8/7/2019 Sookman Salzman ITCAN Spam Slides
1/47
1
Barry B. SookmanDirect Line: (416) 601-7949E-Mail: [email protected]
Impacts of the New Anti-SPAM andAnti-Spyware Legislation (Bill C-28)
January 26, 2011
Doc # 10027070
IT.CAN QUARTERLY ROUNDTABLE SERIES
Lorne P. SalzmanDirect Line: (416) 601-7867E-Mail: [email protected]
8/7/2019 Sookman Salzman ITCAN Spam Slides
2/47
2
Why businesses need to be
concerned about the Bill C-28
8/7/2019 Sookman Salzman ITCAN Spam Slides
3/47
3
Scope and Approach SPAM - transmitting any commercial electronic message is illegal unless there is
consent; it is an excluded category; and message is in a prescribed form. (s.6)
Malware - it is illegal as part of a commercial activity to install any computer program-good or bad-onto someones computer unless there is express consent and theprescribed disclosures are made. (s.8)
Spyware - it is illegal as part of a commercial activity to install any computer programonto someones computer that transmits data of any kind from that computer unlessthere is consent and the prescribed disclosures are made. (s.8)
Message routing - it is illegal to alter transmission data to route a message to anunintended destination. (s.7)
Broad protection against false and misleading representations extending to headerinformation, subject matter lines, URLs, and the message itself. (s.75 and 77)
Broad protection against collecting individuals electronic addresses using automatedtools primarily designed for this purpose and collecting personal information over the
internet by accessing a computer in violation of federal laws. (s.82) Burden of proof for consents is on the person alleging they have it. (s.13)
The regulations will significantly affect the interpretation of the Act and are not yetpublished. Scope will be significantly impacted by the regulations.
8/7/2019 Sookman Salzman ITCAN Spam Slides
4/47
4
Very high liability Administrative monetary penalties (AMPS) with caps up to $1 million for an
individual and $10 million for anyone else. (s.20(4))
Private rights of action by anyone affected by a prohibited act (s.47(1)) withliability that consists of:
compensation for loss, damages and expenses; and
extensive awards that are capped at:
$1 million per day for breach of SPAM, malware, spyware, messagerouting, address and personal information harvesting, and Competition Act provisions;
$1 million for each act of aiding, inducing, or procuring a breach of theSPAM, malware and spyware, and message routing provisions, plusliability up to $1 million per day for breach of SPAM, malware, spyware,and message routing provisions.
Risks of class actions.
8/7/2019 Sookman Salzman ITCAN Spam Slides
5/47
5
Extensive accessorial and vicarious liability
Liability extends to any person who aids, induces or procures a prohibited act.(s.9) Scope?
Businesses are liable for acts of their employees within the scope of theirauthority. (s.32, s.53)
Liability extends to officers, directors, agents, mandataries if they directed,authorized, assented to, acquiesced, or participated in the prohibited act. (s.31,s.52) Scope-acquiesced?
Businesses liable for employees businesses liable for aiding businessesliable for massive AMPS and damages class actions officers and directorsultimately liable.
Businesses need to put policies and processes in place to reduce risk.
Insurance?
8/7/2019 Sookman Salzman ITCAN Spam Slides
6/47
6
Extensive extra-territorial effects
The provisions of Bill C-28 could impact activities undertaken outside Canada.
The anti-spam provisions apply to any message where a computer systemlocated in Canada is used to send or access the electronic message. (s.13(1))
The message altering provisions also applies to messages if a computer systemlocated in Canada is used to send, route or access the electronic message.(s.13(2))
Other prohibitions real and substantial connections test?
Legislation has worldwide impacts that foreign entities will not expect.
Bill C-28 is significantly more onerous than any international counterpart.
This will mandate Canada specific processes for doing business in Canada or with Canadians using facilities located outside of Canada.
