How should we confirm someone’s identity before providing them access to their personal information?

March 6, 2020

You must take reasonable steps to verify a requester’s identity before releasing personal information to them.

In some cases, you may already be satisfied that the requester is who they claim to be – for example, because you currently provide services to them. If so, no additional steps may be required.

If you do need to take additional steps to verify a requester’s identity, you can do so in different ways. For example, you may ask them to sign a form confirming their identity, or produce a piece of identification, such as a driver’s license. It is a best practice to document the steps you take to verify identity.

Learn more in our guide to providing access to personal information under the CYFSA

Help us improve our website. Was this page helpful?

Yes

How did this page help you?

The information is incorrect or needs to be updated.

The information was too hard to understand.

The information wasn’t relevant.

I didn’t find what I was looking for.

Other

Note:

You will not receive a direct reply. For further enquiries, please contact us at @email
Do not include any personal information, such as your name, social insurance number (SIN), home or business address, any case or files numbers or any personal health information.
For more information about this tool, please see our Privacy Policy.