Industry Canada ic.gc.ca

Similar documents
Crawford Chondon &Partners LLP. Is your Business Ready for Canada s Anti Spam Law?

Canada Anti-Spam Legislation: Obligations and Opportunity. Presenters: Matthew Wansink Chris Bakker

Guidance on Canada s Anti-Spam Legislation (CASL) for REALTOR Members

Privacy Law in Canada

Managing the message Canada s new anti-spam law sets a high bar

ACCEPTABLE USE AND TAKEDOWN POLICY

An Anti-Spam Action Plan for Canada. Industry Canada

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

THE ANTI-SPAM REGULATORY POLICY FRAMEWORK FOR THE KINGDOM OF SAUDI ARABIA

A SIMPLIFIED EXPLANATION OF CANADA S NEW LAW ON SPAM

TERMS OF SERVICE TELEPORT REQUEST RECEIVERS

Anti-SPAM Policy v

Recurrent Patterns Detection Technology. White Paper

Anti-Spam Toolkit February 2014

Privacy Law in Canada

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

Cablelynx Acceptable Use Policy

Privacy, Data Collection and Information Management Practice Team November 13, 2003

Abused Internet Domain Registration Analysis for Calculating Risk and Mitigating Malicious Activity

The DMA s Analysis of Can Spam Act of 2003

AXIS12 DRUPAL IN A BOX ON THE CLOUD

Top tips for improved network security

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

FLORIDA A&M UNIVERSITY BOARD OF TRUSTEES NOTICE OF PROPOSED AMENDED REGULATION

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Acceptable Use and Publishing Policy

Marketing Workshop

PRIVACY, ANTI-SPAM AND YOUR BUSINESS: WHERE DO WE STAND? Presented by: Cameron Mitchell B.A., LL.B.

Evaluating the Perceptions of People towards Online Security

Ipswitch IMail Server with Integrated Technology

1. General Rules & Regulations

Acceptable Use (Anti-Abuse) Policy

Acceptable Use Policy

Mass Marketing Fraud Affecting Canadian Businesses

DON T BE FOOLED BY SPAM FREE GUIDE. Provided by: Don t Be Fooled by Spam FREE GUIDE. December 2014 Oliver James Enterprise

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

FKCC AUP/LOCAL AUTHORITY

LETABA WIRELESS INTERNET CC ACCEPTABLE USE POLICY

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

Sample Employee Network and Internet Usage and Monitoring Policy

You must be at least 18 years of age to use our website. By using our website you warrant and represent that you are at least 18 years of age.

T-CY Guidance Note #4 Identity theft and phishing in relation to fraud

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Acceptable Usage Policy

Acceptable Use Policy of UNWIRED Ltd.

AN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown

Your Content refers to the information that you wish to transfer using our Services.

Virgin Media Business Acceptable Use Policy (Internet)

Terms and conditions of use

Commercial in confidence TELSTRA WHOLESALE ACCEPTABLE USE POLICY. Commercial-in-Confidence. Issue Number 1.5, 20 November 2012

OLYMPIC COLLEGE POLICY

Kingdom of Saudi Arabia Communication and Information Technology Commission. Public Consultation Document On the Anti-SPAM Policy Framework

AAUW Site-Resources Website Services Agreement. Contact Information. Website Information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

region16.net Acceptable Use Policy ( AUP )

(the "Website") is provided by Your Choice Counselling.

By writing to: Cougar Wireless, Attention: Customer Service, 4526 S. Regal St., Suite A, Spokane, WA., 99224

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

Terms of Use. Please Read Carefully Before Using This Website and Provided Services and Products:

Internet basics 2.3 Protecting your computer

Canada s New Anti-Spam Regime: Guidance for Your Organization

APPROPRIATE USE OF DIGITAL COMMUNICATIONS AND TECHNOLOGIES POLICY

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Department of Communications. Enhancing Online Safety for Children Discussion Paper. Submission by the Australian Federal Police

Transcription:

