Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utcsri!utegc!utai!ubc-vision!ubc-cs!manis
From: manis@ubc-cs.UUCP
Newsgroups: can.general
Subject: Re: SIN's (was borrowed records)
Message-ID: <504@ubc-cs.UUCP>
Date: Mon, 24-Nov-86 11:49:24 EST
Article-I.D.: ubc-cs.504
Posted: Mon Nov 24 11:49:24 1986
Date-Received: Tue, 25-Nov-86 02:19:26 EST
References: <623@water.UUCP> <192@spectrix.UUCP> <497@ubc-cs.UUCP> <12211@watnot.UUCP>
Reply-To: manis@ubc-cs.UUCP (Vincent Manis)
Distribution: can
Organization: UBC Department of Computer Science
Lines: 33

I'm now more confused on this matter than I was last week. According to John
Grace (Canada's Privacy Commissioner), neither banks nor employers have the
right to obtain your SIN. On the other hand, he then said that where an
employer is acting on behalf of the government (in collecting UI payments
and presumably income tax) it will need the SIN. As an example, UBC (along
with many other employers) uses the SIN as an employee number.

Similarly, I have always been told that the requirement for a SIN when
opening a bank account is to allow the institution to send T4's regarding
interest income.  Perhaps this is untrue: perhaps the space in a T4 (or
similar slip) which is marked "SIN" need not be filled out. I don't know.

In any case, the SIN by itself doesn't really confer any great power on any
nasties. The mapping from SIN to identity is supposed to be greatly
controlled (and that's why the theft of Revenue Canada records is so
serious). Anybody who wants to do cross-matching without the SIN can do so
without any great problem. Names and addresses will give an incredibly high
accuracy, especially if one has fairly sophisticated matching algorithms
(using, e.g., phonetic codes on names). As Grace pointed out, the thing to
protect is not your SIN by itself, but the collection of information which
describes you. People who refuse to give their SINs seem to have no
compunction in giving out their names, addresses, and telephone numbers.

It's also worth noting that direct mail techniques have advanced to the
point that such things as SINs are old hat. A recent Globe & Mail article
described the direct mail techniques used in the last U.S. elections. One
company working for the Democratic Party had developed a "gay algorithm"
which allowed them to take a list of names and addresses and identify those
people who were likely to be gay (based presumably on such things as
location in a city and composition of the household), regardless as to
whether the people in question were openly gay. Now, even though I'm in
sympathy with the objectives in this case, I find this technique truly
frightening (what if the government were doing things like this)?