Introduction
This is our third annual report on the requests for information about our customers we received from government and law enforcement agencies in the previous year. We are committed to protecting our customers’ privacy and fulfilling our obligation as a good corporate citizen to follow the law and contribute to public safety. That’s why we only disclose their information when required by law – we believe the legal structure created by Parliament and provincial legislatures and interpreted by the courts is the best guide we have to maintain this important balance.
Last year Innovation, Science and Economic Development Canada released voluntary Transparency Reporting Guidelines to help private sector organizations like Rogers maintain the balance between openness and ensuring public safety. We think this is a good step. We have added new categories related to voluntary disclosure for this year as suggested by the Transparency Reporting Guidelines.
There are two other notable changes in our report this year. For the first time we have broken out the number of times we disclosed information or refused/provided no information for each type of request, and we are providing the disclosure rate for “Tower Dump” requests (more on that soon). It should also be noted that while legal and policy changes impact the number of requests we receive, in large part the fluctuation in annual numbers is due to external factors outside of our control. It comes down to the number of investigations government and law enforcement agencies need to conduct.
We take active steps to safeguard our customers’ information and defend their privacy rights. As we mentioned in last year’s report, we now require a Court Order/Warrant (or equivalent) to process customer name and address checks and child sexual exploitation assistance requests, unless there is an immediate risk as outlined in the Criminal Code. As a result, both of those categories are at zero for 2015, and those types of requests are now reflected under other categories.
A more recent example of fighting for our customers’ privacy rights is R. v. Rogers Communications, commonly known as the “Tower Dump” court case. Through this case we successfully fought a request that would have involved over 30,000 of our customers and which we felt was too broad. We have dedicated a section of this report to provide more details about these types of requests and how we have worked to narrow their scope and the impact on our customers.
We welcome your feedback and look forward to continuing to work with the government, industry partners, the privacy and law enforcement community, and our customers to improve Transparency Reporting in Canada.
Sincerely,
David Watt
Chief Privacy Officer
Protecting Our Customers’ Privacy Rights
COURT RULING ON “TOWER DUMP” REQUESTS
If we consider an order to be too broad, we push back and, if necessary, go to court to contest the request.
Some of the requests we get are not specific to a customer. The most common of these is law enforcement agencies asking for records from cell towers relating to the devices that connected to a tower at a certain time.
In one case, the original request would have involved over 30,000 Rogers customers, virtually all of whom would have had nothing to do with the investigation. We thought that crossed the line and was too broad and intrusive. We’re glad the court agreed and set ground rules for the scope of what law enforcement agencies are able to request and access.
“The choice is stark. There is an issue concerning the privacy rights of hundreds of thousands of Canadians…to my mind, the choice is clear. Rogers and Telus have standing to assert the privacy interests of their subscribers…”
REDUCING THE CUSTOMER IMPACT OF “TOWER DUMP” REQUESTS
In addition to contesting a specific request that we felt crossed the line, we have also taken steps to reduce the amount of customer information provided in these requests at the beginn
ing phase.
Beginning in mid-2015, where possible, we began providing only phone numbers without the corresponding customer names and addresses in response to these requests. When provided with a subsequently narrowed request, we provided the name and address info as required by law.
The R. v Rogers Communications court decision also provided guidance for law enforcement agencies to follow. We believe, and have already begun to notice, that the percentage of customers whose information is disclosed will continue to decline because of these new guidelines.
WHY ARE THESE REQUESTS DIFFERENT THAN OTHER LAW ENFORCEMENT REQUESTS?
There are two main differences:
- While these requests form a small proportion of the number of requests we get (less than 10%), each request could impact a large number of customers – hundreds or even thousands, depending on the parameters in the request.
- Other requests usually involve the police searching for records related to a specific person or people under investigation. These requests often involve police looking to identify a pattern or narrow down a search to aid their investigation. So while information for every customer that meets the search criteria is disclosed – as required by law – it’s likely that only a very small proportion of the customers, if any, are persons of interest.