The Privacy Commissioner of Canada has is suing Canad Inns over its practice of recording and storing the personal data of nightclub customers, reports the Winnipeg Sun. The issue of businesses gathering license data is gaining in prominence. In December, the Privacy Commissioner of Canada and the Information and Privacy Commissioners of Alberta and British Columbia released new guidance urging retailers not to limit the collection of driver’s license data. The commissioners revealed that all three have received many complaints about retailers requesting driver’s license information. Also of note, in July, the privacy commissioner released a survey of 1,000 Canadians that revealed, “[m]ore than half of Canadians say they are concerned about giving their personal information to retailers.”
The issue is also growing in the United States. In October, there were news reports that a California police chief “is asking for a local ordinance that requires motel and hotel operators to hand over their guest registries to his officers. If innkeepers fail to do so, at any hour of the day, they could be fined or jailed.” Guest registries include the home address, credit card number, vehicle license number and other private information about hotel guests. In 2007, there was an uproar in New Jersey when it was revealed that some bar, restaurant and retail organizations were scanning and downloading their patrons’ license data, often without the customers’ knowledge.
In the Canad Inns case, the Winnipeg Sun reports:
The privacy commissioner, a federal officer responsible for upholding Canada’s privacy laws, claims the Canad Corporation of Manitoba is violating the Personal Information Protection and Electronic Documents Act by capturing and storing a digital image of the driver’s licence [sic] or other ID of customers when they enter seven of the chain’s Manitoba nightclubs.
For more than a decade, the hotelier has required patrons to hand over their ID upon entry and had door staff place the card in a machine that takes a digital photo of the ID, which is stored for 31 days. Canad Inns claims in court documents the practice is meant to improve security by comparing patron’s names to a master banned list and deterring “undesirables” from showing up in the first place.
However, the privacy commissioner alleges the company is breaking the law by collecting too much information — including occasionally the signature featured on a driver’s licence — and keeping that information for too long. There are more effective and less privacy-invasive ways of verifying age and improving security, the commissioner said.