When creating a privacy policy, ensure that all information is in one format and that the document is clear, accurate, and readily available.
A complaint was filed against Bell Sympatico (Bell) about their uses of Deep Packet Inspections (DPI). The complainant alleged that the DPI technology collects personal information from Bell’s customers without their consent during internet transmissions. Bell said that they used DPI for traffic-management purposes.
That is, DPI was used to track congestion problems on the internet which slowed down internet services. DPI was able to track: applications most used, usage patterns based on IP addresses, application usage patterns, malicious traffic, etc.
The complainant argued that there was not sufficient clarity and concision about Bell’s monitoring policies. For example, a link in Bell’s Terms and Services document to their Privacy Policy was dysfunctional. The information regarding traffic management practices was in three different areas on Bell’s website, none of which were under its “Privacy” link. It was held that Bell’s information regarding the collection of personal information was not readily available. It needed to be more understandable and integrated. It was recommended that Bell integrates all their policies and practices about traffic management into one format.
Also, it was recommended that they add another Policy FAQ on their website explaining the traffic management practices and the impact these practices have on customer’s privacy.
Source: PIPEDA Case Summary #2009-010 Report of Findings Assistant Commissioner recommends Bell Canada inform customers about Deep Packet Inspection.