Earlier today the Government introduced two important Bills – Bills C-28 and C-29.
Bill C-28, Fighting Internet and Wireless Spam Act, is the re-introduction of the Electronic Commerce Protection Act (ECPA). It is essentially the Bill as passed by the House of Commons just before the olympics with a few changes. Most of the changes are to harmonize the language to drafting conventions or to clarify the legislative intent.
The Bill is a major improvement over the initial version of the ECPA which was significantly improved during the Industry Committee review.
The Bill would do the following:
• Prohibit the sending of commercial electronic messages without prior consent.
• Prohibit alteration of transmission data to route the message to an unintended destination.
• Prohibit installation or use of spyware in the course of commercial activities (there are exceptions for cookies, html code, java scripts and operating systems).
• Amend the Competition Act to prohibit false or misleading commercial representations made electronically.
• Amend PIPEDA to prohibit the collection of personal information by means of unauthorized access to computer systems in violation of federal laws, and the unauthorized automated compiling of lists of electronic addresses.
Bill C-29 is a new piece of legislation that will amend PIPEDA. It would do the following:
• Exclude business contact information from being personal information.
.• Specify the elements of valid consent (“the consent of an individual is only valid if it is reasonable to expect that the individual understands the nature, purpose and consequences of the collection, use or disclosure of personal information to which they are consenting”).
• Require organizations to report material data breaches of personal information to the Privacy Commissioner of Canada, and to notify affected individuals when the breach poses a real risk of significant harm, such as identity theft or fraud, or damage to reputation.
• Create exceptions for prospective and completed business transactions such as the purchase of an organization or assets, M&A transactions, financings and loans, taking security, lease or license transactions, other arrangements to conduct a business activity.
• Permit organizations to collaborate with government institutions, such as law enforcement and security agencies that have requested personal information, in the absence of a warrant, subpoena, or order.