8/7/2019 Sookman Salzman ITCAN Spam Slides
7/47
7
Anti-SPAM Provisions
8/7/2019 Sookman Salzman ITCAN Spam Slides
8/47
8
Background: on SPAM provisions
In its 2005 Report, the Task Force recommended new legislation as required tofill any gaps identified in existing laws (Task Force). The Bill purports toimplement the recommendations of the Task Force.
Internationally there are many precedents for dealing with SPAM including:
U.S.-CAN - SPAM Act 2003 (US CAN SPAM);
EU Directive 2002/58/EC on privacy and electronic communications (EUDirective);
Australia Spam Act 2003 (Australia Spam Act);
Singapore Spam Control Act 2007 (Singapore Spam Act); and
UK Privacy and Electronic Communications Regulations 2003 (UK SpamAct).
8/7/2019 Sookman Salzman ITCAN Spam Slides
9/47
8/7/2019 Sookman Salzman ITCAN Spam Slides
10/47
10
The Anti-SPAM Prohibition
6(1) It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless:
a) the person to whom the message is sent has consented to receiving it,
whether the consent is express or implied; andb) the message complies with subsection (2).
Note:
The section extends send or cause or permit to be sent. So a director isliable for acquiescing in an employee aiding someone to permit amessage to be sent.
Messages cant be sent without a consent which must be express or a limitedsubset of conditions where consent is implied
Messages must comply with prescribed formalities.
8/7/2019 Sookman Salzman ITCAN Spam Slides
11/47
11
What messages and messaging systemsare included
electronic message means a message sent by any means oftelecommunication, including a text, sound, voice or image message. (s1(1)) (But,excludes voice messages covered by the Do Not Call List, fax messages, voicerecordings. (s.6(8))
electronic address means an address used in connection with the transmissionof an electronic message to (a) an electronic mail account; (b) an instantmessaging account; (c) a telephone account; or (d) any similar account . (s.1(1))
A commercial electronic message is an electronic message that, having
regard to the content of the message, the hyperlinks in the message to content ona website or other database, or the contact information contained in the message,it would be reasonable to conclude has as its purpose, or one of its purposes , toencourage participation in a commercial activity, including an electronicmessage that (a) offers to purchase, sell, barter or lease a product, goods, aservice, land or an interest or right in land; (b) offers to provide a business,
investment or gaming opportunity; (c) advertises or promotes anything referred toin paragraph (a) or (b); or (d) promotes a person, including the public image of aperson, as being a person who does anything referred to in any of paragraphs (a)to (c), or who intends to do so.
8/7/2019 Sookman Salzman ITCAN Spam Slides
12/47
12
What messages and messaging systemsare included
commercial activity means any particular transaction, act or conduct or anyregular course of conduct that is of a commercial character, whether or not theperson who carries it out does so in the expectation of profit, other than any
transaction, act or conduct that is carried out for the purposes of law enforcement,public safety, the protection of Canada, the conduct of international affairs or thedefence of Canada.
Applies as well to an electronic message that contains a request to send aprohibited message. (s.1(3))
Note how open ended Electronic Messages can be sent by any means oftelecommunication Electronic Addresses include any similar account whichwill continually change Commercial Electronic Messages fall into non-exclusivelist of Electronic Messages.
8/7/2019 Sookman Salzman ITCAN Spam Slides
13/47
13
What messages and messaging systemsare included
Do the provisions apply to accounts with:
E-mail e.g. Gmail, hotmail, exchange;
IM (BBM, Google talk); Social networks e.g., LinkedIn, Facebook, Twitter tweets and direct
messages;
Geo-location services;
E-commerce portals where there are accounts; and Message boards.
Businesses and their employees communicate for commercial purposes usingmultiple sources.
Policies are needed for obtaining consents and complying with formatrequirements for each platform used to send commercial electronic messages.
8/7/2019 Sookman Salzman ITCAN Spam Slides
14/47
14
General exceptions to anti-SPAMprovisions
Messages to an individual to whom the person has a personal or familyrelationship as defined in regulations. (s.6(5))
An inquiry of or application related to a commercial activity. (s.6(5))
A class defined in regulations. (s.6(5)). Dont know what they are. To telecom service providers when they enable transmissions of messages.
