Rogers Communications may be violating privacy regulations in its approach to tracking requests for customer information, law and digital economy expert Michael Geist says a in a blog posting.
Rogers yesterday became one of the first telecoms in Canada to issue a transparency report detailing government requests for their customers’ data.
But as HuffPost Canada reported, the company did not state how often it actually hands over subscriber information. The company says it doesn't keep track of this data.
That, Geist says, “raises privacy compliance concerns.”
The University of Ottawa professor points to privacy regulations stating that telecom subscribers “shall be informed of the existence, use, and disclosure” of their personal information, upon request.
In its transparency report, Rogers revealed it had received nearly 175,000 requests for subscriber information last year, or about 480 every day. Some 100,000 of them were warrantless, which is allowed under PIPEDA, Canada’s principal law on digital privacy.
“If we consider an order to be too broad, we push back and, if necessary, go to court to oppose the request,” Rogers said. But it did not reveal how often this happened, or how often it complied with the requests.
“We don’t keep track of it. Our tracking to date has really been for internal management purposes, not for creating a transparency report,” Rogers’ senior VP for regulatory affairs told the Toronto Star.
Geist describes that as a "shocking admission," and says it's "hard to believe" Rogers would only keep track of requests, and not compliance. But he speculates Rogers may be keeping track of in-bound requests for the purposes of billing law enforcement. He doubted the company wouldn’t keep track of its legal challenges to requests.
UPDATE: Here is Rogers' response to Geist's allegations:
We log the outcome of each request buàt we did not track it in aggregate for 2013. We are working on tracking and providing more details going forward.
We fully comply with privacy law. We can find out if an individual customer's information was disclosed to the police by searching our records. However, we comply with PIPEDA, which says we cannot tell an individual customer if their information was disclosed to the police if the police object.
TekSavvy, an Ontario internet provider, also released a transparency report this week, but its report did break down how often requests are honoured. TekSavvy turned down some two-thirds of the 52 government requests for subscriber data it received in 2012 and 2013.
Telus told the National Post it plans to release a transparency report this summer. Bell Canada does not appear to have committed to a report in comments made to various news sources.
Bell is alleged in government documents provided to NDP MP Charmaine Borg to have built a database of subscriber information for law enforcement.