OTTAWA, Ont. - Between telemarketer calls, retailers' requests and government forms, it seems that barely a day goes by without some representative asking for bits of pieces of personal information fr...
OTTAWA, Ont. –Between telemarketer calls, retailers’ requests and government forms, it seems that barely a day goes by without some representative asking for bits of pieces of personal information from the general public.
Now consider a trucker, who faces background checks and requests to show identification on a daily basis. It should come as no surprise that truckers are more than a little concerned about how that information is being used.
And that concern, it would appear, is not misplaced.
The Office of the Privacy Commissioner of Canada (OPC) is charged with overseeing compliance with the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA),Canada’s private sector privacy law.
In June 2008, the Privacy Commissioner of Canada released a report on PIPEDA, stating that too many data breaches are occurring because companies have ignored some of the most basic steps to protect personal information.
“Many companies need to do more to prevent inexcusable security breaches,” said Privacy Commissioner of Canada, Jennifer Stoddart. “Too often, we see personal information compromised because a company has failed to implement elementary security measures such as using encryption on laptops.”
Interprovincial transport companies are covered by PIPEDA as well as by provincial laws. With respect to employment data, depending on your situation you will be governed by PIPEDA.
According to the OPC report, almost nine in 10 people whose data was compromised by a self-reported breach in 2007 were put at risk because their personal information was held in an electronic format that was either not secured or lacked adequate protection mechanisms such as firewalls and encryption.
Other breaches occurred because employees had not followed established company practices.
For the trucking community, with the increased security that surrounds border crossings and access to ports and yards, the need to reveal one’s personal information has always meant a certain vulnerability and reliance on the trust factor.
Some truckers have been left uneasy about information they are being asked for, calling into question what situations warrant what kinds of requests?
Trucker Shawn Nieforth contacted Truck West about his concerns with the increasing number of shippers that ask for a driver’s licence upon arrival at yards and then record the info.
While Nieforth said that it was already common to be asked for picture identification to confirm the photo matched the driver, upon a recent trip to a terminal in Etobicoke, Ont. he was asked by a security company for his driver’s licence and then the number was written down.
“There was no official form or notice they wrote it on, just a yellow notepad,” he told Truck West. “One night I refused to give it and they asked for my health card number.”
The incident was sparked, he said, by the fact that apparently there had been a truck and trailer stolen out of the yard.
“Through the week they were just writing plate numbers down but at night and on weekends they were asking for more. At first it seemed to be the one security guard doing this and then all of them were. There was a letter from the (third-party) security company asking them to get this information,” he recounted.
Nieforth went to his company to question why they didn’t have a company ID card, like some of the regular drivers delivering to the terminal, but was told it was a big deal to set up.
For Nieforth, the big issue was that his personal information was being handled so informally.
Truck West queried the shipper, which Nieforth identified as Nestle, and the yard property owner, CP Rail, about procedures required for security purposes.
CP Rail spokesman Mike LoVecchio said that while the company does not elaborate on its security processes,”Canadian Pacific has robust security measures in place, and I can confirm we take an integrated approach to security with our partners,” he told Truck West in an e-mail.
At press time, Nestle had not responded to queries regarding security procedures.
Are truckers, by nature of their employment, more subject to an abuse of their personal information?
Ariane Siegel, a partner with Gowlings Toronto, is a specialist in the field of data protection and privacy.
“I haven’t seen greater issues of misuse but there is heightened sensitivity around this area,” she said of the trucking industry.
“It’s the area where you have the most immediate use of new technologies,” Siegel noted, and “a resulting continual tension created between security needs and identification.”
Siegel said that companies are now spending a lot of time and effort on privacy compliance gathering.
“The trucking industry is very interesting because of the interaction between the employer and third-parties but there’s a continual push and pull in terms of what is personal info and what is reasonable use of it,” she said.
She noted that some of the earliest decisions in privacy law have focused on the transportation sector.
“Trucking companies need to be working very closely with the parties with whom shipments are being carried to make sure there is a continual interchange about what is appropriate, and what are the safeguards. A lot of the problems arising are in this context. Obviously truckers need to have been told in advance what to expect. Pre-clearance is a helpful step in dealing with identification,” said Siegel.
She cited a couple of cases that went through the OPC that have shed a lot of light on the privacy issues in the trucking sector, with regard to what was found to be reasonable.