(s6(7)).
Messages related to law enforcement, public safety, the protection of Canada, the
conduct of international affairs or the defence of Canada. (s.(1), s.6(4)) The consent requirement in para. 1(a) does not apply to certain commercial
electronic messages e.g., providing a quote in response to a request, furtheranceof previously agreed to transactions, warranty, safety, security, product recallinformation, factual information about a purchase, information about anemployment or benefits plan, delivering a product, service or upgrade, or anotherexception specified in a regulation. (s.6(6))
Will businesses develop policies that rely on specific exceptions for consent,even when the formality requirements are not also exempted?
8/7/2019 Sookman Salzman ITCAN Spam Slides
15/47
15
Getting consents to send commercialelectronic messages
Express consents A person who seeks express consent must, when requesting consent, set out clearly
and simply the following information: (a) the purpose or purposes for which the consentis being sought; (b) prescribed information that identifies the person seeking consentand, if the person is seeking consent on behalf of another person, prescribedinformation that identifies that other person; and (c) any other prescribed information.(s.10(1)). See also (2).
How do businesses obtain express consents to send a commercial electronic message
when sending an electronic message to get consent is itself a commercial electronicmessage for consent is required? (s.1(3))
Implied Consents Consents to collect, use or disclose information under PIPEDA are not necessary valid
for the purposes of Bill C-28.
Bill C-28 will create a conflicting consent regime with the consent regime in PIPEDAsince implied consents are a list of closed categories.
Businesses cannot rely on PIPEDA consents to use personal information since theregimes are different e.g., disclosure standards, standards for determining impliedconsents, and exceptions are not the same.
8/7/2019 Sookman Salzman ITCAN Spam Slides
16/47
16
Implied consents to send commercialelectronic messages
A consent is implied for the purpose of the anti-SPAM provisions only if:
a) there is an existing business relationship or an existing non-business relationship, asthose terms are defined. (s.10(9))
Existing business relationship is a relationship arising from a purchase or barterwithin 2 years; acceptance of a business, investment or gaming opportunity withlast 2 years; related to a contract until 2 years after expiry; any inquiry orapplication with 6 months. (s.10(10))
Existing non-business relationship is a non-business relationship arising from adonation or gift; volunteer for a charity; membership, within a 2 year window.(s.10(13))
b) the person to whom the message is sent has conspicuously published the electronicaddress without a statement that the person does not wish to receive unsolicitedcommercial electronic messages at the electronic address and the message is relevantto the persons business, role, functions or duties in a business or official capacity;
c) the person to whom the message is sent has disclosed, to the person who sends themessage, his/her electronic address without indicating a wish not to receive SPAM, andthe message is relevant to the persons business, role, functions or duties in a businessor official capacity; or
d) the message is sent in the circumstances set out in the regulations.
8/7/2019 Sookman Salzman ITCAN Spam Slides
17/47
17
Format requirements for electronicmessages
The electronic messages must be in a form that conforms to the prescribedrequirements and must:
a) set out prescribed information that identifies the person who sent the message;
b) set out information enabling the person to whom the message is sent to readilycontact the sender (the contact information must be valid for 60 days); and
c) set out the prescribed unsubscribe mechanism. (s.6(2) & (3)).
The unsubscribe mechanism must (a) enable the recipient to indicate, at no cost to
them, the wish to no longer receive any messages, or any specified class of suchmessages, from the sender, using (i) the same electronic means by which the messagewas sent, or (ii) if using those means is not practicable, any other electronic means thatwill enable the person to indicate the wish; and (b) specify an electronic address, or linkto a page on the World Wide Web that can be accessed through a web browser, towhich the indication may be sent. (s.11(1) & (2))
Is it possible to comply with these rules for all media? Can regulations solve theproblem?
Businesses need to develop policies and processes for how to comply with formatrequirements for every category of message formats for all included media . These willneed continual review.
