[GTALUG] [OT] Phishing is no mirage...
Russell Reiter
rreiter91 at gmail.com
Wed Dec 18 07:48:02 EST 2019
On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk at gtalug.org> wrote:
> On 12/17/19 2:27 PM, Russell Reiter via talk wrote:
> [snip]
>
>
>
>> | I wonder why, especially in this data stealing age, the practice is not
>> firmly
>> | against the law?
>>
>> Yes. And the boundaries clearly marked.
>>
>
> The problem is that its a matter of private law. The government would
> essentially fetter itself if it actually made it illegal for you to give
> out your SIN voluntarily. This might be the case in settlement if someone
> has sued you, won and now has the right to a full accounting of your income
> and assets.
>
> Enforcing laws is expensive and there is a threshold which is bounded by
> economy of scale. As a general matter of private law, caveat emptor (let
> the buyer beware) is the rule.
>
> Its kind of like the government is a national park with a grand canyon
> running through it. The can put up signs which say don't get too close to
> the edge or you may fall in but they can't really stop you from jumping off
> the edge.
>
>
> Its not that I was giving out my SIN voluntarily. It was a requirement of
> getting service from a telecom provider.
> Yes I could have refused to fill out the the application and walked out of
> the store.
> But then I would not have had the telecom service that I needed at the
> time.
>
Yes you did volunteer the information when they asked for it. The law
presumed you have a choice in the matter. There are enough providers who
don't collect SIN numbers that you could have used one of them. You jumped
into the canyon by wanting services immediately. There is an old saw that
says decide in haste, repent at leisure.
The law of contracts is offer and acceptance. Getting a cell phone contract
is not the same as applying for a loan. The business may do a credit check
and withdraw the offer if you don't meet a credit threshold, but they don't
need a SIN number to do that. However having the SIN it makes it easier for
them to get access to your funds through the court system if you owe them a
significant debt.
>
> So now the Telecom provider has my SIN.
> Are they free to use as they wish?
>
No, they have a fiduciary duty to you to protect that sensitive
information. It was collected as a kind of trust article.
Could they use it as my client ID and paste it on the front the bills they
> send out to me?
>
I think if they did that you could sue for injunctive relief, assuming that
they didn't reveal that was their contractual policy at the outset. It
would be on your copy of the contract if they did.
>
> Part of my concern was that enough personal information for someone to
> completely steal my identity was provided to a call center in a third world
> country with little or no oversight.
>
You don't have to live in a marginalized area of the world to suffer from a
lack of oversight in your own actions. Just saying ...
>
How did that happen? You purchased the service from a brick and mortar
location, in Canada I presume. Accounting and financial data are different
than technical and service information. It would be highly unlikely that a
service technician or even a first tier collection representative would
have access to your complete data file.
>
> The carrier should have an obligation of care with my information.
>
But the only obligation that the carrier has is to maximize the shareholder
> value.
>
Cybercare of personal information starts with the individual, unfortunately
it's all downhill from there.
>
>
> --
> Alvin Starr || land: (647)478-6285
> Netvel Inc. || Cell: (416)806-0133alvin at netvel.net ||
>
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
--
Russell
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20191218/43498241/attachment.html>
More information about the talk
mailing list