INVESTIGATION P97-009

Complaints against the

INSURANCE CORPORATION OF BRITISH COLUMBIA

concerning the Customer Appeal Program survey and
the Customer Satisfaction survey

March 18, 1997

David H. Flaherty
Information and Privacy Commissioner
of British Columbia
4th floor, 1675 Douglas Street
Victoria, British Columbia V8V 1X4
tel. (250) 387-5629
fax. (250) 387-1696
Web site: http://www.oipc.bc.ca 

Table of Contents

Executive Summary

Part I: The complaints, the issues, the statutory mandate

A. Introduction

B. Description of the surveys

1. The Customer Satisfaction survey
2. The Customer Appeal Program survey

C. The Statutory mandate for surveys and research

Part II: Application of the Freedom of Information and Protection of Privacy Act

A. "Necessary for an operating program or activity"
1. The legislation
2. Necessary for an operating program or activity

B. Use and disclosure of personal information

1. The legislation
2. Use and disclosure for "consistent purposes"
3. How much personal information should be used or disclosed?
4. Inappropriate categories of personal information

C. Security of personal information

1. The legislation 2. The ICBC-Campbell Goodell Traynor contract

D. Other issues

1. Does selection for the survey imply that someone is a "troublemaker"?
2. Statutory authority for the survey: what the survey respondents should know
3. ICBC as a public body: the statutory monopoly and the private sector
4. Unlisted telephone numbers: "do not contact"

Part III: Summary of recommendations

Appendix 1: CSA Model Code for the Protection of Personal Information

EXECUTIVE SUMMARY

This Investigation Report is the result of the investigation of two privacy complaints against the Insurance Corporation of British Columbia (ICBC), one regarding the ICBC "Customer Appeal Program" survey, and one regarding the "Customer Satisfaction" survey, both conducted by Campbell Goodell Traynor of Vancouver. The two complainants objected to the disclosure of their personal information by ICBC to a contracted survey research company.

I have approached this investigation with the belief that some degree of contact is reasonable between public bodies and their clients and customers. This reflects my preference to act as a "privacy pragmatist" when investigating privacy complaints under the Freedom of Information and Protection of Privacy Act.

This Investigation Report deals directly with ICBC and its contractual relationship with Campbell Goodell Traynor. However, it offers guidance to all public bodies in their dealings with the private sector. ICBC is not the only public body that conducts surveys and research. There are numerous ministries and Crown corporations that conduct surveys of their clients. This Investigation Report is written with these public bodies in mind.

PART I: The complaints, the issues, the statutory mandate

A. INTRODUCTION

This Investigation Report is the result of the investigation of two privacy complaints against the Insurance Corporation of British Columbia (ICBC), one regarding the ICBC "Customer Appeal Program" survey, and one regarding the "Customer Satisfaction" survey, both conducted by Campbell Goodell Traynor of Vancouver. The two complainants objected to the disclosure of their personal information by ICBC to a contracted survey research company.

In my role as Information and Privacy Commissioner of British Columbia, I have decided to investigate and report on these privacy complaints by way of Part 4 of the Freedom of Information and Protection of Privacy Act (the FOIPP Act). This approach permits me to report on the investigation of the privacy complaints and dispose of the issues by this Investigation Report. Section 42(2)(e) is the statutory authority for the investigation of the complaints:

42(2) Without limiting subsection (1), the commissioner may investigate and attempt to resolve complaints that
...
(e) personal information has been collected, used or disclosed by a public body in contravention of Part 3.

The Office of the Information and Privacy Commissioner has received other complaints about ICBC's survey research program. I have reviewed the issues raised in those complaints in this Investigation Report and have responded to them to ensure that all issues are considered.

To begin with, I recognize the sensitivity of the use of personal information by public bodies in survey research. Two recent academic articles provide an insight into the public's privacy concerns about participating in surveys:

People are more likely to comply with a request if it comes from a properly constituted authority...someone who is sanctioned by the society to make such requests and to expect compliance.
...
The perception of legitimate authority may reduce the impact of the right to privacy in the survey participation decision. In making a decision about survey participation, each sample person must balance a personal right to privacy against the benefits of providing the desired information to the requesting source. A testable implication is that information will be construed as less private as the perceived legitimacy of the survey source to have and use it grows.[1]

Another article comments on the public's concern over the secondary uses of personal information, such as for opinion surveys:

...in general, individuals are less likely to perceive information practices as privacy-invasive when (1) information is collected in the context of an existing relationship; (2) they perceive that they have the ability to control future use of the information; (3) the information collected or used is relevant to the transaction; and (4) they believe the information will be used to draw reliable and valid inferences about them.[2]

These comments provide instructive guidance in the review of ICBC's survey research programs.

B. DESCRIPTION OF THE SURVEYS

1. The Customer Satisfaction survey

ICBC has provided the Office of the Information and Privacy Commissioner with a description of the Customer Satisfaction survey.