8/7/2019 Sookman Salzman ITCAN Spam Slides
18/47
18
Malware and Spyware Provisions
8/7/2019 Sookman Salzman ITCAN Spam Slides
19/47
19
The prohibition
8. (1) A person must not, in the course of a commercial activity, install orcause to be installed a computer program on any other persons computersystem or, having so installed or caused to be installed a computer program,cause an electronic message to be sent from that computer system, unless:
(a) the person has obtained the express consent of the owner or an authorizeduser of the computer system and complies with [the disclosurerequirements of] subsection 11(5); or
(b) the person is acting in accordance with a court order.
Implied consents cannot be relied upon. Only express consents are valid,assuming compliance with the disclosure requirements.
Written agreements or click-wraps will comply. Web wrap agreements willlikely not comply.
8/7/2019 Sookman Salzman ITCAN Spam Slides
20/47
8/7/2019 Sookman Salzman ITCAN Spam Slides
21/47
21
Scope of prohibition
Covers acts of installing a computer program. Install is not defined in thelegislation. What is included e.g., downloading, program execution, successfulrunning of install program, integration of the code onto a computer system such
as by changing the registry, making the program executable at a later time,modifying existing software?
Covers to cause an electronic message to be sent from the computer. electronic message means a message sent by any means of
telecommunication, including a text, sound, voice or image message. Notlimited to personal information or privacy violations; extends to usageinformation; performance data; monitoring data;
to be sent involves a requirement for a transmission, but does notexplicitly require any reception of data.
8/7/2019 Sookman Salzman ITCAN Spam Slides
22/47
22
Getting express consents to comply withmalware and spyware provisions
Obtaining consent : A person who seeks express consent must, when requestingconsent, set out clearly and simply the following information: (a) the purpose orpurposes for which the consent is being sought; (b) prescribed information that
identifies the person seeking consent and, if the person is seeking consent onbehalf of another person, prescribed information that identifies that other person;and (c) any other prescribed information. (s.10(1)).
Withdrawal of consent : If the computer program installed meets one of thespecified malware or spyware criteria in s.10(5), the person who installs the
program with consent must for 1 year provide an electronic address to which arequest can be sent to remove or disable the computer program if the requestorbelieves that the function, purpose or impact of the computer program installedunder the consent was not accurately described when consent was requested;and if the consent was based on an inaccurate description of the materialelements of the enumerated function or functions, must, without cost to the person
who gave consent, assist that person in removing or disabling the computerprogram as soon as feasible. (s.11(5))
8/7/2019 Sookman Salzman ITCAN Spam Slides
23/47
23
Disclosure requirements to comply withmalware and spyware provisions
Two levels of disclosure required when obtaining consent.
Minimum Disclosure: A person who seeks express consent, must when requestingconsent, also, in addition to setting out any other prescribed information, must clearly and simply describe , in general terms the function and purpose of the computer program that isto be installed if the consent is given. (s.10(3))
Enhanced Disclosure: If the computer program meets one of the specified malware orspyware criteria in s.10(5), the person who seeks express consent must, whenrequesting consent, clearly and prominently, and separately and apart from the licence agreement , (a) describe the programs material elements that perform the function orfunctions, including the nature and purpose of those elements and their reasonablyforeseeable impact on the operation of the computer system; and (b) bring those elementsto the attention of the person from whom consent is being sought in the prescribedmanner.
The enhances disclosure standard applies where the program collects personalinformation; interferes with control of the computer; changes or interferes with settings
preferences or commands; obstructs, interrupts, or interferes with access to data; causesthe computer to communicate with another computer without authorization, installing a bot,or something set out in the regulations, but not merely transmission data. (s.10(5) &(6))
How to determine the appropriate disclosure to meet the specific type of computerprogram?
8/7/2019 Sookman Salzman ITCAN Spam Slides
24/47
24
Exceptions for Software Updates,Upgrades and Patches
Express consent and the minimum disclosure are not required for the installationof an update or upgrade so long as the installation or use of the computerprogram being updated was expressly consented to and the person who gave theconsent is entitled to, and does receive the update under the terms of the expressconsent. (s.10(7)).
