The Social Insurance Number Code of Practice Annex 7 - Private sector dos and don'ts: Requesting, collecting, using and storing the SIN

Do’s

  • Get your customer's consent before collecting, using or disclosing any personal information, including their Social Insurance Number (SIN).
  • Give customers an alternative to providing their SIN (such as a credit card) in a transaction where a credit check is necessary.
  • Inform clients what type of personal information you are collecting, why it is being collected and for what purposes your business will use it.
  • Keep sensitive information in a secure area or an encrypted computer system and limit access to individuals on a “need-to-know” basis only.
  • Shred all paper records and fully erase/remove any electronic records containing personal information, including the SIN, before disposal or sale of electronic equipment.
  • Designate an individual in your organization or business to be responsible for all privacy issues. Give this person senior management support and the authority to intervene on privacy issues relating to any of your organization's operations.
  • Train all employees on privacy policies and keep them informed so they can respond to ongoing questions and concerns from clients. Post this information on your website.

Don’ts

  • Don't use clients' personal information, including the SIN, for any purpose other than the one for which you were given permission.
  • Don't use the SIN as a client identification number or as a means of identification in ordinary commercial transactions.
  • Don't collect personal information, including the SIN, unless it is needed to conduct your business.
  • Never ask for a customer's personal information, especially the SIN, via e-mail. Don't make clients' personal information available on the Internet.
  • Don't sell or provide the personal information of clients to third-party organizations or businesses without your customers' consent.
  • Never disclose a person's SIN to anyone unless you know that the person requesting it is legally entitled to that information (for example, a legal requirement).
  • Never deny a customer service or a product on the basis of them refusing to provide their SIN unless the SIN is legally required for the product (e.g. registered income product).
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: