Whither the "Nigerian Prince"? Another Canadian business pays penalty under anti-spam law

David Elder - 

The Canadian Radio-television and Telecommunications (CRTC) has announced its third settlement for alleged violations of the anti-spam law, and again, the announcement relates to a well-known Canadian business, rather than an indiscriminate or malicious spammer.

In this most recent case, Rogers Media Inc. (RMI) agreed to pay an Administrative Monetary Penalty of $200,000 as part of an undertaking to resolve alleged violations of Canada’s Anti-Spam Law (CASL).

Continue Reading...

EU-US safe harbour for data transfers declared invalid - Canadian implications

Michael Decicco

On October 6, 2015, the Court of Justice of the European Union (CJEU) invalidated the decision underlying the European Union’s (EU) safe harbor structure for cross-border data transfers from the EU to the United States in Schrems v. Data Protection Commissioner of Ireland (Schrems).  Shortly following the CJEU’s decision, the Article 29 Data Protection Working Party (Working Party) issued a statement outlining its views as to the consequences of the CJEU decision in Schrems.  The decision may directly impact Canadian businesses which transfer data from the EU to the United States or which host data in the United States.

Safe Harbor and Schrems

Under the EU Data Protection Directive, personal information of EU citizens can only be transferred from the EU to countries with adequate data protection standards.  Safe Harbour, which was negotiated between the European Commission and the United States Department of Commerce, was one of a number of mechanisms available to EU companies to ensure there was an adequate level of protection when transferring personal data of EU citizens to the United States.  To benefit from Safe Harbour, a company was required to self-certify to the United States Department of Commerce that it complied with specified EU privacy standards. 

Continue Reading...

Interlocutory Injunction in Trade-mark Infringement Action Upheld by Federal Court of Appeal

Justine Whitehead and Komil Joshi -

On April 23, 2015, in Jamieson Laboratories Ltd. v. Reckitt Benckiser LLC and Reckitt Benckiser (Canada) Limited 2015 FCA 104, the Federal Court of Appeal upheld a decision granting an interlocutory injunction against a defendant in a trademark infringement suit.  Successful motions for such interlocutory relief are relatively rare in the Federal Court, and this case provides some interesting insight into the type of evidence that might allow a moving party to obtain such relief.

Background Facts

The facts of the case have their origin in activities undertaken in 2012, when Reckitt Benckiser LLC and Reckitt Benckiser (Canada) Limited (Reckitt) decided to enter the North American market in respect of supplements containing omega-3 fatty acids.  In pursuit of this goal, Reckitt engaged both Schiff International, Inc. (Schiff) and Jamieson Laboratories Ltd. (Jamieson) in acquisition talks.

Continue Reading...

Federal Court of Appeal clarifies Industrial Design Act

Justine Whitehead and Gina Demczuk - 

In Zero Spill Systems (Int’l) Inc. v Heide (Zero Spill), the Federal Court of Appeal (FCA) has clarified that a functional feature of an industrial design may be protected under the Industrial Design Act.

The underlying action involved four plaintiffs, and concerned allegations of patent and industrial design infringement with respect to fluid containment apparatuses that were manufactured and distributed by the defendants (referred to collectively herein as “the Heide Defendants”) for use in oil field operations.  While many arguments with respect to patent infringement were raised at the Federal Court and FCA, this post will focus solely on the arguments with respect to the industrial designs. 

Continue Reading...

Airline hits turbulence from CRTC: pays penalty for violations of anti-spam law

David Elder - 

In the most recently announced settlement under Canada’s Anti-Spam Legislation, the CRTC has announced that Porter Airlines Inc. has agreed to pay $150,000 as part of an undertaking concerning alleged violations of the law.