Industry Canada ic.gc.ca Questions and Answers Bill C-28: Canada's Anti-Spam Legislation What is spam? Spam can be defined as any electronic commercial message sent without the express or implied consent of the recipient(s). Spam is also used as the vehicle for the delivery of other online threats such as spyware, phishing and malware. What is the intent of the legislation? The intent of the legislation is to deter the most damaging and deceptive forms of spam from occurring in Canada, creating a more secure online environment. It does this by addressing the sending of spam, the undesired installation of spyware and malware on the computers of businesses and individuals, and the alteration of transmission data. The bill also extends the provisions of the Competition Act concerning false and misleading marketing to electronic messages, and restricts the scope of certain exceptions under the Personal Information Protection and Electronic Documents Act. Spam is a nuisance, but how is it harmful? Spam includes more than unsolicited commercial messages. It has become the vehicle for a wide range of threats to online commerce affecting individuals, businesses and network providers. For individuals, spam can lead to the theft of personal data to rob bank and credit card accounts (identity theft); online fraud luring individuals to counterfeit websites (phishing); the collection of personal information through illicit access to computer systems (spyware); and false or misleading representations in the online marketplace. Businesses are victimized by the counterfeiting of business websites to defraud individuals and businesses (spoofing). Recognizing that spam represents nearly 90 percent of worldwide email traffic, network providers are forced to invest ever-increasing resources to prevent spam from entering their networks. Once established, spam slows networks down, and spam-borne viruses and other malicious software (malware) are used to operate networks of "zombie" computers

(botnets) without their owners' knowledge. These network attacks threaten the stability of the Internet and online services as well as the confidence of Canadians to participate in the digital economy by conducting commerce online. Can you expand on the threats that the bill addresses? While spam is harmful in itself, it has become the primary vehicle for the delivery of other online threats, such as spyware, malware and phishing. Spyware is software that collects information about a user and/or modifies the operation of a user's computer without the user's knowledge or consent. Malware is a general term for all forms of harmful and malicious content, especially hostile software such as viruses, worms and Trojan horses. Phishing involves impersonating a trusted person or organization in order to steal someone's personal information, generally for the purpose of identity theft. Collectively, these online threats disrupt online commerce and reduce business and consumer confidence in the online marketplace, congest networks, impose heavy costs on network operators and users, threaten network reliability and security, and undermine personal privacy. What can individuals and businesses do to protect themselves against spam and related online threats? Education and awareness are key to ensuring that individuals and businesses are taking the right steps in proactively combating spam. Network security programs, spam filters and anti-virus software are also helpful in this regard. To serve Canadians, this legislation will provide for a national coordinating body, which will coordinate public education and awareness efforts and lead policy oversight and coordination. This initiative will also facilitate the establishment of a non-government agency, a spam reporting centre, which will receive reports of spam and related threats, allowing it to collect evidence and gather intelligence to assist the three enforcement agencies (the Canadian Radio-television and Telecommunications Commission, Competition Bureau Canada and the Office of the Privacy Commissioner) with investigations. The spam reporting centre will track and analyze statistics and trends in spam and other related online threats. How long will it take before Canadians can expect to see a real difference in the amount of spam received? Based on the experience of other countries with similar legislation, noticeable results are expected to occur quickly. The year after Australia passed similar legislation in 2004, it dropped out of the world's top 10 spam originating countries. Will the new legislation eliminate spam in Canada? If not, by how much will it be reduced? While it is not expected that the new legislation will eliminate spam altogether, businesses and consumers will see a reduction in the amount of spam received. The intent of the law is to deter the most damaging and deceptive forms of spam from occurring in Canada and help drive spammers out of Canada. Has anti-spam legislation been effective in other countries?

