Archive for the ‘E-commerce’ category

Will it be illegal to recommend a dentist under Canada’s new anti-spam law (CASL)?

January 3rd, 2012

Over the holidays I got an email from one of my relatives visiting Toronto. She asked me to recommend a dental surgeon for an unexpected tooth extraction. She also asked me to refer her to other dentists to get additional recommendations. I sent her an email with a recommendation to get treatment from a dental surgeon who I encouraged her to see and also provided the name of a family dentist who could make other recommendations. My email included a link to a website of the clinic operated by the dental surgeon. My wife sent a similar email when I told her my relative was looking for a dentist. Later that day I started wondering whether responding to this type of inquiry would be legal or illegal under Canada’s anti-spam law (CASL), once it is proclaimed into force.

Draft FISA (Anti-SPAM) regulations published by CRTC and Industry Canada (updated)

July 18th, 2011

The Canadian Anti-SPAM law (CASL or FISA) contemplated that regulations would need to be promulgated before the Act is proclaimed into force. CASL contemplated two sets of regulations: one from Industry Canada and the other from the CRTC.  The CRTC published draft regulations for comment purposes on June 30, 2011. The Commission will accept comments from interested persons that it receives on or before September 7, 2011, a date extended by the CRTC from the original date of 29 August 2011.

The CRTC draft regulations are as follows:

Who bears the risk of loss when a corporate bank account is hacked?

June 20th, 2011

Recently, we have witnessed numerous examples of corporate web sites being hacked. Sony, Sega, Honda, Citibank, and Epsilon are all recent examples. When these sites are hacked often the victims are individual customers whose personal information is accessed. But, when a bank account is hacked often the object is money. When such an account is hacked such as by an unauthorized wire transfer or withdrawal, who bears the risk of loss, the bank or the customer whose account is raided?

Developments in Computer, Internet and E-Commerce Law (2010-2011)

June 15th, 2011

Here are the slides used in my presentation to the Toronto Computer Lawyers Group earlier today, The Year in Review: Developments in Computer, Internet and E-Commerce Law (2010-2011). It covers significant developements since my talk last spring.

The slides include a summary of the following cases and statutory materials:


Cite Cards Canada Inc. v. Pleasance, 2011 ONCA 3

Leon’s Furniture Limited v. Alberta (Information and Privacy Commissioner), 2011 ABCA 94

State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada, 2010 FC 736

Nammo v. TransUnion of Canada Inc., 2010 FC 1284

G8 declaration: Internet and IP critical to innovation

May 30th, 2011

The leaders of the G8 concluded their meetings last week with a renewed commitment to freedom and democracy. They released a declaration dealing with a variety of topics including the importance of the Internet and intellectual property as catalysts to innovation. The declaration also highlights the challenges of maintaining the privacy and security of networks and network communications.

The declaration on the Internet made the link between the Internet and innovation as follows:

For business, the Internet has become an essential and irreplaceable tool for the conduct of commerce and development of relations with consumers. The Internet is a driver of innovation, improves efficiency, and thus contributes to growth and employment…

Naming Canada’s Anti-Spam/Anti-Spyware Law

February 14th, 2011

Last week in a blog post I asked for suggestions to help name Canada’s new anti-SPAM and anti-spyware law, Bill –C-28. The Bill has no short title and needs one.

You clearly had fun trying to come up with a name. Some of you suggested a few names. Some suggestions were serious (more or less). Others were hysterical, many reflecting your thoughts about the Bill, or about SPAM. Here are your proposals to name the Bill.

Name Canada’s Anti-Spam/Anti-Spyware Law

February 6th, 2011

Canada has a new anti-SPAM and anti-spyware law, Bill –C-28. It is a law with an inordinately long name: “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act”.

The Bill has no short title. As a result different terms and acronyms are being used to refer to it including the ECPA, FISA, FIWSA, the SPAM Bill, the Anti-SPAM Legislation, and the Anti-SPAM and Anti-Spyware Bill.

Impacts of Bill C-28 (the new anti-SPAM and anti-spyware legislation)

January 26th, 2011

The new anti-SPAM and anti-spyware legislation (Bill C-28) will have significant implications for entities carrying on business in Canada and for entities doing business with Canadians. Its scope is very broad. Its approach to tacking the challenges posed by SPAM, malware, spyware, false and misleading representations associated with electronic messages, and harvesting of electronic address and personal information, is comprehensive.

The legislation creates significant vicarious and accessorial liability for companies and for their officers and directors with the potential for administrative penalties of up to $10 million and damages awards which can reach $1 million per day or per breach.

Canada Passes Anti-Spam and Anti-Spyware Law

January 6th, 2011

Organizations that conduct business online should start preparing for Canada’s new anti-spam and anti-spyware legislation, which was passed in mid-December and is expected to come into force later this year.1 As the Act is complex and the penalties for violating the new law can be severe, organizations should review and modify their online practices, where necessary, at an early opportunity.

Export Controls Alert: Canada’s Response to Liberalization of Controls on Ancillary Encryption

June 18th, 2010

Canadian controls over the export or transfer of goods, software and technology containing or designed to work with encryption continue to present challenges for Canadian companies. Export permits must be applied for and obtained in order to export information security items or transfer any related technology from Canada to destinations other than the United States. Canada’s Export Control List identifies the goods and technology covered by these requirements and imposes a very low threshold of control — encryption with key lengths in excess of 64 bits (in the case of symmetric algorithms). Further, the available exemptions for mass market items and technology and software in the public domain may only be relied upon in very limited circumstances.