MBNA Mastercard (February 2004)

In February 2004, CIPPIC filed a complaint with the Privacy Commissioner on behalf of a consumer against MBNA Mastercard, pointing out that MBNA required its Mastercard applicants to consent to a virtually unlimited range of uses and disclosures of their personal credit and other information, far beyond what is necessary for the provision of credit card services. This was so despite previous findings of the Privacy Commissioner that such broad consent was inappropriate and contrary to law. In light of MBNA's blatant and continuing disregard for the law, including two previous Commissioners' findings, CIPPIC asked the Privacy Commissioner to take enforcement action against MBNA.

Rather than publicize the breach or take enforcement action, the Privacy Commissioner decided to negotiate with MBNA. In March, 2005, the Privacy Commissioner informed us that MBNA had completed a comprehensive review of the consent language used in its application form and Privacy Notice, in consultation with staff of the Privacy Commissioner's office. MBNA's revised application form and Privacy Notice, now in use, set out in detail the types of information collected, the sources from which they are collected, and the uses to which they are put. MBNA names its affiliates, sets out its secondary uses of personal information, and now provides an easy and immediate opt-out to the proposed secondary uses. Provision of SINs is now clearly optional. The Privacy Commissioner considers that MBNA has now met the expectations of her office.


CIPPIC's letter, Feb.20,2004