Campbell Goodell was hired by ICBC in January of 1994 on a contract basis for the purposes of performing ongoing claims customer service surveys. ICBC initiated these surveys for the purpose of being able to identify and be responsive to the concerns of the motoring public it serves. It was felt that the survey process would provide valuable information to assist ICBC in meeting its goal of providing a high level of customer service.


Initially, the consultant group started out completing 1200 surveys per month. Since that time the number of surveys per month has been increased to 1332. To complete this many surveys on a monthly basis ICBC must provide the consultants with at least 4 times as many customer contacts.


To assist the consultants in confirming that they are speaking with the correct customer about the right claim, certain information had to be supplied to the consultants. Accordingly, ICBC has been supplying the consultants with the following information:


a) Claim number
b) Claim type (bodily injury, accident benefits, collision, comprehensive or property damage)
c) Office location
d) Date of loss
e) Driver's name
f) Resident phone number of driver
g) Age of driver (from driver's database)
h) Sex of driver
i) Plate / policy number
j) Postal code
k) Reserve code (eg. 35A for injury / accident benefits or 11A for comprehensive)


Once this information is received by the consultants, they have the computer pick a random sample for each office and claim type. The actual interviewers have no control over what phone numbers they get nor in what order they get them. The interviewers only get the phone number, name, office location, claim type and date of loss on their screen when they make the call.


Once they have completed the required number of calls for that office, their computer will no longer give them numbers to call for that office. When all of the surveys are completed or when they run out of numbers to call, the results are tabulated and then sent to ICBC after removal of all information that could identify the customer (personal identifiers).

2. The Customer Appeal Program survey

In the Customer Appeal Program survey, the consultants were only provided with the names and telephone numbers of some 500 individuals who had used the Claims Review process. I understand that this was a one-time program rather than an on-going program, like the Customer Satisfaction survey.

According to ICBC,

Campbell Goodell Traynor has conducted the baseline survey, which consisted of contacting 500 customers who have appealed their claims liability decision through the current Claims Review process. The consultant group was provided with the names and telephone numbers of these 500 customers, but was given no other details of the customers' claims. The results of the survey were reported back to ICBC with all personal identifiers removed so that the comments of any of the individuals cannot be traced back to them, in the interest of confidentiality.

C. THE STATUTORY MANDATE FOR SURVEYS AND RESEARCH

This Investigation Report begins with a review of the statutory mandate for ICBC's surveys and research programs, as well as its authority to collect personal information when it sells automobile insurance policies. Sections 8 and 9 of the Insurance Corporation Act of British Columbia establish the powers of ICBC, including the power to conduct surveys and research programs in relation to insurance:

8. The corporation has the power and capacity to do all acts and things necessary or required for the purpose of carrying out its functions and powers and, without limiting the foregoing, the corporation may


(a) conduct surveys and research programs and obtain statistics for its purposes and to establish and administer any insurance plan;.... [italics added]


(b) enter into an agreement with, or retain agents or adjusters to solicit and receive applications for insurance, to collect premiums, adjust claims, and do other things on its behalf it considers necessary;

Section 8 establishes the statutory basis for the programs which are the subject of the privacy complaints. Section 8(b) enables ICBC to collect personal information about persons who apply for automobile insurance. By implication, section 8(a) permits the collection of additional information during the survey research process.

Section 9 of the Insurance Corporation Act establishes the right of ICBC to enter into contracts, including contracts with private sector companies, to conduct ICBC's survey and research programs. The FOIPP Act also contains provisions that are relevant: sections 26, 30, 32, 33 and 34 are reproduced and discussed below.

PART II: Application of the Freedom of Information and
Protection of Privacy Act

Part 3 of the Freedom of Information and Protection of Privacy Act is known as the "Code of Fair Information Practices." Part 3 establishes important guidelines for public bodies in the collection, use, disclosure and disposal of personal information. The investigation of every privacy complaint under the FOIPP Act focuses on whether a public body has followed the fair information practices in Part 3 (sections 26 to 34).

A. "NECESSARY FOR AN OPERATING PROGRAM OR ACTIVITY"

1. The legislation

Section 26 of the FOIPP Act governs the collection of personal information by public bodies in British Columbia:

26. No personal information may be collected by or for a public body unless

(a) the collection of that information is expressly authorized by or under an Act,
...
(c) that information relates directly to and is necessary for an operating program or activity of the public body.

2. Necessary for an operating program or activity

I have carefully reviewed the circumstances of the Customer Appeal Program and the Customer Satisfaction surveys and make the following findings. Section 26(c) of the FOIPP Act permits ICBC to collect personal information about insurance claimants, where that personal information "relates directly to and is necessary for an operating program or activity of the public body." Section 8(a) of the Insurance Corporation Act permits ICBC to "conduct surveys and research programs." This confirms that surveys are a legitimate "operating program or activity" of ICBC. If ICBC is to conduct surveys, then some amount of contact with its customers is necessary. Therefore, in my opinion, the surveys fall within the scope of section 26(c) of the FOIPP Act.