This exception does not extend to the enhanced disclosure requirement.
8/7/2019 Sookman Salzman ITCAN Spam Slides
25/47
25
Exclusions from the consent anddisclosure requirements
A person is considered to expressly consent to the installation of a computerprogram if:a) the program is:
i. a cookie,ii. HTML code,iii. Java Scripts,iv. an operating system,v. any other program that is executable only through the use of another
computer program whose installation or use the person has previouslyexpressly consented to, or
vi. any other program specified in the regulations; andb) the persons conduct is such that it is reasonable to believe that they
consent to the programs installation. (s.11(8))
What type of programs are referred to in para. (v)? Note, there is no express waiver of the disclosure requirement, but disclosure
is only required where express requests are being sought.
8/7/2019 Sookman Salzman ITCAN Spam Slides
26/47
26
Altering Transmission Data
provisions
8/7/2019 Sookman Salzman ITCAN Spam Slides
27/47
27
The prohibition
S.7.1(1) It is prohibited, in the course of a commercial activity, to alter or cause tobe altered the transmission data in an electronic message so that the message isdelivered to a destination other than or in addition to that specified by the sender,
unless ( a) the alteration is made with the express consent of the sender or theperson to whom the message is sent, and the person altering or causing to bealtered the data complies with subsection 11(4); or ( b) the alteration is made in accordance with a court order.
(2) Subsection (1) does not apply if the alteration is made by atelecommunications service provider for the purposes of network management.
8/7/2019 Sookman Salzman ITCAN Spam Slides
28/47
28
Getting express consents to comply withaltering transmission data provision
Obtaining consent : A person who seeks express consent must, when requestingconsent, set out clearly and simply the following information: (a) the purpose orpurposes for which the consent is being sought; (b) prescribed information that
identifies the person seeking consent and, if the person is seeking consent onbehalf of another person, prescribed information that identifies that other person;and (c) any other prescribed information. (s.10(1))
8/7/2019 Sookman Salzman ITCAN Spam Slides
29/47
29
Address and personal information
harvesting provisions
8/7/2019 Sookman Salzman ITCAN Spam Slides
30/47
30
Address harvesting amendments toPIPEDA s. 82 of Bill C-28
7.1(2) Paragraphs 7(1)(a), (c) and (d) and (2)(a) to (c.1) and the exception set outin clause 4.3 of Schedule 1 do not apply in respect of (a) the collection of anindividuals electronic address, if the address is collected by the use of a computerprogram that is designed or marketed primarily for use in generating or searchingfor, and collecting, electronic addresses; or (b) the use of an individuals electronicaddress, if the address is collected by the use of a computer program described inparagraph (a).
electronic address defined to mean an address used in connection with (a) anelectronic mail account; (b) an instant messaging account; or (c) any similaraccount.
Note: The collection of electronic addresses prohibition is not tied to anySPAM-related activity.
The effect of this is to remove certain exceptions related to the collection and
use of personal information in PIPEDA.
8/7/2019 Sookman Salzman ITCAN Spam Slides
31/47
31
Address harvesting amendments toPIPEDA PIPEDA s.7(1) An organization may collect personal information without the knowledge or consent
of the individual only if:
a) the collection is clearly in the interests of the individual and consent cannot be obtained in atimely way;
b) the collection is solely for journalistic, artistic or literary purposes;
c) the information is publicly available and is specified by the regulations.
PIPEDA s.7(2) An organization may, without the knowledge or consent of the individual, use personalinformation only if:
a) in the course of its activities, the organization becomes aware of information that it has
reasonable grounds to believe could be useful in the investigation of a contravention of the lawsof Canada, a province or a foreign jurisdiction that has been, is being or is about to becommitted, and the information is used for the purpose of investigating that contravention;
b) it is used for the purpose of acting in respect of an emergency that threatens the life, health orsecurity of an individual;
c) it is used for statistical, or scholarly study or research, purposes that cannot be achieved
without using the information, the information is used in a manner that will ensure itsconfidentiality, it is impracticable to obtain consent and the organization informs theCommissioner of the use before the information is used;
(c.1) it is publicly available and is specified by the regulations.
