In 2016, there was continued global discussion about disclosures of personal information to government organizations for law enforcement purposes. Accurate information about the nature and volume of personal information requests by law enforcement to private companies helps inform this ongoing discussion, and will shape our country’s privacy landscape. It is in that spirit that we provide our fourth annual transparency report, which provides insight into our approach responding to requests as well as the volume and types of requests we receive. We are proud of our record of openly sharing with our customers the details about how we respectfully handle and secure their data.
At TELUS, we respect our customers’ privacy and take great care to safeguard personal information. As part of our ongoing commitment to putting customers first, we have a long-standing policy of protecting privacy in all of our business operations. As a national telecommunications company, we routinely receive requests for information about our customers from law enforcement agencies and other government organizations. We are legally required to respond. This transparency reporting is intended to provide insight into our approach responding to these requests and data regarding the numbers and types of information requests we received in 2016. We report this data alongside 2015 and 2014 data for comparison purposes.
Industry Canada published voluntary Transparency Reporting Guidelines in 2015. TELUS’ transparency reporting practices were already consistent in approach, although there were some differences. We have historically provided more detailed breakdowns of the law enforcement requests we receive and in other areas, we provided less detail.
This year’s transparency reporting mirrors our previous formats, allowing us to provide trends year over year and also the greatest degree of granularity that we believe is helpful and informative.
The most notable variation in the data was between 2014 and 2015, when name and address requests went from more than 30,000 to zero. This was due to the 2014 R.v. Spencer decision of the Supreme Court of Canada, which clarified law enforcement agencies require a warrant to obtain the name and address information of our customers unless an individual’s life, health or security is at risk, or the information is readily available in a published telephone directory. The decision resulted in the complete elimination in 2015 of voluntary disclosures made in response to non-emergency requests without a warrant.
Similar to 2014 and 2015, the vast majority of the requests we received in 2016, were for information to help find or communicate with someone in an emergency. Calls from a local police detachment or 9-1-1 operator centre asking for help locating someone who is lost or suicidal are typical examples of this type of request. We provided information in response to 58,721 requests for information in an emergency last year, an average of 161 requests every day.
Consistent with our Customers First philosophy, TELUS will challenge information requests that go beyond what is lawful. For example, we will challenge any request or court order that we believe goes beyond what a judge is authorized to order under applicable legislation, such as the Criminal Code, and we will only release confidential customer information when we are satisfied it is appropriate to do so. When necessary we will take an issue to court and have done so in the past.
Approximate number of requests for customer information from government organizations in 2016 (33.4% decrease from 2014)
In 2016, we challenged or declined to provide information in response to an estimated eight per cent of the court orders we received because we thought the order was invalid or over-reaching. This compares with an estimated 15 per cent in 2015 — a seven per cent decline that we cannot attribute to any one factor; however, we do believe this variance can largely be attributed to the continuing increase in due care that law enforcement exercises in preparing their requests for records via court order. This demonstrates a positive outcome in the protection of customer privacy.
TELUS intends to continue advocating for our customers’ privacy, while responding to legal court orders as required. It is a fine balance, and we are pleased to present this transparency disclosure as part of the evolving dialogue on this matter of personal security.
Applicable law: Criminal Code of Canada.
Applicable law: The Mutual Legal Assistance in Criminal Matters Act.
Applicable law: Personal Information Protection and Electronic Documents Act (PIPEDA), CRTC rules with respect to customer confidentiality; see also applicable TELUS Service Terms and customer Privacy Commitment.
More than half of such requests (42,761 in 2016) came from 9-1-1 call centres seeking help locating a caller in distress. The remaining 5,443 requests came from local police or emergency service providers.
In these cases we only provide the information needed to respond to the emergency.
Applicable law: PIPEDA and CRTC rules with respect to customer confidentiality.
Since that court decision, TELUS collaborated with law enforcement agencies to establish a new process to expedite the sharing of this critical information through court orders where children are in danger, while abiding by the spirit and language of the Spencer decision.
TELUS has always required a court order to provide customer information associated with an IP address in other cases.
Applicable law: PIPEDA, Criminal Code of Canada
Applicable law: any federal or provincial legislation that authorizes a government body to request information from TELUS.
TELUS has a process for carefully assessing information requests received from law enforcement agencies and other government organizations:
TELUS keeps customer information only as long as necessary to comply with the law and to fulfill our business purposes. For example, TELUS retains copies of customer bills for approximately seven years to satisfy legal requirements such as taxation law.
TELUS’ telecommunications businesses are governed by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and by rules prescribed by the CRTC with respect to customer confidentiality.
This transparency reporting covers TELUS’ telecommunications businesses in Canada, including wireless, wireline and Internet.
Share this article