CASL Compliance Enforcement Update 2016 IT CAN Annual
- Slides: 35
CASL Compliance & Enforcement Update 2016 IT. CAN Annual Conference Montreal| October 24, 2016 | David Elder STIKEMAN ELLIOTT LLP | MONTRÉAL TORONTO OTTAWA CALGARY VANCOUVER NEW YORK LONDON SYDNEY www. stikeman. com
Agenda CASL • CASL 101 • Complaints • Enforcement Actions: • CRTC • Privacy Commissioner of Canada • Competition Bureau • Lessons Learned – investigations & undertakings • Record-Keeping Tips STIKEMAN ELLIOTT LLP
CASL 101: Review of Key Requirements CASL SLIDE 2 STIKEMAN ELLIOTT LLP
CASL in a Nutshell § Commercial Electronic Messages − Prohibits sending commercial electronic messages without express consent − Some exceptions § Installation of Computer Programs − Prohibits the installation of a computer program without express consent − Some exceptions § Alteration/Rerouting − Prohibits the alteration of transmission data or rerouting of messages without express consent 3 STIKEMAN ELLIOTT LLP
Enforcement § AMPs for “violations” (Up to $ 1 M individual, $ 10 M corporate) § Undertakings § Public shaming § Registration with court – enforced as contempt § Injunctions, Restraining Orders § Offences § Private right of action § Preservation demand § Notice to produce § Search warrant 4 STIKEMAN ELLIOTT LLP
Investigation & Enforcement § CRTC has been active with respect to enforcement/investigations re CEMs and alteration of transmission data § Tools: − Preservation demands − Notice to produce − Warrants § “Honeypots” § For computer programs, initial focus on malware/botnets? 5 STIKEMAN ELLIOTT LLP
Complaints CASL SLIDE 6 STIKEMAN ELLIOTT LLP
Complaints § Spam Reporting Centre up and running § CRTC has received approx. 710, 000 complaints as of September 30 th § Bulk of these were forwarded to spam@fightspam. gc. ca § Fewer filled out online form, provided details § Believed vast majority of complaints re commercial electronic messages (not installation of programs, alteration or rerouting) 7 STIKEMAN ELLIOTT LLP
Enforcement Actions CASL SLIDE 8 STIKEMAN ELLIOTT LLP
9 STIKEMAN ELLIOTT LLP
10 STIKEMAN ELLIOTT LLP
11 STIKEMAN ELLIOTT LLP
12 STIKEMAN ELLIOTT LLP
13 STIKEMAN ELLIOTT LLP
14 STIKEMAN ELLIOTT LLP
Other investigation/enforcement models § Preservation/Production Order § Entry Warrant (with Police) seizure § Direct Issuance of NOV § Right to make representations to CRTC § Commission decides on b. o. p. whether violation committed § May impose NOV penalty, may reduce or waive penalty, or may suspend payment of penalty subject to any conditions necessary to ensure compliance STIKEMAN ELLIOTT LLP
16 STIKEMAN ELLIOTT LLP
17 STIKEMAN ELLIOTT LLP
Privacy Commissioner Action CASL SLIDE 18 STIKEMAN ELLIOTT LLP
19 STIKEMAN ELLIOTT LLP
Compu-Finder § Address harvesting, but also consent (Principle 4. 3, s. 7) § Personal information/business contact information § Collection of email addresses − Telemarketing – no disclosure that purpose for collection was email marketing − Websites – collected where notices said not to be used for commercial purposes § Evidentiary and accountability issues § Errors in responses 20 STIKEMAN ELLIOTT LLP
PIPEDA lives! “The relevance of CASL In its representations, Compu-Finder referred to provisions of CASL relating to the sending of commercial electronic messages, and regulations made thereunder, as justification for its practices. In our view, these provisions, while similar in some respects to those found in the Act, are not directly relevant to our investigation, which was focused on Compu-Finder's compliance with PIPEDA. We have therefore not considered such provisions further in our analysis, except with respect to the amendments CASL made to the Act regarding address harvesting. ” Compu-Finder findings, paragraph 114 21 STIKEMAN ELLIOTT LLP