As discussed below, ICBC has provided a credible explanation of why the surveys are directly related to and "necessary" for the claims process and as expressly allowed by statute.

B. USE AND DISCLOSURE OF PERSONAL INFORMATION

1. The legislation

Sections 32, 33 and 34 govern the use and disclosure of personal information by public bodies. The relevant portions of these sections are:

32. A public body may use personal information only

(a) for the purpose for which that information was obtained or compiled, or for a use consistent with that purpose (see section 34),....


33. A public body may disclose personal information only


...
(c) for the purpose for which it was obtained or compiled or for a use consistent with that purpose (see section 34),


(d) for the purpose of complying with an...agreement made under an enactment of, British Columbia....


34(1) A use of personal information is consistent under section 32 or 33 with the purposes for which the information was obtained or compiled if the use


(a) has a reasonable and direct connection to that purpose, and


(b) is necessary for performing the statutory duties of, or for operating a legally authorized program of, the public body that uses or discloses the information.

For the purposes of Part II.B of this Investigation Report, the transfer of personal information from ICBC to Campbell Goodell Traynor is a "disclosure." See the discussion of "disclosure" versus "use" in Part II.B.3 below.

2. Use and disclosure for "consistent purposes"

An important issue is whether ICBC can use or disclose personal information for the Customer Appeal Program and the Customer Satisfaction surveys. Section 32(a) of the FOIPP Act permits ICBC to use personal information "only for the purpose for which that information was obtained." This means that ICBC can use personal information from the insurance claims program only to process insurance claims. However, section 32(a) also permits ICBC to use this personal information "for a use consistent with that purpose."

The definition of "consistent purpose" is found in section 34(1) of the FOIPP Act. I find that the use of personal information in the Customer Appeal Program and the Customer Satisfaction surveys is a "consistent purpose" because both conditions in section 34(1) have been met:

(a) The use of personal information from insurance claims files for the surveys has a "reasonable and direct connection to the original purpose for why the personal information was collected;" and,


(b) The use of personal information from insurance claims files for the surveys is "necessary for performing the statutory duties of, or for operating a legally authorized program" of ICBC.

ICBC has provided an explanation of why section 34(1) has been met in respect of "necessary for performing." In a letter dated January 26, 1996, ICBC officials wrote:

....ICBC is designing a new appeals process to make it more accessible and accountable to the public it serves. The necessity of the survey arises out of proper business prudence. It makes sense that to provide a process intended to better serve the clients of a company, the company should seek the clients' input. Simply making blind changes would not be nearly as effective. ICBC is finding itself operating in a more and more competitive environment. The perception held by customers of ICBC and our procedures and processes is extremely important to our continued existence and success in the marketplace.

Recommendation 1: If it has not already done so, ICBC should report this consistent purpose usage of personal information to the Minister responsible for maintaining a list of consistent purposes under section 34(2) of the FOIPP Act.

It is worth noting that the Customer Appeal Program and the Customer Satisfaction surveys may be "necessary" for the "surveys and research programs" permitted by section 8(a) of the Insurance Corporation Act.

3. How much personal information should be used or disclosed?

Now that the legitimacy of the collection of personal information for survey research by ICBC has been confirmed, how much personal information should ICBC disclose to Campbell Goodell Traynor to permit an effective claims survey program? The rule is that public bodies should disclose only the personal information that is necessary to complete a task, thus minimizing intrusions into the lives of its clients. ICBC officials have told the Office of the Information and Privacy Commissioner that the following categories of personal information are disclosed to Campbell Goodell Traynor under the contract (see above, Part I.B):

claim number; claim type; office location; date of loss; driver's name; residential telephone number of driver; age of driver; sex of driver; licence plate and insurance policy number; postal code; reserve code (for category of file)

In my opinion, most of these categories of information and personal information are necessary for an effective survey research program. At the very least, the interviewers must be able to identify a driver during telephone conversations. I understand that the interviewers are provided with names, telephone numbers, claim types, ICBC claim centres, and dates of the insurance claims. According to Campbell Goodell Traynor, the interviewers do not have access to the insurance claim numbers, vehicle licence plate numbers, and the insurance claimants' ages, gender, and KOL codes ("Kind of Loss" code: these codes relate to the claims type). The name of the driver may permit the survey researcher to verify that he or she has contacted the intended young or elderly driver in a household.

It would appear that these categories of personal information assist Campbell Goodell Traynor in processing and reporting the results of the claims survey. For example, results can be classified according to the age, sex, geographic location, type of insurance claim, location of the ICBC claims office, etc. The ability to break the survey results into categories leads to a much more detailed report to ICBC, even though the results cannot be linked to individual claimants.

