According to a report of findings released by the Office of the Privacy Commissioner of Canada (the "Federal Commissioner"), insurance companies can obtain personal credit information from credit reporting agencies and use it to assess risk and calculate insurance premiums. However, they must obtain meaningful consent and be open about their personal information practices.
The complainants' home insurance renewal premium increased considerably compared to the previous year's premium. When they looked into why, they discovered that the insurance company had asked for, and received, their personal credit information from a credit reporting agency. In a complaint to the Federal Commissioner, the complainants alleged that the practice of using a customer's credit information, obtained from a third party (like the credit reporting agency), was inappropriate, and that the insurer did not have their knowledge or consent to do so.
The Federal Commissioner applied the Personal Information Protection and Electronic Documents Act ("PIPEDA") in the analysis, and came to the conclusion that a reasonable person would consider the purpose of the collection and use of credit information in this circumstance to be appropriate. Ontario's Consumer Reporting Act allows the disclosure of individuals' credit information for the purpose of underwriting insurance, and assessing risk is an essential part of the insurance business model.
However, the Federal Commissioner noted the following two "lessons" to be learned:
- The insurance company did not obtain adequate consent to use the complainants' personal credit information. Under PIPEDA, "knowledge and consent" are required for the use of personal information. To obtain meaningful consent, the purposes for which the information will be used must be stated so that the individual can reasonably understand how the information will be used. In this case, the consent provision in the insurance application form was very general and the use of credit information to determine insurance premiums is not a familiar or expected use for customers. As such, an individual would not reasonably infer that their credit information would be used to determine insurance premiums.
- Under PIPEDA, organizations must be open about their practices with respect to the management of personal information, in a way that such information can be acquired without unreasonable effort and in a generally understandable form. The insurance company failed to be transparent and open as there was no explicit information available on its website about the use of credit information to determine insurance premiums.
The Federal Commissioner did note that credit information is not essential to assessing insurance risk, and that its use in this manner is not allowed in all provinces. The Federal Commissioner went on to say that the "long-term public policy impact" of this use of credit information is "unknown at this time" and that the Federal Commissioner's position on this matter "may evolve over time."
About BLGThe content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.