The CRTC’s summary of the undertaking indicates that Porter sent commercial electronic messages:

  • without an unsubscribe mechanism or with an unsubscribe mechanism that was not set out “clearly and prominently”, as required by the Electronic Commerce Protection Regulations (CRTC) (the Regulations).  In this regard, the CRTC noted that some of the messages contained two unsubscribe links, only one of which was functional.  In the CRTC’s view, the unsubscribe mechanism was not clearly set out, as it was not apparent which mechanism was functional
  • without complete identification information required by the Regulations
  • without proof of consent to send commercial electronic messages to some of the recipients
  • to at least one recipient who had previously indicated they wanted to unsubscribe.  The CRTC found that the unsubscribe request was not given effect within 10 business days, as required by the Act
Continue Reading...

Snoops and gossips beware: Ontario Government to introduce stiffer measures to protect patient privacy

Recently, the Government of Ontario announced its intent to strengthen the rules protecting patient privacy. If passed, these amendments to the Personal Health Information Protection Act (PHIPA) would include:

  • Mandatory reporting of privacy breaches to the Privacy Commissioner and potentially the regulatory colleges;
  • Allow individuals to more easily prosecute offences under PHIPA by removing the 6 month limitation period following an alleged privacy breach;
  • Increasing institutional fines for offences from $250,000 to $500,000;
  • Increasing individual fines for offences from $50,000 to $100,000; and
  • Clarifying how and when healthcare providers may collect, use and disclose personal health information contained in electronic health records.
Continue Reading...

Privacy Commissioner study finds compliance gaps with online behavioural advertising

David Elder - 

New research released by the Office of the Privacy Commissioner of Canada (OPC) suggests that most advertising organizations placing behaviourally targeted online advertising are meeting privacy requirements, although the report also suggests there are a number of areas for improvement.

The study showed that most advertising organizations are providing some form of notification to users, as well as an opt-out mechanism; however, the research also suggests that some opt-out procedures can be confusing or cumbersome, and some of the advertising organizations are continuing to serve ads based on sensitive topics.

Continue Reading...

Cybersecurity: What Should a Board of Directors focus on?

In this, the second in our series of posts on the duties of Canadian directors and officers, Vanessa Coiteux and Tania Djerrahian discuss some of the key issues that directors need to focus on in the rapidly developing area of cybersecurity. The article considers some of the cybersecurity concerns expressed by securities regulators and proxy firms as well as some of the considerations that should go into an effective cybersecurity strategy.

Most companies today depend on networks, computers and the Internet to help manage their business. While digital technology has many benefits, it also has the disadvantage of exposing companies to cybersecurity breaches. Historically, many viewed the risks associated with cybersecurity as risks to be entirely managed by a company’s information technology (IT) department. However, given the number of companies in various industries that have experienced cyber-attacks in recent years, and the serious consequences of many of those attacks, boards of directors may, depending on the facts and circumstances surrounding their company,  consider elevating such risks to enterprise-wide risks (as was the case for financial risks following the Enron scandal). As will be discussed below, there are a number of reasons why boards of directors of public companies may want to oversee the management of cyber risks and a number of practical ways of doing so.

Continue Reading...

SEC issues cybersecurity guidance for registered investment advisers and funds

In a recent investment management guidance update, the United States Securities and Exchange Commission (SEC) addressed the need for greater cybersecurity measures to protect confidential and sensitive information held by registered investment companies and registered investment advisers. The SEC identified several measures, in light of recent cyber-attacks on financial services firms, that funds and advisers may wish to consider in addressing cybersecurity risks, including:

Continue Reading...

CRTC shows great interest in US-based robocaller offering low credit card rates - $145,000 fine imposed

David Elder -

For the second time in a month, the CRTC has imposed a penalty against a foreign telemarketer.

In the most recent case, an administrative monetary penalty of $145,000 was issued against Arizona-based Rainmaker Marketing/Maple Accounting for making unsolicited telemarketing calls pitching lower credit card rates.

Continue Reading...

Senate Committee releases final report on prescription pharmaceuticals in Canada

Justine Johnston -

On March 10, 2015, the Standing Senate Committee on Social Affairs, Science and Technology (the Committee) released a final report entitled “Prescription Pharmaceuticals in Canada” (the Report). Nearly three years in the making, the Report summarizes the Committee’s four-phase study, earlier reports and recommendations to improve Canada’s prescription drug regulatory regime.


