Brett Candy is a friendly, easy-going fellow.

If you call him at home to sell him a magazine subscription or vacation club membership, he’ll talk your ear off.

And talk and talk and talk, for up to 20 minutes, before allowing you to hang up empty-handed.

Sometimes the 33-year-old Calgary truck driver will even learn something through his chats with telemarketers, such as the time last month when he discovered disturbing truths about the globalization of the call-centre industry – and the potential for personal information to be transferred overseas beyond the protection of Canadian privacy law.

“Where are you calling from?” Candy asked the young woman with the Indian accent who called one Saturday afternoon and identified herself as a telemarketer with Primus Telecommunications Canada Inc. “My office is in Toronto,” she replied.

“Where in Toronto?” persisted Candy, who regularly drives Monarch Messenger trucks to Vancouver, Edmonton and Lethbridge and occasionally to Eastern Canada, and is idly curious about the whereabouts of people who call him at home.

“Rexdale? Mississauga?”

The woman hesitated. “I’m actually phoning from India.”

Candy was flabbergasted. “Whereabouts?” he asked.

“Bhopal.”

“Holy geez, I never talked to anybody from India – especially from India,” thought the trucker, who listens to CBC Radio public-affairs programs on his long, solitary hauls.

Candy now was all over his suitor like a sticky T-shirt in a Calcutta July.

What time is it there? “3 a.m.”

What’s the weather like? “Hot.”

Have you ever been to Canada? “No,” the telemarketer replied, the call-log meter ticking.

Then things started getting really interesting.

The telemarketer nudged the conversation back to whether Candy would be interested in switching his long-distance phone service to Primus from Telus Communications Inc.

She dropped tidbits of Candy’s personal information – his name, his address, his phone number – all of which are readily available in any phonebook. But then, claimed Candy, she also mentioned the name of his bank – the Bank of Nova Scotia – and his employer, Monarch.

The telemarketer recited this data while assuring Candy she had all the information she needed to have banking authorization forms mailed to him to permit automatic withdrawals from his bank account, the trucker recalled.

Aware of privacy issues, Candy took offence to the notion that his personal information was in the hands of a telemarketer in a foreign country and thus beyond the reach of the few feckless privacy laws in Canada.

The conversation ended with Candy still a Telus long-distance customer.

“You would think that if the government here is going to put privacy laws in place, they would enact them in such a way that it would be illegal for these companies to transmit personal information outside the country to a telemarketing company,” he said.

Mario Verrilli of Toronto, Primus Canada’s director of residential sales, denied that Primus’s telemarketers have information on hand other than what you would find in a telephone directory.

Asked about the telemarketer knowing who Candy’s banker and employer are, Verrilli commented: “That is impossible – absolutely impossible. It would serve us no purpose to have that information.”

Verrilli acknowledged that Primus is making sales calls to Canadians from India, but added that the company is doing so on a test-project basis. “It’s to compare quality and that sort of thing,” he said.

Outsourcing of call-centre jobs to overseas countries such as India has gained momentum as U.S.-based multinationals such as Bank of America and General Electric pursue financial efficiencies and tap into an increasingly educated Third World workforce.

There is a dark side to this phenomenon, however.

BBC News reported last month that an American credit-card giant pulled out of India – a country that is aggressively courting the First World’s call-centre industry – after unauthorized credit levels were offered by call centres. And Britain’s Evening Standard reported that criminal gangs had offered a year in wages to call-centre staff in return for access to credit-card details.

Anne-Marie Hayden of the Office of the Privacy Commissioner of Canada says Canada’s three-year-old Personal Information Protection and Electronics Documents Act (PIPEDA) puts the onus on companies to impose contractual conditions on their overseas contractors to protect personal data.

“The Canadian company is responsible for what happens to it,” the Ottawa-based spokeswoman told Business Edge. “If we had a complaint, we’d investigate the Canadian company and see what we could do.”

But Hayden and PIPEDA have little to say about what sanctions Privacy Commissioner Jennifer Stoddart would use on any malefactor who treats such data in a cavalier or corrupt manner, though both the commissioner and the complainant can seek an order from the Federal Court.

“The commissioner takes a co-operative and conciliatory approach to investigating complaints wherever possible and encourages resolution through mediation, negotiation and persuasion,” the Office of the Privacy Commissioner says on its website.

“To date, all complaints brought before the commissioner have been resolved without having to use these formal investigative powers because voluntary co-operation with investigations has been forthcoming.”

Indeed, says Hayden, “people want to do business with organizations that respect their personal information.”

Canada has about 14,000 call centres.

Canadian Marketing Association spokesman Ed Cartwright of Toronto said the CMA is educating its members about what they have to do to comply with PIPEDA.

“If companies are calling into Canada, they have to respect federal privacy laws,” he said.

But Candy remains skeptical. He said companies can circumvent privacy laws by exporting their call-centre operations.

“She’s got a stack of information over there,” he said, referring to the telemarketer from Bhopal. “I’m a very private person – it was an invasion of my privacy.”