In my opinion, the licence plate and insurance policy number of the claimant are not necessary for an effective survey research program. I therefore recommend the following:

Recommendation 2: ICBC should not provide Campbell Goodell Traynor with the licence plate and insurance policy number of claimants for the Customer Appeal Program and Customer Satisfaction surveys, nor any personal information that is not strictly necessary for the program..

The important point is that the claims survey results do not contain personal information that could identify individual respondents.. While a substantial amount of personal information must be disclosed to the survey research company in order to conduct the survey, the product of the survey contains no personal identifiers.

ICBC has noted the distinction between "use" and "disclosure" of personal information under the FOIPP Act:

It is ICBC's position that providing the personal information to Campbell Goodell Traynor is use, not disclosure. Section 35, which deals with disclosure for research or statistical purposes, seems to be applicable to cases where the research firm is doing the research not for the public body, but for some other reason. In this case, ICBC is doing its own research with `contracted employees.'

In my opinion, in the present relationship between ICBC and Campbell Goodell Traynor, the personal information used in the surveys is not used but disclosed by ICBC under the contractual relationship. Section 33(f) of the FOIPP Act recognizes that "disclosure" of personal information can occur even within a public body, let alone disclosure to an outside contractor:

33. A public body may disclose personal information only

...
(f) to an officer or employee of the public body or to a minister...if the information is necessary for the performance of the duties of...the officer, employee or minister....

Regardless of whether Campbell Goodell Traynor is an "employee" of ICBC under the contract (see the definition of "employee" in Schedule 1 of the FOIPP Act), the same minimization rules apply to the use, transfer and disclosure of personal information: use, transfer or disclose only what is necessary to get the job done, within the limits and guidelines of the FOIPP Act and the governing statutory authority.

4. Inappropriate categories of personal information

Certain categories of personal information are not strictly necessary for successful completion of the Customer Appeal Program and the Customer Satisfaction surveys. For example, ICBC does not and should not disclose insurance claimants' home addresses (other than the postal code as a general locator), or third-party personal information about claimants' relatives to Campbell Goodell Traynor.

Postal codes

I question the need to disclose the entire postal code for claimants. In some cases, the entire postal code may reveal the address of claimants who live in small towns. I therefore recommend the following:

Recommendation 3: ICBC should disclose only the first three digits of the postal code of all insurance claimants.

Recommendation 3 will allow Campbell Goodell Traynor to indicate the approximate geographic location of claimants for the survey, but will not permit pinpoint location of claimants.

Social Insurance Numbers

One of the complainants claimed that the survey researcher recited a list of his or her personal information over the telephone to confirm that the researcher had contacted the intended person. This is normal practice as I understand it. One of the categories of personal information allegedly disclosed was the person's Social Insurance Number (SIN).

ICBC has advised my office that this sensitive personal information was not and is not provided to Campbell Goodell Traynor for either survey. No independent verification of this allegation is available. The SIN would be an inappropriate category of personal information for the survey program.

Sample selection and disclosure of personal information

A specialist at Statistics Canada offered one suggestion to minimize the disclosure of personal information by ICBC to Campbell Goodell Traynor. It may be possible for Campbell Goodell Traynor to choose the required number of respondents from an ICBC-supplied master list, but without seeing the personal identifiers for all the respondents. Once it has chosen the required number, only then would ICBC disclose the matching personal identifiers so that Campbell Goodell Traynor could contact identifiable people.

ICBC has agreed to explore this option with Campbell Goodell Traynor to determine whether the additional operational and technical burdens would make it not feasible. For now, I understand that the practice is for Campbell Goodell Traynor to receive the entire data sample, then draw from the sample to achieve the monthly survey quota. Campbell Goodell Traynor then deletes the "over sample," meaning that it deletes the remaining unused personal information and keeps no record of it. In my opinion, this is a satisfactory practice, assuming that the unused personal information is disposed of securely.

C. SECURITY OF PERSONAL INFORMATION

1. The legislation

Section 30 of the Act requires public bodies to protect personal information:

30. The head of a public body must protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or disposal.

2. The ICBC-Campbell Goodell Traynor contract

Site visit to Campbell Goodell Traynor

During the investigation of the privacy complaints, I visited the offices of Campbell Goodell Traynor in Vancouver to see how it performs its obligations under the contract with ICBC. The intent of my visit was to determine whether adequate protections are in place for the security of personal information disclosed by ICBC to Campbell Goodell Traynor. These protections relate to the physical security of records, including restricted access to records and secure disposal of records after the completion of the survey. These protections also relate to personnel security, meaning the reliability of Campbell Goodell Traynor employees who have access to the ICBC-supplied personal information.

In my opinion, Campbell Goodell Traynor has taken reasonable and necessary steps to safeguard the security and privacy of the ICBC-supplied personal information. One notable exception was the storage of ICBC data diskettes in a relatively unsecure filing cabinet at Campbell Goodell Traynor. I understand that ICBC has retrieved these diskettes that contained personal information used in earlier surveys. There was no operational or administrative need to store these diskettes outside the custody of ICBC, and I understand that these diskettes now have been returned to ICBC.