The Senate authorized the Committee to examine and report on prescription pharmaceuticals in Canada on November 19, 2013. The Committee’s mandate was to examine:

  • the process to approve prescription pharmaceuticals with a particular focus on clinical trials;
  • the post-approval monitoring of prescription pharmaceuticals;
  • the off-label use of prescription pharmaceuticals; and
  • the nature of unintended consequences in the use of prescription pharmaceuticals.
Continue Reading...

CRTC sends shot across the bow to international telemarketers; issues $200,000 fine to US company selling cruise vacations

David Elder

In a precedent-setting ruling, the Canadian Radio-television and Telecommunications Commission (CRTC) has issued its first penalty to a foreign-based telemarketer for violations of the Unsolicited Telecommunications Rules.

The administrative monetary penalty (AMP) was paid by a Florida company as part of a settlement for making unsolicited telemarketing calls via an automatic dialing-announcing device (ADAD) to offer cruises to Canadians, many of whom have their phone number registered on the National Do Not Call List (DNCL). In addition, the company did not possess a valid exemption to the National DNCL

Continue Reading...

First blood: CRTC imposes $1.1 million fine in first ever finding under anti-spam law

David Elder -

Eight months after Canada’s Anti-Spam Law (CASL) came into force, the Canadian Radio-television and Telecommunications Commission (CRTC) has made public its first ever finding of non-compliance with the Act, issuing an administrative monetary penalty of $1.1 million against Compu-Finder, a firm that provides training and consulting services.

Surprisingly, this much anticipated enforcement action was not against a firm targeting consumers, as many had suspected, but rather was directed at a firm sending email messages to businesses to promote various training courses related to topics such as management, social media and professional development.   It is believed by many that the overwhelming majority of the more than 250,000 complaints received by the CRTC since the law came into force have been from consumers.  In the case at hand, the CRTC indicated that over one quarter of all complaints about the training industry sector received by the Spam Reporting Centre related to Compu-Finder, although it is not known how many complaints were received.

Continue Reading...
Tags: ,

Canada-Europe open new Patent Prosecution Highway pilot program

Justine Johnston -

The Canadian Intellectual Property Office (CIPO) has entered into a new Patent Prosecution Highway (PPH) pilot agreement with the European Patent Office (EPO). The PPH has a three year mandate; it began on January 6, 2015, and will operate until January 5, 2018. CIPO has previously entered into PPH agreements with other patent offices around the world and is a part of the Global Patent Prosecution Highway.

The PPH allows applicants with patent claims in one jurisdiction to accelerate processing in the other jurisdiction for no additional fee. PPH requests at the CIPO can be filed based on EPO national work products and EPO Patent Cooperation Treaty work products. PPH requests at EPO can be filed based on a CIPO application that was filed or entered the national phase at CIPO on or after January 6, 2015. Since applicants must file corresponding patent claims, the PPH accelerated processing is only suitable for applicants seeking similar patent protection in both jurisdictions.

Continue Reading...

FTC report on the Internet of Things urges companies to adopt privacy and data security best practices

Michael Decicco

On January 27, 2015, the United States Federal Trade Commission (FTC) released a report discussing privacy and data security in consumer devices connected to the internet. 

The Internet of Things (IoT)

The FTC defined the IoT to include things such as devices or sensors, other than computers, smartphones or tablets, that connect, communicate or transmit information with or between each other through the internet.  For example, smart thermostat systems or washers and dryers that utilize Wi-Fi for remote monitoring.

Data Security and Privacy Risks

While the FTC acknowledged some benefits of the IoT, it cautioned that the IoT presents a variety of data security and privacy risks.  The risks include: (i) the enabling of unauthorized access to and misuse of personally identifiable information (PII), (ii) the facilitation of attacks on other interconnected systems, and (iii) the creation of safety risks.  While the first two risk factors are common in the traditional computing environment, the third represents a new, physical type of risk.  For example, it may be possible to remotely hack into a connected medical device and change its settings, impeding its therapeutic function.

Continue Reading...