Some members of an online forum are upset the CRTC is posting personal information on its website along with participants' comments, potentially leaving them vulnerable to identity thieves and spammers.

The Canadian Radio-television and Telecommunications Commission doesn't automatically collect personal information from individuals but it does ask for names, addresses and phone numbers from people who submit comments online and by other means in the regulator's public proceedings.

Members of the online forum at DSLReports.com, a website devoted to consumer broadband information and news, became concerned particularly about the personal data published on the CRTC's website when individuals voiced their opinion about Bell Canada.

"What kind of worries me about all of this, is that people's real names, email addresses and phone numbers are in some of these comments … ripe to be harvested," oxymoron69 wrote. "Is this normal that they'd publicize the personal details and contact info of those who speak out against Bell?"

"I don't think it's very wise to publish lists and lists of information that can be accessed by telemarketers, identity thieves and so on," El Quintron wrote.

A CRTC spokeswoman declined to comment, referring instead to the site's privacy statement, which users must agree to before submitting comments.

The notice states that "all information that parties provide as part of this public process, except information granted confidentiality … becomes part of a publicly accessible file and will be posted on the commission's website. This information includes personal information, such as full name, email address, postal/street address, telephone and facsimile number(s), and any other personal information that parties provide."

Some online members were alarmed the CRTC follows the practice, particularly after it launched last fall its National Do Not Call list, which allows Canadians to add their phone numbers to a list telemarketers can no longer call at peril of fines up to $15,000.

In the CRTC's privacy notice, the regulator further stated that a general search of its website using a search engine won't show the information that was provided as part of a public proceeding. The comments are entered into "an unsearchable database dedicated to that specific public process" and that the database is accessible only from the web page of that particular public process.

"If it makes anyone feel better," someguy1 wrote on DSLReports.com, "this page doesn't get indexed by search engines. The robots file says disallow and the cache control header says private."

Another forum member recommended others do what he did, which was submit a comment using only his name and email address.

Privacy commissioner probed CRTC's online posting policy

Michael Geist, a law professor at the University of Ottawa who comments on technology, said it's necessary for the CRTC to collect the personal information to ensure the accountability and transparency of public proceedings, but "the issue is whether all of it should be disclosed online."

Valerie Lawton, a spokeswoman with the Office of the Privacy Commissioner of Canada, said in an email the office in recent years has investigated several complaints involving the CRTC and the online posting of personal information and included a short blurb on that issue in its 2005 annual report to Parliament.

At the request of a concerned citizen, the University of Ottawa's Canadian Internet Policy and Public Interest Clinic investigated the matter and wrote to the CRTC in January 2005, explaining how its policy is "inappropriately privacy invasive and possibly illegal and proposing an alternative, privacy-respectful approach."

But the CRTC defended its policy as appropriate in an April 2005 response, CIPPIC said on its website. The legal clinic then asked the Office of the Privacy Commissioner to investigate, prompting the CRTC to reconsider its position and investigate a variety of options to address the problem, CIPPIC said.

In fall 2005, CRTC staff proposed a number of procedures in order to protect the privacy of individuals responding to its public notices, CIPPIC said.

"Such procedures include standardizing warning notices, installing a program to protect personal information from major search engines, putting in place mechanisms to prevent email harvesting of personal information posted on the site, and possibly amending online forms," CIPPIC said.

CIPPIC said it was satisfied with the CRTC's response, but awaits a determination from the Privacy Commissioner with respect to the broader policy issue of posting personal information of citizens on government websites.

Lawton said the office is in talks with other government departments to develop guidelines for online posting of personal information.