Exception set out in clause 4.3 of Schedule 1: consent is required for the collection, use, ordisclosure or personal information, except where inappropriate.
8/7/2019 Sookman Salzman ITCAN Spam Slides
32/47
32
Personal information harvestingamendments to PIPEDA
7.1(3) Paragraphs 7(1)(a) to (d) and (2)(a) to (c.1) and the exception set out in clause 4.3 ofSchedule 1 do not apply in respect of (a) the collection of personal information, through anymeans of telecommunication, if the collection is made by accessing a computer system orcausing a computer system to be accessed in contravention of an Act of Parliament; or (b) the
use of personal information that is collected in a manner described in paragraph (a). access is defined to mean to program, to execute programs on, to communicate with, to
store data in, to retrieve data from, or to otherwise make use of any resources, including dataor programs on a computer system or a computer network.
computer program and computer system are broadly defined as in the SPAM provisions .
The collection of personal information does not have to be SPAM-related. Note, the access to a computer system must be in contravention of an Act of Parliament.
Compare to wording in s.7(1)(b) which apply to a breach of an agreement or a contraventionof the laws of Canada or a province.
The effect of this is also to remove certain exceptions related to the collection and use of
personal information. Note also the removal of the exception in s.7(1)(b): it is reasonable to expect that the
collection with the knowledge or consent of the individual would compromise the availability orthe accuracy of the information and the collection is reasonable for purposes related toinvestigating a breach of an agreement or a contravention of the laws of Canada or aprovince.
8/7/2019 Sookman Salzman ITCAN Spam Slides
33/47
33
Competition Act Provisions
8/7/2019 Sookman Salzman ITCAN Spam Slides
34/47
34
Competition Act
Bill C-28 adds to existing Competition Act provisions prohibiting false ormisleading representations to promote a business interest of the supply
or use of a product Numbering of Competition Act amendments is particularly confusing
Investigation/enforcement by Competition Bureau
Bureau has sought and obtained sizeable fines in the past for deceptivemarketing practices
Bureau is seeking $10m fine against Rogers for alleged misleadingadvertising
8/7/2019 Sookman Salzman ITCAN Spam Slides
35/47
35
Competition Act new s. 74.011 and s.52.01
prohibits representation that is false or misleading in a material respect inelectronic message
prohibits false or misleading representation in sender information in electronic message
subject matter information in electronic message
locater look at general impression and literal meaning
only first prohibition states in a material respect
no to the public concept
no concept of exception for consent or existing business relationship
8/7/2019 Sookman Salzman ITCAN Spam Slides
36/47
36
Definitions (s. 70(2))
sender information means the part of an electronic message
including the data relating to source, routing, addressing or signalling that identifies or purports to identify the sender or the origin of themessage
subject matter information means the part of an electronic messagethat purports to summarize the contents of the message or to give anindication of them
locator means a name or information used to identify a source of dataon a computer system, and includes a URL
electronic message is widely defined, same as in Bill C-28
8/7/2019 Sookman Salzman ITCAN Spam Slides
37/47
37
Competition Act DiscussionExamples
Sender Information
VISA
Locator
www.bmosecuritylink.com
Subject Matter Information
Fly Ottawa to Calgary for $299 return
Lose 20 Pounds in 3 Weeks
Our best sale of the year
Exclusive upgrade offer from ABC Hotels