In addition, the manager of ICBC's Data Security department conducted a site visit to ensure that Campbell Goodell Traynor is using adequate data security practices. ICBC has reported that Campbell Goodell Traynor is using adequate data security practices. I will continue to monitor data security practices to ensure that public bodies meet the standards set in section 30 of the Act.

The contract

The duty to ensure security of personal information is particularly important where a public body discloses the information to a contractor. I expect ICBC to ensure continuous security of its insurance clients' personal information by way of a written contract with Campbell Goodell Traynor. This has been done, as shown by paragraphs 6 and 7 of the contract between ICBC and Campbell Goodell Traynor, dated March 4, 1994:

6. Confidentiality


The Contractor covenants and agrees that the contractor shall not divulge, publish or otherwise reveal either directly or indirectly any knowledge, information or facts disclosed to the Contractor by reason of this Agreement. All information furnished to the Contractor by the Corporation is confidential, and as trade secrets of the Corporation shall remain the sole property of the Corporation and shall be held in confidence and safekeeping by the Contractor for the sole use of the parties and shall be returned to the Corporation forthwith upon termination of this Agreement. The Contractor shall also ensure that its employees comply with this provision.


7. Survival of covenants


The provisions of paragraphs 5 and 6 above shall survive the termination and expiration of this Agreement.

I conclude that the security obligation on the contractor is adequate for the purposes of the FOIPP Act. However, I am concerned that the contract does not expressly mention the FOIPP Act and its imposition of significant obligations on the contractor in respect of the security of personal information.

I recognize that the contract was signed shortly after the proclamation of the FOIPP Act, but contracts and agreements signed and/or in force today should contain express discussions of the parties' respective obligations under the FOIPP Act, particularly with respect to personal information. The phrase "trade secrets of the Corporation" reflects an inappropriate focus; the contract should expressly address the protection of personal information in the context of the FOIPP Act.

I acknowledge that paragraph 9 of the contract contains a standard recitation regarding the application of the "laws of British Columbia" to the contract. In my opinion, this is not sufficient for current or future contracts and agreements. Where public bodies have disclosed personal information to contractors, they should insist on a contractual right to inspect the records storage arrangements. All contracts should expressly discuss physical security and access to records issues. Where appropriate, contracts should require encryption of data, either for the entire database of personal information or for selected data fields that contain sensitive personal identifiers (e.g., the names of insurance claimants).

I therefore make the following recommendation:

Recommendation 4: All public bodies should incorporate the Freedom of Information and Protection of Privacy Act and its accompanying obligations for the protection of personal information in any contract with an outside body. ICBC should revise the ICBC-Campbell Goodell Traynor contract at the earliest possible date to cover such obligations.

The Government of British Columbia is now reviewing the issue of express inclusion of FOIPP Act provisions in contracts between public bodies and contractors. The Office of the Privacy Commissioner of Canada also has offered advice on the application of the federal Privacy Act to government contractors:

...we have insisted that government include in contracts with private sector companies the requirement that they must abide by the terms of the Privacy Act with respect to the control and confidentiality of any personal information that may be involved in their work.

Privacy codes for the private sector

The Canadian Standards Association (CSA) has produced a Model Code for the Protection of Personal Information in the Canadian private sector. I have carefully reviewed the CSA Model Code (March 1996) and encourage private sector contractors who work for public bodies to adopt the Model Code for all of their business activities.

The intent is to ensure that all personal information in the custody of contractors is given the same level of protection as that required for public bodies under the FOIPP Act. While the FOIPP Act does not extend to the private sector in British Columbia, it should govern private sector organizations when they perform work under contract with public bodies. The CSA Model Code completes the coverage by applying to all other work done by the private sector contractor outside the scope of the public body-contractor contract.

Appendix 1 to this Investigation Report includes the ten privacy principles from the CSA Model Code. Interested parties may contact the Canadian Standards Association for a copy of the entire Model Code.

D. OTHER ISSUES

1. Does selection for the survey imply that someone is a "trouble-maker"?

Some of those who complained about the selection of their names for the Customer Appeal Program survey fear that ICBC may label them as "trouble-makers" and possibly treat them differently if they have future claims against their insurance policies. If this were true, I would have serious concerns about inappropriate use and disclosure of personal information. However, ICBC has provided a reasonable response to the complainants' fears:

...I would like to address [the complainant's] fears about being labelled as a troublemaker and his concern about being treated differently by ICBC in future claims or applications for insurance. ...[T]he data/reporting received by ICBC from the surveying firm is general, in that ICBC does not know who said what, nor are we concerned with who said what. [The complainant] and any other individual who was involved in the survey process, will not be treated any differently because they participated in the survey nor because of any particular response they may have provided. I would like to point out, again, that the survey results are reported back to ICBC in a form with all individual identifiers removed. This eliminates any possible linkage between the comments and the individuals who made them. Additionally, no inference is drawn from the fact that [the complainant], or any other individual, made use of the Claims Review process.

