![Page 1: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/1.jpg)
Canada’s Privacy and New
Anti-spam Laws What you need to know to comply
![Page 2: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/2.jpg)
Topics Include
• An overview of Canada’s federal and provincial
privacy laws
• Storing and transferring personal information
outside Canada
• Video surveillance
• Online behavioural advertising
• How to respond to a data breach
• Canada’s new anti-spam laws
2
![Page 3: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/3.jpg)
Gowlings at a Glance
• One of Canada’s largest
law firms
• Over 750 professionals
across 10 offices
worldwide
• Recognized expertise in
Business Law, Advocacy
and Intellectual Property
Law
3
![Page 4: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/4.jpg)
Gowlings at a Glance
www.gowlings.com
4
![Page 5: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/5.jpg)
Canadian
Privacy Law
5
![Page 6: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/6.jpg)
Canadian Privacy Law
• The Personal Information Protection and Electronic
Documents Act (PIPEDA) applies to private sector
businesses in most Canadian provinces
• Similar laws apply to information collected in
Québec, British Columbia and Alberta
6
![Page 7: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/7.jpg)
Canadian Privacy Law
• These laws apply to foreign (non-Canadian
businesses) that collect, use or disclose
personal information about individuals in
Canada, even if the business does not have a
Canadian presence
• Applies to “personal information” – a term that is
broadly defined as “information about an
identifiable individual” (apart from their business
contact information)
7
![Page 8: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/8.jpg)
Storing and
Transferring
Personal
Information
8
![Page 9: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/9.jpg)
Storing and Transferring Personal Information
• Privacy laws don’t prevent it, but it is subject to
certain legal obligations:
• Accountability: The organization is responsible for
personal information in its possession and custody,
including that transferred to a third-party service
provider
• Transparency: Canadian customers must be advised
if their personal information is going to be transferred
or stored outside of Canada
9
![Page 10: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/10.jpg)
Video
Surveillance
10
![Page 11: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/11.jpg)
Video Surveillance
• PIPEDA and the provincial laws apply to the
capturing of video images in the course of
commercial activity, whether those images
are recorded or not
• “Overt” surveillance:
• Must give clear notice about the use of cameras on
their premises, before people enter the premises
(include information on how they can get access to
their images)
11
![Page 12: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/12.jpg)
Video Surveillance
• “Covert” surveillance:
• Allowed only in exceptional circumstances where overt
surveillance would compromise the availability and
accuracy of the data, and the collection is for the
purposes of investigating a breach of law or breach of
an agreement
12
![Page 13: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/13.jpg)
Online
Behavioural
Advertising
13
![Page 14: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/14.jpg)
Online Behavioural Advertising
• Online Behavioural Advertising:
• Web-based programs that allow businesses to track
consumers’ online activities
e.g., flash cookies, beacons, tracking pixels, etc.
• Contrary to popular belief online behavioural
advertising IS classified as “personal
information”
14
![Page 15: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/15.jpg)
Online Behavioral Advertising
• Permissible, but subject to regulations:
• Transparency:
• Users must be aware that this tool is being used
• Consumers must be able to “opt out” but still be able to
use the services
• Should not be used on websites targeted at children,
due to their inability to give meaningful consent
15
![Page 16: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/16.jpg)
How to
Respond to a
Data Breach
16
![Page 17: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/17.jpg)
How to Respond to a Data Breach
• Federal legislation - PIPEDA
• Voluntary security breach notification
• Guidelines from Federal Privacy Commissioner
• Voluntary but expected
17
![Page 18: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/18.jpg)
How to Respond to a Data Breach
• The Guidelines state there are four key steps
to consider when responding to a breach:
• Breach containment and preliminary assessment
• Evaluation of the risks associated with the breach
• Notification
• Prevention
18
![Page 19: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/19.jpg)
How to Respond to a Data Breach
• Alberta Personal Information Protection Act
(PIPA)
• Private sector organizations are required under
mandatory privacy breach notification provisions to
notify the Privacy Commissioner
• Threshold of notification: “real risk of significant harm”
• “Real risk” means “a reasonable degree of likelihood that
the harm could result”
19
![Page 20: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/20.jpg)
How to Respond to a Data Breach
• Who is responsible for notifying the
commissioner?
• Organization with control of the personal information,
even if the breach occurred at service provider level
• Contents of the report
• How many people affected
• Information released
• Circumstances surrounding the breach
• What mechanisms are in place to protect data
20
![Page 21: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/21.jpg)
How to Respond to a Data Breach
• If “real risk” is determined, the organization is
required to notify those affected
• The Privacy Commissioner issues a written decision
which is available on their website
• The Privacy Commissioner will provide direction on
what needs to be in the notice
21
![Page 22: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/22.jpg)
How to Respond to a Data Breach
• Protect your organization from a data breach
• Review privacy policies and procedures regularly
• Train staff on how to prevent breaches
• Create guidelines on what to do if there is a breach
22
![Page 23: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/23.jpg)
Canada’s New
Anti-spam
Laws
23
![Page 24: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/24.jpg)
Canada’s New Anti-spam Laws
• Slated to come into effect mid to late 2013
• Canada’s Anti-spam Legislation (CASL) will
apply to “Commercial Electronic Messages,”
prohibiting all but those messages that comply
with its requirements
• The CRTC and Industry Canada take the position
that existing, valid consent may not survive the
transition period
• Organizations will need to seek new consent from
existing mailing lists
24
![Page 25: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/25.jpg)
Canada’s New Anti-spam Laws
• Electronic messages must contain prescribed
disclosure language
• An unsubscribe mechanism
• CASL applies to:
• An electronic mail account
• An instant messaging account
• A telephone account; or
• Any similar account
25
![Page 26: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/26.jpg)
Canada’s New Anti-spam Laws
• Messages that may be exempt
• Those sent between employees of an organization
relating to the affairs of the organization
• Messages sent between two organizations with an
existing business relationship relating to their affairs
• Those that respond to an inquiry, complaint, etc.
26
![Page 27: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/27.jpg)
Canada’s New Anti-spam Laws
• Penalties for violations
• A fine of up to $1,000,000 for a violation by an
individual
• A fine of up to $10,000,000 for a violation by a
corporation
27
![Page 28: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/28.jpg)
Canada’s New Anti-spam Laws
• Private right of action for persons who allege
they have been affected by a violation
• Compensation equal to the actual loss or damage
suffered; and
• $200 for each contravention, not exceeding
$1,000,000 for each day on which a contravention
occurred
28
![Page 29: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/29.jpg)
Canada’s New Anti-spam Laws
• How organizations can ensure they comply
• Be aware of requirements for expressed consent
• Why?
• Who is asking?
• Provide contact information (mailing address + telephone
numbers, email or web address)
• State that consent can be withdrawn
29
![Page 30: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/30.jpg)
Q&A 30
![Page 31: Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply](https://reader033.vdocuments.us/reader033/viewer/2022052619/555112cfb4c905f10b8b4bdf/html5/thumbnails/31.jpg)
Thank You
montréal ottawa toronto hamilton waterloo region calgary vancouver beijing moscow london
Visit www.gowlings.com
Email: [email protected]