Several of Canada's global partners, such as Australia, the U.K. and the U.S., have passed strong domestic laws to combat spam and related online threats. After the Australian Spam Act came into effect, the proportion of global spam originating from Australia was greatly reduced. Some major spammers, particularly pornographic spammers, closed their Australian operations altogether. I am a legitimate business owner who uses bulk email to reach my customers. How will I be affected by these new anti-spam measures? Legitimate businesses that use email to market their products to Canadians should not be negatively impacted by this legislation. The consent regime is based on existing marketplace best practices and uses a consumer opt-in approach, which stipulates that businesses must get express consent or implied consent prior to sending commercial electronic messages. Apart from express consent, consent to receive commercial messages is implied: a. where an existing business relationship exists with a customer or client, or b. the electronic messages are relevant to the recipient's business, role, function or duties, and the electronic address has been conspicuously published or disclosed, without a statement that the person does not wish to receive unsolicited commercial electronic messages. What about text messages or "cellphone spam"? Is it covered? Yes. The legislation takes a technology-neutral approach, so that all forms of commercial electronic messages can be treated the same way. That means that unsolicited text messages, or cellphone spam, is addressed. What if I buy email lists? How will I be affected by these measures? The Act does not prohibit the legitimate collection and compiling of lists of email addresses, provided the activity follows the rules regarding consent in the legislation and other principles that apply within federal and provincial privacy laws. Federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), sets out the rules for the collection, use and disclosure of such personal information, and these continue to apply under the new Act. Under PIPEDA, an organization may not collect personal information without the knowledge or consent of an individual unless the information is publicly available (according to regulations). In addition, the organization must state the purpose of the collection of that information. Are there exceptions, as with the National Do Not Call List (DNCL), for political parties and charities? The legislation does not apply to non-commercial activity. Political parties and charities that engage Canadians through email are not subject to the legislation if these communications do not involve selling or promoting a product. There are also further exemptions for situations where such organizations engage in commercial activities with people who have made a donation or gift in the last 24 months, volunteered or performed volunteer work in the last 24 months, or were a member of the organization in the last 24 months. These exceptions apply to registered charities, political parties and candidates in federal, provincial, territorial or municipal elections.

If you are raising funds for charitable or other non-profit purposes, you must ensure that your messages are truthful and accurate in order to avoid potential concerns under the Competition Act. Why is there a transitional or "grandfather" clause for existing business relationships in effect prior to the Act coming into force? The government understands that some small businesses and not-for-profit organizations do not have the technological sophistication to automate their email lists, for example. This clause gives these entities a 36-month transition period, so they are not caught off-guard by the legislation. Why is the government not exempting surveys and market research? Those doing surveys and market research are not affected by the legislation as long as they are not trying to sell something, so the electronic message is not considered to be a commercial message. The government is concerned that an explicit exemption for surveys and marketing research would easily be abused. What purpose is served by the clause governing product updates? This clause was included to allow for automatic updates and program upgrades to be installed without requiring the installer of the computer program to seek express consent for each subsequent installation. This would allow for daily or weekly updates to anti-virus, anti-spam and other computer programs as long as they fall within the original express consent that was given when the program was initially purchased or installed. What impact will this legislation have on self-governing professions? Self-regulating industries should not be affected by the legislation if they are not trying to sell something, since their electronic messages would not be considered as commercial messages. If a self-governing profession wishes to contact its clients or members regarding a commercial matter, it is not unreasonable for them to get express consent from their membership in advance. Once that consent is obtained, it remains valid until it is explicitly withdrawn. How does this bill address the collection of personal information by accessing a computer system or by causing a computer system to be accessed without authorization? The bill includes an amendment to PIPEDA that will enhance privacy protections in some circumstances. PIPEDA generally requires knowledge and consent for the collection and use of personal information. PIPEDA includes a list of exemptions from this requirement in certain circumstances, including where the information is publicly available, for journalistic purposes, or the purposes of private investigations. In these circumstances, it is not necessary under PIPEDA to get consent for the collection of personal information, regardless of whether access to the computer system holding that personal information was otherwise legal or illegal. The legislation includes an amendment that will make these exemptions unavailable when a computer system is accessed in contravention of an Act of Parliament in order to collect personal information. To enforce this protection against collection without consent, the legislation attaches a private right of action to such privacy violations.

In Bill C 27, tabled in the last session of Parliament, this provision applied where access to a computer system was "without authorization". Industry associations raised concerns with the uncertainty of this language, pointing out that, as drafted, persons could post a "Terms of Use" page on a website stating that the collection of information from that site was "unauthorized" under PIPEDA. To address these concerns, the provision now applies where access to a computer system is "in contravention of an Act of Parliament." This clarifies the intended scope of the provision, addresses the uncertainty that concerned industry associations, and yet elevates privacy protections to levels consistent with the intent and purpose of the legislation. What other amendments have been made? A number of technical and coordinating amendments were made to ensure the smooth functioning of the legislation. These amendments will ensure effective coordination with other Acts of Parliament.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information