In its letter of October 24, 1995, ICBC officials provided further information on the anonymous nature of the reporting of the survey results:

The purpose of the surveys is so ICBC can better serve the public interest by providing better customer service. As any identifiers are removed before results are provided to ICBC, no harm can befall any of the individuals that the information is about. ICBC opted to have the surveys performed by an outside firm to ensure no links can be made with specific individuals and their claims.

In my opinion, Campbell Goodell Traynor should be required to advise all claimants that their responses will be reported anonymously to ICBC. ICBC provided the Office of the Information and Privacy Commissioner with the statements that Campbell Goodell Traynor reads to claimants during telephone interviews. The opening statement and two of the "persuaders" are:

• I'm calling from Campbell Goodell Traynor Consultants, a Vancouver research firm. We are conducting a confidential survey today, to ask how you feel about the service you recently received from ICBC.
  
• Your answers will be kept strictly confidential.
  
• ICBC will use your responses to improve its service.
  

I note that none of the three statements expressly tells the claimants that their responses will be anonymized before being reported to ICBC. This omission may have caused the privacy complainants to fear being branded "trouble-makers" by ICBC (see the discussion above). I therefore recommend the following:

Recommendation 5: ICBC should require Campbell Goodell Traynor to tell all claimants that their responses to the telephone questionnaire will not be reported in identifiable form to ICBC, unless claimants provide their informed consent to Campbell Goodell Traynor to do so.

I find that the elimination of personal identifiers in the reporting process is satisfactory for the purposes of the FOIPP Act.. Therefore, there is no reason to believe that ICBC officials will become aware of the comments provided by individuals who participate in the Customer Appeal Program survey. It is important to advise all claimants of the anonymous nature of the survey results.

ICBC has highlighted the need to receive identifiable responses in connection with the Customer Satisfaction surveys which will assist ICBC in providing better customer service and properly address complaints that a claimant may report. This would only be done with the express and informed consent of the responding claimant.

The use of an outside contractor to perform the surveys is reasonable, as long as the security requirements for personal information in section 30 of the FOIPP Act are strictly followed.

I note that the results of the Customer Appeal Program survey may identify responses by groups of respondents. For example, Campbell Goodell Traynor may report the responses for respondents grouped by geographic location, age, gender, or type of insurance claim. In my opinion, this group reporting feature does not detract from the anonymous nature of the survey report received by ICBC. It is a reasonable feature that indicates where trends and problems may exist, thus permitting corrective responses and improvements to programs.

2. Statutory authority for the survey: what the survey respondents should know

I have carefully reviewed the list of questions and statements that Campbell Goodell Traynor interviewers use during the telephone survey of claimants. Nothing in the list makes reference to the statutory authority for the collection, use, and disclosure of personal information in the survey. As well, the list does not mention that the Freedom of Information and Protection of Privacy Act and its requirements and obligations apply to the collection, use, and disclosure of this personal information.

In my opinion, this limited explanation to survey respondents is not adequate for work done by the private sector on behalf of public bodies in British Columbia. I therefore recommend the following:

Recommendation 6: Public bodies and/or contractors should tell all survey respondents that there is statutory authority in the Freedom of Information and Protection of Privacy Act and other relevant legislation (i.e., the Insurance Corporation Act) for the collection, use, reporting and disclosure of their personal information in surveys and research programs.

In 1986 Statistics Canada issued a policy memorandum to require more complete notification of survey respondents. Extracts from this memorandum provide helpful guidance to public bodies in British Columbia:

It is the policy of Statistics Canada to provide all respondents with information about the expected use of the statistics to be produced from the survey, the authority under which the survey is taken, confidentiality protection and any data-sharing agreements.
...
Respondents shall be informed of the following:

...
(a) The major intended uses of the data, including any subsequent follow-up surveys, are to be explained.
...

When the survey is voluntary, respondents shall be so informed that they may choose not to respond.[3]

In my opinion, public bodies and contracted survey researchers cannot be expected to deliver detailed explanations of the statutory authority for telephone surveys. The short duration of conversations for telephone surveys means that survey staff cannot reasonably expect participants to listen to and focus on potentially complex explanations of statutory authority. However, survey staff should have further explanations and details ready in case participants ask questions or want to know more about the survey.

Instead, public bodies should make every reasonable effort to provide their clients and customers with the earliest possible notice that they may be contacted for research purposes in the future. It is at this time that an explanation of the statutory authority for the survey research can be provided, likely in the documents and literature that clients and customers receive as part of their normal transactions with public bodies. This is also the ideal time for public bodies to offer clients and customers the chance to "opt-out" of future contact.

