Sookman Salzman ITCAN Spam Slides

  • View
    217

  • Download
    0

Embed Size (px)

Text of Sookman Salzman ITCAN Spam Slides

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    1/47

    1

    Barry B. SookmanDirect Line: (416) 601-7949E-Mail: [email protected]

    Impacts of the New Anti-SPAM andAnti-Spyware Legislation (Bill C-28)

    January 26, 2011

    Doc # 10027070

    IT.CAN QUARTERLY ROUNDTABLE SERIES

    Lorne P. SalzmanDirect Line: (416) 601-7867E-Mail: [email protected]

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    2/47

    2

    Why businesses need to be

    concerned about the Bill C-28

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    3/47

    3

    Scope and Approach SPAM - transmitting any commercial electronic message is illegal unless there is

    consent; it is an excluded category; and message is in a prescribed form. (s.6)

    Malware - it is illegal as part of a commercial activity to install any computer program-good or bad-onto someones computer unless there is express consent and theprescribed disclosures are made. (s.8)

    Spyware - it is illegal as part of a commercial activity to install any computer programonto someones computer that transmits data of any kind from that computer unlessthere is consent and the prescribed disclosures are made. (s.8)

    Message routing - it is illegal to alter transmission data to route a message to anunintended destination. (s.7)

    Broad protection against false and misleading representations extending to headerinformation, subject matter lines, URLs, and the message itself. (s.75 and 77)

    Broad protection against collecting individuals electronic addresses using automatedtools primarily designed for this purpose and collecting personal information over the

    internet by accessing a computer in violation of federal laws. (s.82) Burden of proof for consents is on the person alleging they have it. (s.13)

    The regulations will significantly affect the interpretation of the Act and are not yetpublished. Scope will be significantly impacted by the regulations.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    4/47

    4

    Very high liability Administrative monetary penalties (AMPS) with caps up to $1 million for an

    individual and $10 million for anyone else. (s.20(4))

    Private rights of action by anyone affected by a prohibited act (s.47(1)) withliability that consists of:

    compensation for loss, damages and expenses; and

    extensive awards that are capped at:

    $1 million per day for breach of SPAM, malware, spyware, messagerouting, address and personal information harvesting, and Competition Act provisions;

    $1 million for each act of aiding, inducing, or procuring a breach of theSPAM, malware and spyware, and message routing provisions, plusliability up to $1 million per day for breach of SPAM, malware, spyware,and message routing provisions.

    Risks of class actions.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    5/47

    5

    Extensive accessorial and vicarious liability

    Liability extends to any person who aids, induces or procures a prohibited act.(s.9) Scope?

    Businesses are liable for acts of their employees within the scope of theirauthority. (s.32, s.53)

    Liability extends to officers, directors, agents, mandataries if they directed,authorized, assented to, acquiesced, or participated in the prohibited act. (s.31,s.52) Scope-acquiesced?

    Businesses liable for employees businesses liable for aiding businessesliable for massive AMPS and damages class actions officers and directorsultimately liable.

    Businesses need to put policies and processes in place to reduce risk.

    Insurance?

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    6/47

    6

    Extensive extra-territorial effects

    The provisions of Bill C-28 could impact activities undertaken outside Canada.

    The anti-spam provisions apply to any message where a computer systemlocated in Canada is used to send or access the electronic message. (s.13(1))

    The message altering provisions also applies to messages if a computer systemlocated in Canada is used to send, route or access the electronic message.(s.13(2))

    Other prohibitions real and substantial connections test?

    Legislation has worldwide impacts that foreign entities will not expect.

    Bill C-28 is significantly more onerous than any international counterpart.

    This will mandate Canada specific processes for doing business in Canada or with Canadians using facilities located outside of Canada.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    7/47

    7

    Anti-SPAM Provisions

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    8/47

    8

    Background: on SPAM provisions

    In its 2005 Report, the Task Force recommended new legislation as required tofill any gaps identified in existing laws (Task Force). The Bill purports toimplement the recommendations of the Task Force.

    Internationally there are many precedents for dealing with SPAM including:

    U.S.-CAN - SPAM Act 2003 (US CAN SPAM);

    EU Directive 2002/58/EC on privacy and electronic communications (EUDirective);

    Australia Spam Act 2003 (Australia Spam Act);

    Singapore Spam Control Act 2007 (Singapore Spam Act); and

    UK Privacy and Electronic Communications Regulations 2003 (UK SpamAct).

