The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/117042
LEGAL REPORT/Privacy PIPEDA is not enough Meeting the privacy requirements of Canada���s anti-spam legislation requires more than complying with one law or the other. J ust because you���re compliant with Canada���s privacy legislation doesn���t mean you will be compliant with the new anti-spam legislation. Canada���s Anti-Spam Legislation has been on the books since 2010, but has yet to come into effect. While it���s not considered privacy legislation �����it relates to electronic messaging and the installation of computer software ����� it will overlap in some areas with the Personal Information Protection and Electronic Documents Act. And many businesses aren���t prepared for these changes. According to the federal government, the purpose of the legislation is to ���encourage the growth of electronic commerce by ensuring confidence and trust in the online marketplace.��� The legislation prohibits ���damaging and deceptive��� spam, which can include other network-related threats. Aside from sending customers unsolicited marketing material, spam can be used as a vehicle for a wide range of threats. This includes identity theft (through stealing personal data such as bank and credit card numbers), phishing (luring individuals to counterfeit web sites for the purposes of online fraud), spyware (illicit access to computer systems), as well as false or misleading representations. Spam-borne viruses and malware can be used to spread and operate botnets (a network of ���zombie��� computers), which can collect information without the owner���s knowledge. ���A lot of people mistake or confuse the requirements,��� says Alexandra Nicol, an associate with Borden Ladner Gervais LLP who specializes in commercial regulatory matters. ���They think they���re already complying with privacy legislation so they should be fine with the new anti-spam legislation, but they���re not considering them together.��� When trying to integrate the requirements of CASL into their current policies and practices, businesses should not rely upon what they already have in place for PIPEDA because that would likely not be sufficient. CASL sets out a regime of offences and enforcement mechanisms to address and prohibit any kind of unsolicited commercial electronic messages, as well as measures to address the www.CANADIAN L a w ye r m a g . c o m April 2013 47 Alexi Vella By Vawn Himmelsbach