Presentation is loading. Please wait.

Presentation is loading. Please wait.

CASL Agenda CASL 101 Complaints Enforcement Actions: CRTC

Published byBeatrice Hodge Modified over 6 years ago

Similar presentations

Presentation on theme: "CASL Agenda CASL 101 Complaints Enforcement Actions: CRTC"— Presentation transcript:

0 CASL Compliance & Enforcement Update
2016 IT.CAN Annual Conference Montreal| October 24, 2016 | David Elder

1 CASL Agenda CASL 101 Complaints Enforcement Actions: CRTC
Privacy Commissioner of Canada Competition Bureau Lessons Learned – investigations & undertakings Record-Keeping Tips

2 CASL 101: Review of Key Requirements

3 CASL in a Nutshell Commercial Electronic Messages
Prohibits sending commercial electronic messages without express consent Some exceptions Installation of Computer Programs Prohibits the installation of a computer program without express consent Some exceptions Alteration/Rerouting Prohibits the alteration of transmission data or rerouting of messages without express consent

4 Enforcement AMPs for “violations” (Up to $ 1 M individual, $ 10 M corporate) Undertakings Public shaming Registration with court – enforced as contempt Injunctions, Restraining Orders Offences Private right of action Preservation demand Notice to produce Search warrant

5 Investigation & Enforcement
CRTC has been active with respect to enforcement/investigations re CEMs and alteration of transmission data Tools: Preservation demands Notice to produce Warrants “Honeypots” For computer programs, initial focus on malware/botnets?

6 Complaints CASL

7 Complaints Spam Reporting Centre up and running
CRTC has received approx. 710,000 complaints as of September 30th Bulk of these were forwarded to Fewer filled out online form, provided details Believed vast majority of complaints re commercial electronic messages (not installation of programs, alteration or rerouting)

8 Enforcement Actions CASL

9

10

11

12

13

14

15 Other investigation/enforcement models
Preservation/Production Order Entry Warrant (with Police) - seizure Direct Issuance of NOV Right to make representations to CRTC Commission decides on b.o.p. whether violation committed May impose NOV penalty, may reduce or waive penalty, or may suspend payment of penalty subject to any conditions necessary to ensure compliance

16

17

18 Privacy Commissioner Action
CASL

19

20 Compu-Finder Address harvesting, but also consent (Principle 4.3, s. 7) Personal information/business contact information Collection of addresses Telemarketing – no disclosure that purpose for collection was marketing Websites – collected where notices said not to be used for commercial purposes Evidentiary and accountability issues Errors in responses

21 PIPEDA lives! “The relevance of CASL
In its representations, Compu-Finder referred to provisions of CASL relating to the sending of commercial electronic messages, and regulations made thereunder, as justification for its practices. In our view, these provisions, while similar in some respects to those found in the Act, are not directly relevant to our investigation, which was focused on Compu-Finder's compliance with PIPEDA. We have therefore not considered such provisions further in our analysis, except with respect to the amendments CASL made to the Act regarding address harvesting.” Compu-Finder findings, paragraph 114

22 Competition Bureau Action
CASL

23

24 Investigations and Undertakings
CASL

25 Anatomy of a typical investigation
Request for information Response Follow-ups and Response (repeat as necessary) Invitation to discuss findings/settlement Agreement Review and finalization of undertaking agreement Execution Payment of AMPS Media release

26 Typical CRTC Undertaking
Applies to broader corporate family Agreement to comply in future Agreement to cease offending practice(s) Payment of AMP Creation/update of corporate compliance program Confirm when done Review on annual basis – provide written report on request Note CRTC practice is to register agreements with Federal Court – can be enforced as if order of the Court

27 Typical OPC Compliance Agreement
List of OPC findings Acknowledgement/no admission List of agreed to remedial measures Reporting, monitoring obligations – 3rd party report? Notice that OPC may request further info, visit premises, go to Fed Ct Organization to pay costs of compliance Publication Info session?

28 Record-Keeping Tips CASL

29

30 Record-keeping tips All evidence of express and implied consent (audio, forms, electronic forms Date, time, originating telephone number/IP address, etc. Best evidence rule: CRTC prefers direct evidence; organization-created record likely insufficient All unsubscribe requests and resulting actions Documented methods through which consent collected (particularly important where oral consent) Documented CASL compliance policies and procedures, including training

31 Lessons Learned CASL

32 Lessons Learned May help to revise practices quickly (or may not)
Only partial disclosure of case against you Complainants assumed to be truthful– onus on company to disprove Some have settled where not clear violation committed Predilection for AMPs Unclear what weight, if any given to due diligence Unclear how AMPs calculated Warrants are intense, disruptive – watch privilege issues closely Warrants most likely re malware investigations Beware continuing application of privacy laws

33

34 David Elder delder@stikeman.com
Questions & Answers David Elder

Download ppt "CASL Agenda CASL 101 Complaints Enforcement Actions: CRTC"

Similar presentations

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
BIE SPECIAL EDUCATION ACADEMY PRESENTERS: JUDY WILEY AND NARCY KAWON I ntroduction to Procedural Safeguards Bureau of Indian Education.

BIE SPECIAL EDUCATION ACADEMY PRESENTERS: JUDY WILEY AND NARCY KAWON I ntroduction to Procedural Safeguards Bureau of Indian Education.
Bill c. 23 - CASL Effects of the Canadian Anti-Spam Legislation (CASL) at Skate Canada.

Bill c CASL Effects of the Canadian Anti-Spam Legislation (CASL) at Skate Canada.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
CANADA’S ANTI-SPAM LEGISLATION  An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage.

CANADA’S ANTI-SPAM LEGISLATION  An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.

The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.

1 Unsolicited Electronic Messages Ordinance An Overview of Implementation and Enforcement 28 May 2007.
Per Anders Eriksson

Per Anders Eriksson
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
CASL and Common Sense: Coming to Grips With Canada’s Anti-Spam Law professor michael geist university of ottawa, faculty of law.

CASL and Common Sense: Coming to Grips With Canada’s Anti-Spam Law professor michael geist university of ottawa, faculty of law.
DATA PROTECTION OFFICE

DATA PROTECTION OFFICE
22 Canada’s Anti Spam Law (CASL) March 2014 Jason Beauchamp RBC Insurance.

22 Canada’s Anti Spam Law (CASL) March 2014 Jason Beauchamp RBC Insurance.
Presented by Bishop & McKenzie LLP May 30, 2014. Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.

Presented by Bishop & McKenzie LLP May 30, Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.

Similar presentations

Ads by Google