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    9/47

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    10/47

    10

    The Anti-SPAM Prohibition

    6(1) It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless:

    a) the person to whom the message is sent has consented to receiving it,

    whether the consent is express or implied; andb) the message complies with subsection (2).

    Note:

    The section extends send or cause or permit to be sent. So a director isliable for acquiescing in an employee aiding someone to permit amessage to be sent.

    Messages cant be sent without a consent which must be express or a limitedsubset of conditions where consent is implied

    Messages must comply with prescribed formalities.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    11/47

    11

    What messages and messaging systemsare included

    electronic message means a message sent by any means oftelecommunication, including a text, sound, voice or image message. (s1(1)) (But,excludes voice messages covered by the Do Not Call List, fax messages, voicerecordings. (s.6(8))

    electronic address means an address used in connection with the transmissionof an electronic message to (a) an electronic mail account; (b) an instantmessaging account; (c) a telephone account; or (d) any similar account . (s.1(1))

    A commercial electronic message is an electronic message that, having

    regard to the content of the message, the hyperlinks in the message to content ona website or other database, or the contact information contained in the message,it would be reasonable to conclude has as its purpose, or one of its purposes , toencourage participation in a commercial activity, including an electronicmessage that (a) offers to purchase, sell, barter or lease a product, goods, aservice, land or an interest or right in land; (b) offers to provide a business,

    investment or gaming opportunity; (c) advertises or promotes anything referred toin paragraph (a) or (b); or (d) promotes a person, including the public image of aperson, as being a person who does anything referred to in any of paragraphs (a)to (c), or who intends to do so.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    12/47

    12

    What messages and messaging systemsare included

    commercial activity means any particular transaction, act or conduct or anyregular course of conduct that is of a commercial character, whether or not theperson who carries it out does so in the expectation of profit, other than any

    transaction, act or conduct that is carried out for the purposes of law enforcement,public safety, the protection of Canada, the conduct of international affairs or thedefence of Canada.

    Applies as well to an electronic message that contains a request to send aprohibited message. (s.1(3))

    Note how open ended Electronic Messages can be sent by any means oftelecommunication Electronic Addresses include any similar account whichwill continually change Commercial Electronic Messages fall into non-exclusivelist of Electronic Messages.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    13/47

    13

    What messages and messaging systemsare included

    Do the provisions apply to accounts with:

    E-mail e.g. Gmail, hotmail, exchange;

    IM (BBM, Google talk); Social networks e.g., LinkedIn, Facebook, Twitter tweets and direct

    messages;

    Geo-location services;

    E-commerce portals where there are accounts; and Message boards.

    Businesses and their employees communicate for commercial purposes usingmultiple sources.

    Policies are needed for obtaining consents and complying with formatrequirements for each platform used to send commercial electronic messages.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    14/47

    14

    General exceptions to anti-SPAMprovisions

    Messages to an individual to whom the person has a personal or familyrelationship as defined in regulations. (s.6(5))

    An inquiry of or application related to a commercial activity. (s.6(5))

    A class defined in regulations. (s.6(5)). Dont know what they are. To telecom service providers when they enable transmissions of messages.

    (s6(7)).

    Messages related to law enforcement, public safety, the protection of Canada, the

    conduct of international affairs or the defence of Canada. (s.(1), s.6(4)) The consent requirement in para. 1(a) does not apply to certain commercial

    electronic messages e.g., providing a quote in response to a request, furtheranceof previously agreed to transactions, warranty, safety, security, product recallinformation, factual information about a purchase, information about anemployment or benefits plan, delivering a product, service or upgrade, or anotherexception specified in a regulation. (s.6(6))

    Will businesses develop policies that rely on specific exceptions for consent,even when the formality requirements are not also exempted?

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    15/47

    15

    Getting consents to send commercialelectronic messages

    Express consents A person who seeks express consent must, when requesting consent, set out clearly

    and simply the following information: (a) the purpose or purposes for which the consentis being sought; (b) prescribed information that identifies the person seeking consentand, if the person is seeking consent on behalf of another person, prescribedinformation that identifies that other person; and (c) any other prescribed information.(s.10(1)). See also (2).

