Computer matching is intrusive. Proceed with caution

Computer matching and data profiling are powerful tools for business and government to manage relationships with clients and stakeholders. However, the practice poses challenges if not implemented with care and due regard for a person’s privacy rights.

Computer matching is a technique where two or more databases are matched on the basis of personal identifiers (e.g., social insurance number, driver’s license number, name and address, etc.). Each database is usually compiled for purposes other than the matching activity. The results of the matching activity may be used, for example, to identify individuals who might come under investigation for abuse of government programs.

Data profiling, on the other hand, is a matching activity on one or more databases to identify target individuals based upon characteristics other than personal identifiers (e.g., individuals that have a certain demographic or consumer profile). The results of the profiling might be used to introduce the individuals to a product or service that might be of interest.

A highly-publicized example of computer matching activity was that undertaken by the federal government when they paired customs records of Canadian travellers with employment insurance (EI) records in an attempt to catch EI recipients that might be leaving the country.

Individuals who have left the country are presumably not looking for work and that would disqualify them from EI benefits.

The Privacy Commissioner of Canada took the government to court over this practice, and it has been discontinued while the case is under appeal.

As taxpayers, we should all be concerned about abuse of government programs. Abuse of these programmes costs citizens millions of dollars in taxes, but the ability to do this analysis does not mean that we should. Opting in favour of increased computer matching and data profiling would make Canada a surveillance society.

Computer matching in general is intrusive from many perspectives. First, many individuals, most of whom have not done anything wrong, are subjected to an unreasonable search. Computer matching and data profiling are also intrusive because the information is often collected for purposes other than that of the matching activity, and because the individual has not consented to this new use of the information.

Computer matching and data profiling can be made less intrusive by adhering to a few principles. Identify the matching activities early in the project and design and obtain the individual’s consent at the time the personal information is collected. If the matching activity is identified after the information is collected, consent is required for this new purpose.

Prepare a business case for the matching activity. Matching activities are more acceptable to the Canadians when the public benefits are substantial or where they support an important societal function such as certain law enforcement activities.

Verify the results of the matching activity before management actions are taken. In one American example, individuals that were identified in a computer matching activity were automatically disqualified from welfare benefits if they had bank accounts over a certain level. It turned out that many of these individuals continued to be eligible for welfare because the money was not theirs. For example, they may have been executors to an estate. Verifying the results of the matching activity would have revealed the error in the underlying assumptions.

Considering these factors will assist you in deciding whether to proceed with a computer matching or data profiling project.

Boufford, ISP., is president of e-Privacy Management Systems, a consulting firm specializing in privacy and information technology. He can be reached at or