CRTC shows great interest in US-based robocaller offering low credit card rates - $145,000 fine imposed

David Elder -

For the second time in a month, the CRTC has imposed a penalty against a foreign telemarketer.

In the most recent case, an administrative monetary penalty of $145,000 was issued against Arizona-based Rainmaker Marketing/Maple Accounting for making unsolicited telemarketing calls pitching lower credit card rates.

Continue Reading...

Senate Committee releases final report on prescription pharmaceuticals in Canada

Justine Johnston -

On March 10, 2015, the Standing Senate Committee on Social Affairs, Science and Technology (the Committee) released a final report entitled “Prescription Pharmaceuticals in Canada” (the Report). Nearly three years in the making, the Report summarizes the Committee’s four-phase study, earlier reports and recommendations to improve Canada’s prescription drug regulatory regime.

Background

The Senate authorized the Committee to examine and report on prescription pharmaceuticals in Canada on November 19, 2013. The Committee’s mandate was to examine:

  • the process to approve prescription pharmaceuticals with a particular focus on clinical trials;
     
  • the post-approval monitoring of prescription pharmaceuticals;
     
  • the off-label use of prescription pharmaceuticals; and
     
  • the nature of unintended consequences in the use of prescription pharmaceuticals.
Continue Reading...

CRTC sends shot across the bow to international telemarketers; issues $200,000 fine to US company selling cruise vacations

David Elder

In a precedent-setting ruling, the Canadian Radio-television and Telecommunications Commission (CRTC) has issued its first penalty to a foreign-based telemarketer for violations of the Unsolicited Telecommunications Rules.

The administrative monetary penalty (AMP) was paid by a Florida company as part of a settlement for making unsolicited telemarketing calls via an automatic dialing-announcing device (ADAD) to offer cruises to Canadians, many of whom have their phone number registered on the National Do Not Call List (DNCL). In addition, the company did not possess a valid exemption to the National DNCL

Continue Reading...

First blood: CRTC imposes $1.1 million fine in first ever finding under anti-spam law

David Elder -

Eight months after Canada’s Anti-Spam Law (CASL) came into force, the Canadian Radio-television and Telecommunications Commission (CRTC) has made public its first ever finding of non-compliance with the Act, issuing an administrative monetary penalty of $1.1 million against Compu-Finder, a firm that provides training and consulting services.

Surprisingly, this much anticipated enforcement action was not against a firm targeting consumers, as many had suspected, but rather was directed at a firm sending email messages to businesses to promote various training courses related to topics such as management, social media and professional development.   It is believed by many that the overwhelming majority of the more than 250,000 complaints received by the CRTC since the law came into force have been from consumers.  In the case at hand, the CRTC indicated that over one quarter of all complaints about the training industry sector received by the Spam Reporting Centre related to Compu-Finder, although it is not known how many complaints were received.

Continue Reading...
Tags: ,

Canada-Europe open new Patent Prosecution Highway pilot program

Justine Johnston -

The Canadian Intellectual Property Office (CIPO) has entered into a new Patent Prosecution Highway (PPH) pilot agreement with the European Patent Office (EPO). The PPH has a three year mandate; it began on January 6, 2015, and will operate until January 5, 2018. CIPO has previously entered into PPH agreements with other patent offices around the world and is a part of the Global Patent Prosecution Highway.

The PPH allows applicants with patent claims in one jurisdiction to accelerate processing in the other jurisdiction for no additional fee. PPH requests at the CIPO can be filed based on EPO national work products and EPO Patent Cooperation Treaty work products. PPH requests at EPO can be filed based on a CIPO application that was filed or entered the national phase at CIPO on or after January 6, 2015. Since applicants must file corresponding patent claims, the PPH accelerated processing is only suitable for applicants seeking similar patent protection in both jurisdictions.

Continue Reading...

FTC report on the Internet of Things urges companies to adopt privacy and data security best practices

Michael Decicco

On January 27, 2015, the United States Federal Trade Commission (FTC) released a report discussing privacy and data security in consumer devices connected to the internet. 

The Internet of Things (IoT)

The FTC defined the IoT to include things such as devices or sensors, other than computers, smartphones or tablets, that connect, communicate or transmit information with or between each other through the internet.  For example, smart thermostat systems or washers and dryers that utilize Wi-Fi for remote monitoring.

Data Security and Privacy Risks

While the FTC acknowledged some benefits of the IoT, it cautioned that the IoT presents a variety of data security and privacy risks.  The risks include: (i) the enabling of unauthorized access to and misuse of personally identifiable information (PII), (ii) the facilitation of attacks on other interconnected systems, and (iii) the creation of safety risks.  While the first two risk factors are common in the traditional computing environment, the third represents a new, physical type of risk.  For example, it may be possible to remotely hack into a connected medical device and change its settings, impeding its therapeutic function.

Continue Reading...

Global privacy authorities urge app marketplaces to make links to privacy policies mandatory

The Privacy Commissioner of Canada and 22 other privacy authorities worldwide recently issued an open letter to the operators of seven leading app marketplaces urging them to make links to privacy policies mandatory for apps that collect personally identifiable information (PII).

The letter was issued following the second annual Global Privacy Enforcement Network privacy sweep, which we discussed in a previous post.  While the letter acknowledges that app developers are responsible for communicating their privacy practices to app users, it emphasizes an app marketplace operator’s unique and integral role in users’ interactions with mobile apps. The letter described app marketplaces as important consumer landing spots where individuals can search for new apps, read reviews and access technical information in order for an individual to make an informed decision about apps in the marketplace.

Accordingly, the letter urges that app marketplaces require privacy practice information, such as privacy policy links for apps that collect PII, to be made available to users to ensure that users are meaningfully informed regarding the collection and use of their PII prior to deciding to download an app.