    How do businesses obtain express consents to send a commercial electronic message

    when sending an electronic message to get consent is itself a commercial electronicmessage for consent is required? (s.1(3))

    Implied Consents Consents to collect, use or disclose information under PIPEDA are not necessary valid

    for the purposes of Bill C-28.

    Bill C-28 will create a conflicting consent regime with the consent regime in PIPEDAsince implied consents are a list of closed categories.

    Businesses cannot rely on PIPEDA consents to use personal information since theregimes are different e.g., disclosure standards, standards for determining impliedconsents, and exceptions are not the same.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    16/47

    16

    Implied consents to send commercialelectronic messages

    A consent is implied for the purpose of the anti-SPAM provisions only if:

    a) there is an existing business relationship or an existing non-business relationship, asthose terms are defined. (s.10(9))

    Existing business relationship is a relationship arising from a purchase or barterwithin 2 years; acceptance of a business, investment or gaming opportunity withlast 2 years; related to a contract until 2 years after expiry; any inquiry orapplication with 6 months. (s.10(10))

    Existing non-business relationship is a non-business relationship arising from adonation or gift; volunteer for a charity; membership, within a 2 year window.(s.10(13))

    b) the person to whom the message is sent has conspicuously published the electronicaddress without a statement that the person does not wish to receive unsolicitedcommercial electronic messages at the electronic address and the message is relevantto the persons business, role, functions or duties in a business or official capacity;

    c) the person to whom the message is sent has disclosed, to the person who sends themessage, his/her electronic address without indicating a wish not to receive SPAM, andthe message is relevant to the persons business, role, functions or duties in a businessor official capacity; or

    d) the message is sent in the circumstances set out in the regulations.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    17/47

    17

    Format requirements for electronicmessages

    The electronic messages must be in a form that conforms to the prescribedrequirements and must:

    a) set out prescribed information that identifies the person who sent the message;

    b) set out information enabling the person to whom the message is sent to readilycontact the sender (the contact information must be valid for 60 days); and

    c) set out the prescribed unsubscribe mechanism. (s.6(2) & (3)).

    The unsubscribe mechanism must (a) enable the recipient to indicate, at no cost to

    them, the wish to no longer receive any messages, or any specified class of suchmessages, from the sender, using (i) the same electronic means by which the messagewas sent, or (ii) if using those means is not practicable, any other electronic means thatwill enable the person to indicate the wish; and (b) specify an electronic address, or linkto a page on the World Wide Web that can be accessed through a web browser, towhich the indication may be sent. (s.11(1) & (2))

    Is it possible to comply with these rules for all media? Can regulations solve theproblem?

    Businesses need to develop policies and processes for how to comply with formatrequirements for every category of message formats for all included media . These willneed continual review.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    18/47

    18

    Malware and Spyware Provisions

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    19/47

    19

    The prohibition

    8. (1) A person must not, in the course of a commercial activity, install orcause to be installed a computer program on any other persons computersystem or, having so installed or caused to be installed a computer program,cause an electronic message to be sent from that computer system, unless:

    (a) the person has obtained the express consent of the owner or an authorizeduser of the computer system and complies with [the disclosurerequirements of] subsection 11(5); or

    (b) the person is acting in accordance with a court order.

    Implied consents cannot be relied upon. Only express consents are valid,assuming compliance with the disclosure requirements.

    Written agreements or click-wraps will comply. Web wrap agreements willlikely not comply.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    20/47

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    21/47

    21

    Scope of prohibition

    Covers acts of installing a computer program. Install is not defined in thelegislation. What is included e.g., downloading, program execution, successfulrunning of install program, integration of the code onto a computer system such

    as by changing the registry, making the program executable at a later time,modifying existing software?

    Covers to cause an electronic message to be sent from the computer. electronic message means a message sent by any means of

    telecommunication, including a text, sound, voice or image message. Notlimited to personal information or privacy violations; extends to usageinformation; performance data; monitoring data;

    to be sent involves a requirement for a transmission, but does notexplicitly require any reception of data.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    22/47

    22

    Getting express consents to comply withmalware and spyware provisions

    Obtaining consent : A person who seeks express consent must, when requestingconsent, set out clearly and simply the following information: (a) the purpose orpurposes for which the consent is being sought; (b) prescribed information that

    identifies the person seeking consent and, if the person is seeking consent onbehalf of another person, prescribed information that identifies that other person;and (c) any other prescribed information. (s.10(1)).