Aggressive e-mail subject matter language poses substantial risk to senders
8/7/2019 Sookman Salzman ITCAN Spam Slides
38/47
38
Enforcement Measures
8/7/2019 Sookman Salzman ITCAN Spam Slides
39/47
39
Bill C-28 Enforcement
Bill C-28 is complicated
The Bill contains amendments to several statutes, and contemplatesinter-related actions by several agencies and enforcement routes
8/7/2019 Sookman Salzman ITCAN Spam Slides
40/47
40
Enforcement Routes
CRTC spam, spyware, message misrouting
Competition Bureau false or misleading messages or components
criminal
reviewable
Privacy Commissioner improper harvesting of personal information
Private actions all of the above class actions
8/7/2019 Sookman Salzman ITCAN Spam Slides
41/47
41
CRTC
CRTC designates enforcement officers (SPAM police?) (s. 14)
can issue preservation demand, notice to produce documents, can apply forsearch warrants
EO issues notice of violation (like parking ticket) (s.22) sets out AMPS amount
C-28 provides factors for determining penalty (s.20(3))
previous history of contraventions
financial benefit received from offending activity ability to pay
other
offender must either pay or ask CRTC panel to rule (s. 24)
A Commission review is decided on balance of probabilities (s. 25) appeal to FCA is possible, with leave on question of fact (s. 27)
8/7/2019 Sookman Salzman ITCAN Spam Slides
42/47
42
CRTC
undertakings possible (i.e negotiated outcome, may include paymentrequirement) (s. 21)
sizeable AMPS possible (s. 20)
8/7/2019 Sookman Salzman ITCAN Spam Slides
43/47
43
Competition Act
Criminal prosecution (s. 75)
for egregious situations
knowingly or recklessly makes a representation
fines/imprisonment possible
allows private right of action for damages
Reviewable conduct (s. 77)
prohibition orders publication of corrective notice (more SPAM?)
AMPS
corporation =
8/7/2019 Sookman Salzman ITCAN Spam Slides
44/47
44
PIPEDA
Bill C-28 expands the concept of privacy under PIPEDA to includeharvesting an individuals electronic address and collecting personal
information by accessing a computer system in contravention of a federallaw.
Privacy Commissioner can investigate and take appropriate action as inother privacy complaints.
However, a private right of action is now available as additionalenforcement right.
8/7/2019 Sookman Salzman ITCAN Spam Slides
45/47
45
Private Right of Action (ss. 47-51)
Contravention Trigger (s. 47)
Bill C-28, s. 6-9 (unless CRTC has taken enforcement action oragreed to undertaking s.48)
does s. 48 provide an incentive to self-report and settle withCRTC?
Competition Act for reviewable conduct of false or misleadingrepresentations
PIPEDA provisions re harvesting personal addresses/information
h f
8/7/2019 Sookman Salzman ITCAN Spam Slides
46/47
46
Private Right of Action
Recovery (s. 51(1))
compensation for loss or expense
private fines
8/7/2019 Sookman Salzman ITCAN Spam Slides
47/47
47
VANCOUVERSuite 1300, 777 Dunsmuir StreetP.O. Box 10424, Pacific CentreVancouver BC V7Y 1K2Tel: 604-643-7100Fax: 604-643-7900Toll-Free: 1-877-244-7711
CALGARYSuite 3300, 421 7th Avenue SWCalgary AB T2P 4K9Tel: 403-260-3500Fax: 403-260-3501Toll-Free: 1-877-244-7711
TORONTOBox 48, Suite 5300Toronto Dominion Bank TowerToronto ON M5K 1E6Tel: 416-362-1812Fax: 416-868-0673Toll-Free: 1-877-244-7711
OTTAWASuite 200, 440 Laurier Avenue WestOttawa ON K1R 7X6Tel: 613-238-2000Fax: 613-563-9386
Toll-Free: 1-877-244-7711
MONTRALSuite 25001000 De La Gauchetire Street WestMontral QC H3B 0A2Tel: 514-397-4100Fax: 514-875-6246Toll-Free: 1-877-244-7711
QUBECLe Complexe St-Amable1150, rue de Claire-Fontaine, 7e tageQubec QC G1R 5G4Tel: 418-521-3000Fax: 418-521-3099Toll-Free: 1-877-244-7711
UNITED KINGDOM & EUROPE125 Old Broad Street, 26th FloorLondon EC2N 1ARUNITED KINGDOMTel: +44 (0)20 7489 5700Fax: +44 (0)20 7489 5777
Top Related