Competition Bureau Action CASL SLIDE 22 STIKEMAN ELLIOTT LLP
23 STIKEMAN ELLIOTT LLP
Investigations and Undertakings CASL SLIDE 24 STIKEMAN ELLIOTT LLP
Anatomy of a typical investigation § Request for information § Response § Follow-ups and Response (repeat as necessary) § Invitation to discuss findings/settlement § Agreement § Review and finalization of undertaking agreement § Execution § Payment of AMPS § Media release STIKEMAN ELLIOTT LLP
Typical CRTC Undertaking 1. Applies to broader corporate family 2. Agreement to comply in future 3. Agreement to cease offending practice(s) 4. Payment of AMP 5. Creation/update of corporate compliance program 6. Confirm when done 7. Review on annual basis – provide written report on request Note CRTC practice is to register agreements with Federal Court – can be enforced as if order of the Court 26 STIKEMAN ELLIOTT LLP
Typical OPC Compliance Agreement 1. List of OPC findings 2. Acknowledgement/no admission 3. List of agreed to remedial measures 4. Reporting, monitoring obligations – 3 rd party report? 5. Notice that OPC may request further info, visit premises, go to Fed Ct 6. Organization to pay costs of compliance 7. Publication 8. Info session? 27 STIKEMAN ELLIOTT LLP
Record-Keeping Tips CASL SLIDE 28 STIKEMAN ELLIOTT LLP
29 STIKEMAN ELLIOTT LLP
Record-keeping tips § All evidence of express and implied consent (audio, forms, electronic forms § Date, time, originating telephone number/IP address, etc. § Best evidence rule: CRTC prefers direct evidence; organizationcreated record likely insufficient § All unsubscribe requests and resulting actions § Documented methods through which consent collected (particularly important where oral consent) § Documented CASL compliance policies and procedures, including training 30 STIKEMAN ELLIOTT LLP
Lessons Learned CASL SLIDE 31 STIKEMAN ELLIOTT LLP
Lessons Learned 1. May help to revise practices quickly (or may not) 2. Only partial disclosure of case against you 3. Complainants assumed to be truthful– onus on company to disprove 4. Some have settled where not clear violation committed 5. Predilection for AMPs 6. Unclear what weight, if any given to due diligence 7. Unclear how AMPs calculated 8. Warrants are intense, disruptive – watch privilege issues closely 9. Warrants most likely re malware investigations 10. Beware continuing application of privacy laws STIKEMAN ELLIOTT LLP
33 STIKEMAN ELLIOTT LLP
Questions & Answers STIKEMAN ELLIOTT LLP www. stikeman. com David Elder delder@stikeman. com
Casl audit
Njdep ust regulations
Njdep compliance and enforcement
Is an alternative of log based recovery
Move update compliance
Texas commission on law enforcement
Second line enforcement
Crane night vision lease program
Hours of service mto
Law enforcement agencies data system
Lemhwa report to congress
Linx ncr
Law enforcement and emergency services video association
Florida association of code enforcement
Fines enforcement registry
Code enforcement columbus ohio
Atlanta code enforcement
Virginia law enforcement assistance program
National liquor law enforcement association
Law enforcement information exchange
Planning enforcement
Markscan enforcement
Digital logbook maintenance and inspection
Military and law enforcement
Military and law enforcement
Hpd enforcement desk bed bugs
Nfhs holding penalty enforcement
Post scrimmage kick enforcement
Law enforcement agencies
Law enforcement first responder
Law enforcement agency
Calphoto dmv law enforcement
City of wenatchee code enforcement
Asean wildlife enforcement network
Nc dmv license and theft bureau
Massachusetts association for professional law enforcement