    Withdrawal of consent : If the computer program installed meets one of thespecified malware or spyware criteria in s.10(5), the person who installs the

    program with consent must for 1 year provide an electronic address to which arequest can be sent to remove or disable the computer program if the requestorbelieves that the function, purpose or impact of the computer program installedunder the consent was not accurately described when consent was requested;and if the consent was based on an inaccurate description of the materialelements of the enumerated function or functions, must, without cost to the person

    who gave consent, assist that person in removing or disabling the computerprogram as soon as feasible. (s.11(5))

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    23/47

    23

    Disclosure requirements to comply withmalware and spyware provisions

    Two levels of disclosure required when obtaining consent.

    Minimum Disclosure: A person who seeks express consent, must when requestingconsent, also, in addition to setting out any other prescribed information, must clearly and simply describe , in general terms the function and purpose of the computer program that isto be installed if the consent is given. (s.10(3))

    Enhanced Disclosure: If the computer program meets one of the specified malware orspyware criteria in s.10(5), the person who seeks express consent must, whenrequesting consent, clearly and prominently, and separately and apart from the licence agreement , (a) describe the programs material elements that perform the function orfunctions, including the nature and purpose of those elements and their reasonablyforeseeable impact on the operation of the computer system; and (b) bring those elementsto the attention of the person from whom consent is being sought in the prescribedmanner.

    The enhances disclosure standard applies where the program collects personalinformation; interferes with control of the computer; changes or interferes with settings

    preferences or commands; obstructs, interrupts, or interferes with access to data; causesthe computer to communicate with another computer without authorization, installing a bot,or something set out in the regulations, but not merely transmission data. (s.10(5) &(6))

    How to determine the appropriate disclosure to meet the specific type of computerprogram?

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    24/47

    24

    Exceptions for Software Updates,Upgrades and Patches

    Express consent and the minimum disclosure are not required for the installationof an update or upgrade so long as the installation or use of the computerprogram being updated was expressly consented to and the person who gave theconsent is entitled to, and does receive the update under the terms of the expressconsent. (s.10(7)).

    This exception does not extend to the enhanced disclosure requirement.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    25/47

    25

    Exclusions from the consent anddisclosure requirements

    A person is considered to expressly consent to the installation of a computerprogram if:a) the program is:

    i. a cookie,ii. HTML code,iii. Java Scripts,iv. an operating system,v. any other program that is executable only through the use of another

    computer program whose installation or use the person has previouslyexpressly consented to, or

    vi. any other program specified in the regulations; andb) the persons conduct is such that it is reasonable to believe that they

    consent to the programs installation. (s.11(8))

    What type of programs are referred to in para. (v)? Note, there is no express waiver of the disclosure requirement, but disclosure

    is only required where express requests are being sought.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    26/47

    26

    Altering Transmission Data

    provisions

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    27/47

    27

    The prohibition

    S.7.1(1) It is prohibited, in the course of a commercial activity, to alter or cause tobe altered the transmission data in an electronic message so that the message isdelivered to a destination other than or in addition to that specified by the sender,

    unless ( a) the alteration is made with the express consent of the sender or theperson to whom the message is sent, and the person altering or causing to bealtered the data complies with subsection 11(4); or ( b) the alteration is made in accordance with a court order.

    (2) Subsection (1) does not apply if the alteration is made by atelecommunications service provider for the purposes of network management.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    28/47

    28

    Getting express consents to comply withaltering transmission data provision

    Obtaining consent : A person who seeks express consent must, when requestingconsent, set out clearly and simply the following information: (a) the purpose orpurposes for which the consent is being sought; (b) prescribed information that

    identifies the person seeking consent and, if the person is seeking consent onbehalf of another person, prescribed information that identifies that other person;and (c) any other prescribed information. (s.10(1))

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    29/47

    29

    Address and personal information

    harvesting provisions

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    30/47

    30

    Address harvesting amendments toPIPEDA s. 82 of Bill C-28

    7.1(2) Paragraphs 7(1)(a), (c) and (d) and (2)(a) to (c.1) and the exception set outin clause 4.3 of Schedule 1 do not apply in respect of (a) the collection of anindividuals electronic address, if the address is collected by the use of a computerprogram that is designed or marketed primarily for use in generating or searchingfor, and collecting, electronic addresses; or (b) the use of an individuals electronicaddress, if the address is collected by the use of a computer program described inparagraph (a).

    electronic address defined to mean an address used in connection with (a) anelectronic mail account; (b) an instant messaging account; or (c) any similaraccount.