I understand that when Campbell Goodell Traynor contacts respondents for the ICBC telephone surveys, the respondents are not told that participation in the interview is voluntary. ICBC officials told me that a pilot project is underway where half the respondents will be told that participation is voluntary and that they may discontinue the call at any time during the interview. The other half will not be told that they may discontinue at any time. ICBC is conducting this project to determine whether participation rates fall significantly when respondents are expressly notified of their option to withdraw at any time during the telephone interviews.

Preliminary results indicate that where respondents are told that they may discontinue the survey at any time, a large increase in the number of discontinued calls took place. I therefore decline to recommend that ICBC and Campbell Goodell Traynor tell its respondents that they may discontinue the survey at any time.

I note that the Rules of Conduct and Good Practice (1994) of the Professional Marketing Research Society of Canada (PMRS) do not require PMRS members to notify survey respondents of the voluntary nature of surveys. Campbell Goodell Traynor is a member of the PMRS. However, Rule 2.3 states:

2.3 No procedure or technique shall be used in which the respondent is put in such a position that he or she cannot exercise the right to withdraw or refuse to answer at any stage during or after the interview. Any request of the respondent to terminate the interview must be granted and, if he or she so requests, any information already given must be deleted.

Campbell Goodell Traynor also is a member of the American Association for Public Opinion Research (AAPOR). The AAPOR's Code of Professional Ethics and Practices (March 1986) similarly does not require AAPOR members to notify survey respondents of the voluntary nature of surveys.

I therefore recommend that ICBC and its contractors tell all respondents of the voluntary nature of the surveys at the start of the interview. This would be in line with the recommendation of Statistics Canada (see above).

Recommendation 7: ICBC and Campbell Goodell Traynor should inform all survey respondents of the voluntary nature of their participation in surveys.

3. ICBC as a public body: the statutory monopoly and the private sector

The privacy complaints that gave rise to this Investigation Report raised the issue of whether ICBC should conduct survey research. I would like to make some observations on this issue.

ICBC provides vehicle insurance under a statutory monopoly for the first $200,000.00 of insurance coverage. For insurance coverage beyond that level, ICBC provides insurance in competition with private sector insurance corporations. ICBC is an unusual public body in that its corporate responsibilities place it closer to the private sector than to the traditional ministries of government. Regardless, ICBC is bound by the same rules under the FOIPP Act as other public bodies.

I recognize that ICBC must establish a different relationship with its insurance clients than do ministries and their clients. This means that ICBC's activities, including the Customer Appeal Program and the Customer Satisfaction surveys, may resemble what commonly occurs in the private sector. In my opinion, the reasonable person has come to expect that private sector service providers will contact their clients to determine levels of satisfaction with those services. Such is the case with ICBC.

The issue of whether ICBC, as a public body, should conduct survey research is a political question and not an information and privacy issue. The Insurance Corporation Act establishes ICBC's status as an insurance corporation, with functions similar to those of insurance corporations in the private sector. Section 6 of this Act states:

6. It is the function of the corporation and it has the power and capacity to

(a) subject to the approval of the Lieutenant Governor in Council, engage in and carry on, within and without the Province, the business of insurance and reinsurance in all its classes;


(b) subject to the approval of the Lieutenant Governor in Council, operate and administer plans of insurance, including automobile insurance, authorized under any other enactment;....

If complainants object to the participation of a public body in a statutorily authorized activity, their complaints would best be addressed to Members of the Legislative Assembly.

4. Unlisted telephone numbers: "do not contact"

All public bodies must acknowledge that members of the public have a right to privacy, including the right not to be disturbed at home, if these people have indicated their desire for solitude. One of the indicators of a desire for privacy is an unlisted telephone number. Another would be a person's express written or verbal statement not to be contacted. When a claimant conveys his or her "no contact" request, ICBC should remove that person's personal information before the survey data are disclosed to Campbell Goodell Traynor. I understand that ICBC's Research Services department has a list of individuals who do not wish to be contacted. Therefore, individuals wishing to do so can contact this department to be added to the list.

Another concern relates to unlisted telephone numbers. According to Statistics Canada, the exclusion of unlisted telephone numbers from a survey sample can skew the sample population, because those persons with unlisted telephone numbers are demographically different from the rest of the population. Thus exclusion risks introducing bias into the survey estimates. Despite this statistical concern, the need to protect privacy outweighs the degree of bias that might be introduced by the exclusion of unlisted telephone numbers from the survey. However, the degree of bias could be considerable if the percentage of unlisted telephone numbers in British Columbia begins to approach the over 40% level apparently found in some American cities (e.g., San Francisco).

One of the complainants objected to having been contacted by Campbell Goodell Traynor because his or her telephone number is unlisted. In my opinion, ICBC should make every reasonable effort to remove the names of insurance claimants who have given an indication that they do not wish to receive telephone calls. I therefore believe that ICBC should run prospective telephone numbers against a data set of listed telephone numbers; this will exclude (unlisted) telephone numbers that do not match the set of listed numbers.

