and have only minor quibbles with its “Privacy Commitment” document in particular. The fact remains that the only means whereby Loyalty endeavours to inform individuals of purposes during the actual subscription process are the privacy pledge that appears in both the hard-copy and the online application forms and the script that Loyalty representatives use in taking applications by telephone. It is to the pledge and only to the pledge that Loyalty makes explicit reference in obtaining consent to terms and conditions via its application forms.
Let me say, first of all, that, as far as the purpose statements themselves are concerned. Loyalty has in my view done a very reasonable job. These statements, which are included in the telephone script as well as in the pledge that appears on application forms, strike me as being quite clear and understandable. I note in particular that one of the stated purposes reads as follows: “To communicate information and offers to Collectors, Sponsors, and Suppliers.” It is my view that an ordinary consumer, provided that he or she takes the trouble to read this statement before signing on the dotted line, will have little trouble understanding it and thus will hardly be surprised in due course to receive communications in the line of direct marketing.
I am also pleased to note that Loyalty does go on to advertise with reasonable clarity, on its written application forms, the opportunity for individuals to opt-out of receiving marketing communications. Provided only that the advertised means of opting-out be extended to include a toll-free number or a check-off box on application forms, I am inclined to give high marks to Loyalty for meeting the reasonable expectations of individuals in this regard.
As for the written privacy pledge itself, in my presentation of the facts I have already suggested certain areas in which it could be improved towards better meeting the expectations of the individual – in general by clarifying the limited nature of the personal information collected, used, and disclosed and by better defining the limits of intended disclosures. As a consumer myself, I would also expect to see larger print in such a text to be used in making an important decision about one’s personal information. Still, despite these shortcomings, the pledge, too, warrants a passing grade.
I have found that Loyalty has on the whole made a reasonable effort at informing customers of the secondary purposes of marketing in accordance with Principle 4.3.2. However, I do have one concern in this regard. Despite the merits of the pledge and Loyalty’s communications efforts in general, individuals who apply for membership in the AMRP by telephone do not receive the same information as those who apply in writing or electronically. The script used by Loyalty’s representatives is not as clear or informative as Loyalty’s applications forms. The script does not indicate that marketing purposes are optional and that consent to such purposes may be withdrawn. The script leaves one with the impression that the individual must either put up with marketing or not be a part of the program.
In sum, with the exception of telephone applications, I am satisfied that the communications materials as well as the process of obtaining consent, constitute a reasonable effort to ensure that the individual is advised of the secondary purposes for which personal information will be disclosed. This serves as a valid basis for knowledge and consent. However, I have determined that the problematic telephone script and the lack of a toll-free number to withdraw consent, do not satisfy the requirements of Principles 4.3, 4.3.2 and 4.3.5 of Schedule 1 to the Act.
Accordingly, I conclude that your complaint against Loyalty is well-founded.
I am recommending that Loyalty include on AMRP application forms a check-off box for those who wish to withdraw consent to marketing or Loyalty should provide a toll-free number for the same purpose.
I am recommending that Loyalty revise its communications materials, notably the texts used in obtaining consent during the AMRP application process and including the telephone script, where necessary to ensure clarity and consistency in the following respects:
- specifying the items or types of personal information it collects, uses and discloses for marketing purposes;
- defining its disclosure activities (e.g., that personal information is not disclosed between Sponsors and that specific purchases are not disclosed); and
- advertising the opportunity for program members to withdraw consent to marketing purposes and the method of doing so.
Now that you have my report, I must inform you that, pursuant to section 14 of the Act, you have the legal right to apply to the Federal Court, Trial Division, for a hearing in respect of any matter that you complained about or that I have dealt with in my report, and that is referred to in clause 4.1.3, 4.2, 4.3.3, 4.4, 4.6, 4.7 or 4.8 of Schedule 1, in clause 4.3, 4.5 or 4.9 of the Schedule as modified or clarified by the Act, in subsection 5(3), or 8(6) or (7) or in section 10.
Should you wish to proceed to the Court, we suggest you contact the Trial Division of the Court office nearest you. It is located at the Supreme Court Building, Kent & Wellington, Ottawa, ON K1A OH9, telephone (613) 992-4238. Normally, an application must be made within 45 days of the date of this letter.
You should also be aware that the Court has discretion to order that the costs of the other party be paid by you where the Court is of the view that this is appropriate. While this does not happen often, it is a possibility of which you should be aware. Conversely, the Court may order that your costs be paid where the Court finds that your application raises an important new principle.
This concludes the investigation of your complaint. If you have any questions or comments about the disposition of the complaint, I would invite you to contact Mr. Gerald Neary, Director General of Investigations, at 1-800-282-1376.
George Radwanski Privacy Commissioner of Canada