    Note: The collection of electronic addresses prohibition is not tied to anySPAM-related activity.

    The effect of this is to remove certain exceptions related to the collection and

    use of personal information in PIPEDA.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    31/47

    31

    Address harvesting amendments toPIPEDA PIPEDA s.7(1) An organization may collect personal information without the knowledge or consent

    of the individual only if:

    a) the collection is clearly in the interests of the individual and consent cannot be obtained in atimely way;

    b) the collection is solely for journalistic, artistic or literary purposes;

    c) the information is publicly available and is specified by the regulations.

    PIPEDA s.7(2) An organization may, without the knowledge or consent of the individual, use personalinformation only if:

    a) in the course of its activities, the organization becomes aware of information that it has

    reasonable grounds to believe could be useful in the investigation of a contravention of the lawsof Canada, a province or a foreign jurisdiction that has been, is being or is about to becommitted, and the information is used for the purpose of investigating that contravention;

    b) it is used for the purpose of acting in respect of an emergency that threatens the life, health orsecurity of an individual;

    c) it is used for statistical, or scholarly study or research, purposes that cannot be achieved

    without using the information, the information is used in a manner that will ensure itsconfidentiality, it is impracticable to obtain consent and the organization informs theCommissioner of the use before the information is used;

    (c.1) it is publicly available and is specified by the regulations.

    Exception set out in clause 4.3 of Schedule 1: consent is required for the collection, use, ordisclosure or personal information, except where inappropriate.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    32/47

    32

    Personal information harvestingamendments to PIPEDA

    7.1(3) Paragraphs 7(1)(a) to (d) and (2)(a) to (c.1) and the exception set out in clause 4.3 ofSchedule 1 do not apply in respect of (a) the collection of personal information, through anymeans of telecommunication, if the collection is made by accessing a computer system orcausing a computer system to be accessed in contravention of an Act of Parliament; or (b) the

    use of personal information that is collected in a manner described in paragraph (a). access is defined to mean to program, to execute programs on, to communicate with, to

    store data in, to retrieve data from, or to otherwise make use of any resources, including dataor programs on a computer system or a computer network.

    computer program and computer system are broadly defined as in the SPAM provisions .

    The collection of personal information does not have to be SPAM-related. Note, the access to a computer system must be in contravention of an Act of Parliament.

    Compare to wording in s.7(1)(b) which apply to a breach of an agreement or a contraventionof the laws of Canada or a province.

    The effect of this is also to remove certain exceptions related to the collection and use of

    personal information. Note also the removal of the exception in s.7(1)(b): it is reasonable to expect that the

    collection with the knowledge or consent of the individual would compromise the availability orthe accuracy of the information and the collection is reasonable for purposes related toinvestigating a breach of an agreement or a contravention of the laws of Canada or aprovince.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    33/47

    33

    Competition Act Provisions

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    34/47

    34

    Competition Act

    Bill C-28 adds to existing Competition Act provisions prohibiting false ormisleading representations to promote a business interest of the supply

    or use of a product Numbering of Competition Act amendments is particularly confusing

    Investigation/enforcement by Competition Bureau

    Bureau has sought and obtained sizeable fines in the past for deceptivemarketing practices

    Bureau is seeking $10m fine against Rogers for alleged misleadingadvertising

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    35/47

    35

    Competition Act new s. 74.011 and s.52.01

    prohibits representation that is false or misleading in a material respect inelectronic message

    prohibits false or misleading representation in sender information in electronic message

    subject matter information in electronic message

    locater look at general impression and literal meaning

    only first prohibition states in a material respect

    no to the public concept

    no concept of exception for consent or existing business relationship

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    36/47

    36

    Definitions (s. 70(2))

    sender information means the part of an electronic message

    including the data relating to source, routing, addressing or signalling that identifies or purports to identify the sender or the origin of themessage

    subject matter information means the part of an electronic messagethat purports to summarize the contents of the message or to give anindication of them

    locator means a name or information used to identify a source of dataon a computer system, and includes a URL

    electronic message is widely defined, same as in Bill C-28

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    37/47

    37

    Competition Act DiscussionExamples

    Sender Information

    VISA

    Locator

    www.bmosecuritylink.com

    Subject Matter Information

    Fly Ottawa to Calgary for $299 return

    Lose 20 Pounds in 3 Weeks

    Our best sale of the year

    Exclusive upgrade offer from ABC Hotels

    Aggressive e-mail subject matter language poses substantial risk to senders

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    38/47

    38

    Enforcement Measures

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    39/47

    39

    Bill C-28 Enforcement

    Bill C-28 is complicated

    The Bill contains amendments to several statutes, and contemplatesinter-related actions by several agencies and enforcement routes

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    40/47

    40

    Enforcement Routes

    CRTC spam, spyware, message misrouting

    Competition Bureau false or misleading messages or components

    criminal

    reviewable

    Privacy Commissioner improper harvesting of personal information

    Private actions all of the above class actions

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    41/47

    41

    CRTC

    CRTC designates enforcement officers (SPAM police?) (s. 14)

    can issue preservation demand, notice to produce documents, can apply forsearch warrants

    EO issues notice of violation (like parking ticket) (s.22) sets out AMPS amount

    C-28 provides factors for determining penalty (s.20(3))

    previous history of contraventions

    financial benefit received from offending activity ability to pay

    other

    offender must either pay or ask CRTC panel to rule (s. 24)

    A Commission review is decided on balance of probabilities (s. 25) appeal to FCA is possible, with leave on question of fact (s. 27)

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    42/47

    42

    CRTC

    undertakings possible (i.e negotiated outcome, may include paymentrequirement) (s. 21)

    sizeable AMPS possible (s. 20)

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    43/47

    43

    Competition Act

    Criminal prosecution (s. 75)

    for egregious situations

    knowingly or recklessly makes a representation

    fines/imprisonment possible

    allows private right of action for damages

    Reviewable conduct (s. 77)

    prohibition orders publication of corrective notice (more SPAM?)

    AMPS

    corporation =

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    44/47

    44

    PIPEDA

    Bill C-28 expands the concept of privacy under PIPEDA to includeharvesting an individuals electronic address and collecting personal

    information by accessing a computer system in contravention of a federallaw.

    Privacy Commissioner can investigate and take appropriate action as inother privacy complaints.

    However, a private right of action is now available as additionalenforcement right.

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    45/47

    45

    Private Right of Action (ss. 47-51)

    Contravention Trigger (s. 47)

    Bill C-28, s. 6-9 (unless CRTC has taken enforcement action oragreed to undertaking s.48)

    does s. 48 provide an incentive to self-report and settle withCRTC?

    Competition Act for reviewable conduct of false or misleadingrepresentations

    PIPEDA provisions re harvesting personal addresses/information

    h f

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    46/47

    46

    Private Right of Action

    Recovery (s. 51(1))

    compensation for loss or expense

    private fines

  • 8/7/2019 Sookman Salzman ITCAN Spam Slides

    47/47

    47

    VANCOUVERSuite 1300, 777 Dunsmuir StreetP.O. Box 10424, Pacific CentreVancouver BC V7Y 1K2Tel: 604-643-7100Fax: 604-643-7900Toll-Free: 1-877-244-7711

    CALGARYSuite 3300, 421 7th Avenue SWCalgary AB T2P 4K9Tel: 403-260-3500Fax: 403-260-3501Toll-Free: 1-877-244-7711

    TORONTOBox 48, Suite 5300Toronto Dominion Bank TowerToronto ON M5K 1E6Tel: 416-362-1812Fax: 416-868-0673Toll-Free: 1-877-244-7711

    OTTAWASuite 200, 440 Laurier Avenue WestOttawa ON K1R 7X6Tel: 613-238-2000Fax: 613-563-9386

    Toll-Free: 1-877-244-7711

    MONTRALSuite 25001000 De La Gauchetire Street WestMontral QC H3B 0A2Tel: 514-397-4100Fax: 514-875-6246Toll-Free: 1-877-244-7711

    QUBECLe Complexe St-Amable1150, rue de Claire-Fontaine, 7e tageQubec QC G1R 5G4Tel: 418-521-3000Fax: 418-521-3099Toll-Free: 1-877-244-7711

    UNITED KINGDOM & EUROPE125 Old Broad Street, 26th FloorLondon EC2N 1ARUNITED KINGDOMTel: +44 (0)20 7489 5700Fax: +44 (0)20 7489 5777