One way to ensure that insurance claimants are not contacted against their wishes is to ask them to check an "opt-in" consent box when they begin the insurance claims process. If they do not check the box, then ICBC would not be permitted to contact them after they have completed the insurance claims process. I regret that this approach would not be feasible for the ICBC Customer Appeal Program survey. The validity of the claims survey could be adversely affected if a substantial portion of claimants declined to give their advance approval for the disclosure of their personal information for use in the survey program. Insurance claimants who are contacted by a survey research company always have the option of declining to participate in the survey.

I therefore recommend a balancing of interests:

Recommendation 8: ICBC should make every reasonable effort to inform all insured parties that, as customers of ICBC, they may be contacted by a survey research company. ICBC should provide written notice to all insured parties of this secondary use of their personal information. The written notice can be given to insured parties at the time they purchase or renew their insurance policies, and/or when they enter the insurance claim process.

Recommendation 8, together with the mechanism provided by the disposition list for opting out of survey participation, will ensure that those who wish to have no contact following completion of the process will not be disturbed by the survey program. At the same time, this approach will preserve the integrity of the Customer Appeal Program and Claims Satisfaction surveys by ensuring a reasonably complete database of personal information.

Recommendation 9: ICBC should provide insured parties with written notice of their right to "opt-out" of being contacted for customer survey research. The written notice can be given to insured parties at the time they purchase or renew their insurance policies, and/or when insured parties enter the insurance claim process.

_________________________________________________________________________

This Investigation Report concludes and closes the two privacy complaint investigations. I have found that the Customer Appeal Program and the Customer Satisfaction surveys fall within the guidelines of the FOIPP Act, subject to implementation of the nine recommendations.

I would like to acknowledge the contributions of Dr. Ann Cavoukian and Susan Anthistle of the Office of the Information and Privacy Commissioner of Ontario, T. Scott Murray of Statistics Canada, and Brian Foran of the Office of the Privacy Commissioner of Canada, to this Investigation Report.

David H. Flaherty
Information and Privacy Commissioner
Victoria, British Columbia
March 18, 1997

Investigation conducted by R. Kyle Friesen
Investigation Report written by R. Kyle Friesen and David H. Flaherty

PART III: SUMMARY OF RECOMMENDATIONS

Recommendation 1: if it has not already done so, ICBC should report this consistent purpose usage of personal information to the Minister responsible for maintaining a list of consistent purposes under section 34(2) of the FOIPP Act.

Recommendation 2: ICBC should not provide Campbell Goodell Traynor with the licence plate and insurance policy number of claimants for the Customer Appeal Program and the Customer Satisfaction surveys, nor any personal information that is not strictly necessary for the program.

Recommendation 3: ICBC should disclose only the first three digits of the postal code of all insurance claimants.

Recommendation 4: All public bodies should incorporate the Freedom of Information and Protection of Privacy Act and its accompanying obligations for the protection of personal information in any contract with an outside body. ICBC should revise the ICBC-Campbell Goodell Traynor contract at the earliest possible date to cover such obligations.

Recommendation 5: ICBC should require Campbell Goodell Traynor to tell all claimants that their responses to the telephone questionnaire will not be reported in identifiable form to ICBC, unless claimants provide their informed consent to Campbell Goodell Traynor to do so.

Recommendation 6: Public bodies and/or contractors should tell all survey respondents that there is statutory authority in the Freedom of Information and Protection of Privacy Act and other relevant legislation (i.e., the Insurance Corporation Act) for the collection, use, transfer, reporting and disclosure of their personal information in surveys and research programs.

Recommendation 7: ICBC and Campbell Goodell Traynor should inform all survey respondents of the voluntary nature of their participation in surveys.

Recommendation 8: ICBC should make every reasonable effort to inform all insured parties that, as customers of ICBC, they may be contacted by a survey research company. ICBC should provide written notice to all insured parties of this secondary use of their personal information. The written notice can be given to insured parties at the time they purchase or renew their insurance policies, and/or when they enter the insurance claim process.

Recommendation 9: ICBC should provide insured parties with written notice of their right to "opt-out" of being contacted for customer survey research. The written notice can be given to insured parties at the time they purchase or renew their insurance policies, and/or when insured parties enter the insurance claim process.

Appendix 1 These are the ten principles of the CSA Model Code for the Protection of Personal Information.. Private sector contractors should consider adopting these principles to govern their collection, use and disclosure of personal information for all activities outside the scope of contracts between public bodies and contractors. 1. Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles. 2. Identifying Purposes The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. 3. Consent The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. 4. Limiting Collection The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. 5. Limiting Use, Disclosure, and Retention Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes. 6. Accuracy Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. 7. Safeguards Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. 8 Openness An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information. 9. Individual Access Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. 10. Challenging Compliance An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.