In a 2003 case, two individuals (both truckers) complained when a railway company asked that all drivers entering and exiting its inter-modal terminal provide their driver’s licence numbers and fingerprints as part of its new driver identification system.
One of the truckers was also concerned that the company had not taken adequate measures to safeguard the personal information it collected under this program.
The Privacy Commissioner found that the company’s purposes for implementing the new system were appropriate since it: “allowed the company to better handle the large volume of trucks entering and exiting the terminal, minimized liability for damage to railway containers, and reduced the potential for vandalism and acts of terrorism to property and cargo.”
The Commissioner also determined that the railway had taken the appropriate steps to inform drivers of the new measures and to obtain their consent through a driver registration form and through encryption of the collected driver’s licence numbers, accessible only to approved railway personnel.
In a later 2006 case, at issue was the use of GPS technology and its effects on employee privacy.
Several employees of a telecommunications company complained to the OPC when they learned that their employer was installing GPS in their work vehicles. They believed that the company was improperly collecting their personal information, namely their daily movements while on the job, without their consent and without identifying the reasons for the collection of the information.
While the Assistant Privacy Commissioner cautioned organizations about “function creep” and the negative cumulative effects of various forms of technology on privacy, her ruling in this case accepted most of the company’s purposes for collecting and using personal information gathered by GPS and found that implied consent was present for these purposes.
The company, meanwhile, agreed to develop and communicate a policy on the utilization of the data and to train its managers on the appropriate use of GPS.
While the cases cited seem to weigh in heavily on the need for information- gathering in the workplace,
despite “function creep” and the “negative cumulative effects of technology on privacy,” in the face of these demands, which won’t go away, the best measure of protection would appear to be information and better communication.
According to Joanne Ritchie of the Owner-Operators’ Business Association of Canada (OBAC), it would appear that in some cases there is an increased need for dialogue or written communication between shippers and truckers about security requirements and expectations around the use of personal information.
“I have been getting calls in the last year (around this issue) but I don’t know if it’s on the increase,” she said.
“I’ve talked to drivers who have been in the business for a lot of years and it’s not unusual to be asked for ID such as a driver’s licence with photo. They want to make sure that they’re giving the load to the right person.”
Ritchie said that especially when there’s been double brokering, and you make your arrangements with “XYZ”company, and someone else is picking up the load, it’s understandable to exercise caution.
She has also heard of truckers being asked for their health card numbers “although I can’t see why it would be necessary unless it’s for the photo.”
Inconsistency from one shipper to the next, and often from the same shipper, around identification, is not uncommon.
“Our position on all these credentials is it would be nice to see the industry pick one and that be the platform for what ID needed to be shown,” she said.
“Also, if you have a regular customer and there’s security issues, it would seem that the carrier/shipper would have some sort of understanding or agreement in place.”
Stateside, according to Norita Taylor, of the Owner Operator Independent Drivers Association, questions about privacy rights are also increasing.
“We’ve had a complaint from a driver about a driver’s licence being put on a bill-of-lading to Mexico. The driver said he did not get a satisfactory answer from the company,” said Taylor, who added that some members have also been asked for social security numbers as identifiers.
OOIDA is participating in a trucking security program as a subcontractor with the HMS Company, chosen by the US Department of Homeland Security.
“This is more about what you’re watching for as homeland security,” said Taylor.
While this program wouldn’t directly address the release of personal information for the purpose of homeland security, that would certainly be something that could arise as an issue, noted Taylor in a phone call with Truck West, especially as in the interest of anti-terrorism, truckers can only expect security measures to get stricter.
In many cases and circumstances, such as deliveries during off-hours and such, truckers may feel that they cannot refuse a request for identification, however odd.
“Very few have gone back to the carrier and said this is what our customer is asking for and is this something that’s been agreed upon? I think at some point as an immediate fix that they should have a discussion with the carrier about how to handle this,” said Ritchie.
Carriers and shippers have a mutual role in helping employees understand how their privacy rights meld with the job requirements. It’s just a question of meeting in the middle with truckers, who could use a better handle on their rights in the context of the transportation sector.
“Shippers I have talked to have said we just want to verify that the person who is picking up the right load is the right person, in the case of a matching name, for third-party carriage. What kind of credential is appropriate to confirm that? The problem is not having to have credentials, it’s the issue of having to have many and not a consistent one that works for everybody,” said Ritchie. •