Tags:

ISO 27018: Data protection standards for the cloud

Michael Decicco

In 2014, the International Standards Organization (ISO) added to its family of information security standards when it published ISO/IEC 27018, a code of practice that sets forth standards for the protection of personally identifiable information (PII) in the public cloud.

ISO/IEC 27018 provides best practices for public cloud service providers and establishes a common set of control objectives, controls, and guidelines for implementing measures to protect PII. 

Continue Reading...

Bill 3 - Personal Information Protection Amendment Act in force

Gloria Moore and Gary Clarke -

On December 17, 2014, the Alberta Government’s proposed amendments to the Personal Information Protection Act (PIPA), found in Bill 3, came into force.

The proposed amendments to PIPA and the motivation for the changes are discussed in our previous blog post.

Continue Reading...
Tags:

The Federal Communications Commission asserts its role as a regulator of data security

The Federal Communications Commission (the FCC) recently took action against two United States telecommunications service providers, TerraCom, Inc. and YourTel America, Inc. (the Companies) in the FCC’s first data security case and largest privacy action in the FCC’s history.  The FCC is fining the Companies US$10 million for allegedly willfully and repeatedly violating the Communications Act of 1934.

Continue Reading...
Tags:

Alberta's proposed amendments to PIPA for labour disputes

Gloria Moore and Gary Clarke -

On November 25, 2014, the Alberta Government’s proposed amendments to the Personal Information Protection Act (PIPA), found in Bill 3, passed the second reading of the legislature.

The proposed amendments are in response to the decision of the Supreme Court of Canada in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401. In that case, the Supreme Court of Canada declared PIPA to be unconstitutional and invalid, holding that it infringed on the freedom of expression guaranteed by the Canadian Charter of Rights and Freedoms by limiting the ability of the union to video-tape and photograph individuals crossing the picket line. The Supreme Court of Canada held that freedom of expression in the context of labour disputes must be balanced against the government’s objective of providing individuals control over their personal information when crossing a picket line. The declaration of invalidity for PIPA was suspended for 12 months, in order to give the legislature time to consider amendments to make PIPA constitutionally compliant. On October 30, 2014, this deadline was extended for an additional six months.  

For more background, please see our previous blog posts by David Elder regarding the  leave decision and the decision of the Supreme Court.

Continue Reading...

Federal Court rejects inventorship claim: design input does not a co-inventor make

Justine Whitehead and Erica Lindberg

On September 16, 2014, in Drexan Energy Systems Inc. v. Canada (Commissioner of Patents), the Federal Court rejected a claim by Drexan Energy Systems Inc. (“the Applicant”) to have two additional individuals named as co-inventors of the heating cable described in Canadian Patent 2,724,561 (the ‘561 Patent). The decision confirms the test for inventorship, and provides guidance on the distinction between mere helpful involvement in the development of a product, and a contribution to an inventive concept that would be sufficient to allow the contributor to be named a co-inventor.

Heating cables are incorporated into pipes used in cold environments to prevent the transported substances from freezing. In 2006, four individuals decided to work together to create a new type of heating cable that eliminated some of the defects in cables available at the time. By 2010, however, the relationship between the men had broken down, and only two individuals were listed as inventors on the ‘561 Patent, which was issued in 2012.

Continue Reading...

CRTC clarifies that anti-spam law won't apply to self-installation of computer programs - most of the time

David Elder -

CRTC staff has issued important guidance on its interpretation of section 8 of Canada’s Anti-Spam Legislation (CASL), noting that the law would not apply to most installations initiated by users, including the downloading of mobile apps from popular digital distribution platforms like The App Store, Google Play and BlackBerry World.

While much attention has been paid to the core anti-spam provisions of CASL, which came into force on July 1, less attention has been paid to date with respect to section 8, which governs the installation of computer programs in the course of commercial activity.  However, as the January 1, 2015 coming into force date nears for that provision, many businesses have been struggling to understand their legal obligations and take the necessary steps to comply.

Continue Reading...

Overdue legislative action threatens existence of made-in-Alberta privacy laws

Michael Decicco and Daniel Hamson

On November 15, 2013, the Supreme Court of Canada issued its decision in Alberta (Information and Privacy Commissioner) v. United Food and Commercial Workers, Local 401 (United Foods), ruling that Alberta’s Personal Information Protection Act (PIPA) was unconstitutional and declaring it invalid. As noted in a previous post, the Court suspended the declaration of invalidity until November 15, 2014 in order to provide the legislature with sufficient time to decide how to best make the law constitutional.

Continue Reading...
Tags:

Mobile applications - results of global study of privacy practices and tips for increasing transparency

Michael Decicco and Lin Cong

The Global Privacy Enforcement Network recently published the results of its second annual privacy enforcement survey or “sweep” which assessed the transparency of the privacy practices of popular mobile applications. The results of the sweep suggest that the privacy policies of a high proportion of mobile applications do not adequately explain how users’ personal information is collected, used and disclosed. The general conclusion of the sweep was that clear and concise language in privacy policies builds consumer trust and is good for business.

The Office of the Privacy Commissioner of Canada (Commissioner) participated in the sweep and focused on 151 mobile applications that were popular among Canadians. The key findings of the Commissioner are as follows:

  • 28% of the applications surveyed provided a clear explanation of their collection, use and disclosure of personal information practices;
     
  • 26% of the applications surveyed offered either no privacy policy or one that did not explain how users’ personal information would be collected, used or disclosed; and
     
  • among the applications with the best privacy practices were popular applications in the e-marketplace.
Continue Reading...
Tags: