Canada: Canada's Anti-Spam Law Comes Into Force On July 1, 2014

Last Updated: February 5 2014
Article by Henry Chang

Introduction

On December 15, 2010, Bill C-28, Canada's anti-spam legislation (the "Act")1 received Royal Assent. It establishes the following regulatory framework, for the purpose of protecting electronic commerce in Canada:

  1. It addresses unsolicited commercial electronic mail (i.e. email, text messages, etc.) by prohibiting the sending of commercial electronic messages without consent;
  2. It prohibits conduct harmful to electronic commerce, protects the integrity of transmission data, and prohibits the installation of computer programs without consent in the course of commercial activity;
  3. It prohibits false or misleading commercial representations online;
  4. It prohibits the collection of personal information through unlawful access to computer systems and the unauthorized compiling or supplying of lists of electronic addresses;
  5. It provides for a private right of action for businesses and consumers;
  6. It allows the Canadian Radio-Television and Telecommunications Commission ("CRTC") and Competition Tribunal to impose administrative monetary penalties on violators; and
  7. It authorizes the international sharing of information and evidence to pursue spammers outside of Canada through foreign enforcement agencies.

Most of the Act will come into force on July 1, 2014. However, the provisions dealing with the unsolicited installation of computer programs will come into force on January 15, 2015. In addition, the private right of action provisions will come into force on July 1, 2017.

Relevant Agencies and Responsibilities

The Act will be administered by the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner of Canada. Industry Canada will also act as a national coordinating body to promote awareness of the law, to educate consumers, network operators and small businesses, to coordinate work with the private sector, and to conduct research.

The Role of the CRTC

The CRTC is generally responsible for ensuring the reliability, safety and effective operation of telecommunications networks in Canada, including the Internet. It will be responsible for enforcing the following prohibitions contained in the Act:

  1. Unsolicited commercial electronic messages (Section 6);
  2. The alteration of transmission data (Section 7);
  3. The installation of computer programs (Section 8); and
  4. Aiding, inducing, procuring (or causing to be procured) any of the above (Section 9).

Role of the Competition Bureau

The Competition Bureau currently has a mandate to ensure fair marketplace practices for business and consumers. The Act amends the Competition Act2 in a manner that allows the Competition Bureau to more effectively address false and misleading representations online and deceptive marketplace practices including false headers and website content.

Role of the Office of the Privacy Commissioner of Canada

The Privacy Commissioner is currently responsible for protecting the personal information of Canadians. The Act amends the Personal Information Protection and Electronic Documents Act3 in a manner that allows the Office of the Privacy Commissioner of Canada to enforce the following new violations:

  1. The collection of personal information through access to computer systems in violation of federal law; and
  2. The automated collection of email addresses (address harvesting), and the use of addresses collected in that manner.

Prohibitions

The most significant prohibitions contained in the Act will be enforced by the CRTC. A detailed discussion of these prohibitions appears below.

Sending Unsolicited Commercial Electronic Messages (Section 6)

This prohibition addresses the sending of unsolicited commercial electronic messages. According to Subsection 1(2) of the Act, the term "commercial electronic message" is defined as an electronic message for which it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that:

  1. Offers to purchase, sell, barter or lease a product, goods, a service, land, or an interest or right in land;
  2. Offers to provide a business, investment or gaming opportunity;
  3. Advertises or promotes anything referred to in paragraph (a) or (b); or
  4. Promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.

Subsection 1(1) of the Act defines the term "commercial activity" as any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct that is carried out for the purposes of law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defence of Canada.

Section 6 of the Act prohibits the sending of a commercial electronic message to an electronic address unless:

  1. The recipient has given consent (express or implied) to receiving it; and
  2. The message complies with the related regulations and also: (1) identifies the sender (and, if different, the person on whose behalf it has been sent), (2) provides contact information (valid for at least 60 days after the message has been sent) allowing the recipient to readily contact the sender, and (3) provides for an unsubscribe procedure (any unsubscribe notification received must be put into effect within 10 business days).

According to Subsection 2 of the CRTC's Appendix to Telecom Regulatory Policy CRTC 2012-183 (the "CRTC Regulations"), the following information must be set out in any commercial electronic message:

  1. The name by which the sender carries on business, if different from their name (if not, the name of the person);
  2. If the message is sent on behalf of another person, the name by which that person carries on business, if different from their name (if not, the name of the person);
  3. If the message is sent on behalf of another person, a statement indicating the person sending the message and the person on whose behalf the message is sent; and
  4. The mailing address, and either a telephone number providing access to an agent or voice messaging system, an email address or a web address of the person sending the message or, if different, the person on whose behalf the message is sent.

If it is not practical to include the above information and an unsubscribe mechanism in a commercial electronic message, that information may be posted on a web page by means of a link that is clearly and prominently set out in the message.

The term "electronic message" is defined in Subsection 1(1) of the Act as a message sent by any means of telecommunication, including a text, sound, voice, or image message. This broad definition is intended to include a message sent over any means of telecommunication, including text, sound, voice or image, and therefore implicates voice mail messages, webcam messages, and the exchange of pictures or graphic files by electronic means as well.

The term "electronic address" is also defined in Subsection 1(1) as an address used in connection with the transmission of an electronic message to:

  1. An electronic mail account;
  2. An instant messaging account;
  3. A telephone account; or
  4. Any similar account.

As a result, Section 6 covers virtually all means of electronic communication, with the exception of broadcasting by a broadcasting undertaking (as defined in the Broadcasting Act4, which is explicitly exempted in Section 5.

Section 6 would also be used to prevent phishing attacks. For example, a typical phishing e-mail could appear to be sent from the recipient's bank, requiring the recipient to send back personal information. In reality, the actual sender is a spammer who is attempting to steal the recipient's personal information, which the recipient would not otherwise provide.

Section 6 provides several exemptions to the above prohibition, including a commercial electronic message that:

  1. Is sent by or on behalf of an individual to another individual with whom they have a personal or family relationship, as defined in the regulations;
  2. Is sent to a person who is engaged in a commercial activity and consists solely of an inquiry or application related to that activity;
  3. Provides a quote or estimate, if it was requested by the recipient;
  4. Facilitates, completes or confirms a commercial transaction that the recipient previously agreed to enter into with the sender;
  5. Provides warranty information, product recall information or safety or security information about a product, goods or a service that the recipient uses, has used or has purchased;
  6. Provides notification of factual information about: (1) the ongoing use or purchase of a product, good or a service offered under a subscription, membership, account, loan or similar relationship by the sender, or (2) the ongoing subscription, membership, account, loan or similar relationship of the recipient;
  7. Provides information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, is currently participating or is currently enrolled;
  8. Delivers a product, good or a service, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that they have previously entered into with the sender; or
  9. Is otherwise exempted in the regulations.

According to Section 2 of the Governor in Council Electronic Commerce Protection Regulations5 (the "Governor in Council Regulations"), the term "family relationship" means that the sender and the recipient are related to one another through marriage, common-law partnership, or any legal parent-child relationship and those individuals have had direct, voluntary, two-way communication. "Personal relationship" also means the relationship between sender and recipient, if those individuals have had a direct, voluntary, two-way communication and it would be reasonable to conclude that they have a personal relationship, taking into account any relevant factors such as the sharing of interests, experiences, opinions, and information evidenced in the communications, the frequency of communication, the length of time since the parties communicated, or whether the parties have met in person.

Section 3 of the Governor in Council Regulations also exempts a commercial electronic message that:

  1. Is sent by an employee, representative, consultant, or franchisee of an organization:
    1. To such a person from the same organization and the message concerns the activities of that organization; or
    2. To such a person from another organization if the organizations have a relationship and the message concerns the activities of the organization to whom the message is sent;
  2. Is sent to a person:
    1. To satisfy a legal obligation;
    2. To provide notice of an existing or pending right, legal obligation, court order, judgment or tariff;
    3. To enforce a right, legal obligation, court order, judgment, or tariff; or
    4. To enforce a right arising under a law of Canadian federal, provincial, or municipal law, or the law of a foreign state;
  3. Is sent and received on an electronic messaging service if the information and unsubscribe mechanism are conspicuously published and readily available on the user interface through which the message is accessed, and the person to whom the message is sent consents to receive it expressly or by implication;
  4. Is sent to a limited access secure and confidential account to which messages can only be sent by the person who provides the account to the person who receives the message;
  5. If the person who sends the messages (or causes or permits it to be sent) reasonably believes that the message will be accessed in a foreign state (a list of countries appears in the schedule) having substantially similar anti-spam legislation and the message conforms to the law of the foreign state;
  6. Is sent by or on behalf of a registered charity, and the message has as its primary purpose raising funds for the charity; or
  7. Is sent by or on behalf of a political party or organization, or a person who is a candidate for publicly elected office and the message has as its primary purpose soliciting a contribution.

Finally, Section 4 of the Governor in Council Regulations exempts the first commercial electronic message that is sent by the sender for the purpose of contacting the recipient following a referral by any individual who has an existing business relationship, an existing non-business relationship, a family relationship, or a personal relationship with the sender or the recipient, and that discloses the full name of the individual or individuals who made the referral and states that the message is sent as a result of the referral.

Subsection 6(8) of the Act confirms that this prohibition does not apply to a commercial electronic message that is:

  1. In whole or in part, an interactive two-way voice communication between individuals;
  2. Sent by fax; or
  3. A voicemail message.

Clearly, the Act is not intended to apply to telephone calls, faxes, or voicemail messages.

Subsection 12(1) confirms that a person only contravenes Section 6 if the computer system used to send or to access the electronic message is located in Canada.

The Alteration of Transmission Data (Section 7)

This prohibition addresses the alteration of transmission data without authorization. Section 7 of the Act prohibits anyone, in the course of a commercial activity, from altering transmission data in an electronic message so that the message is delivered to a destination other than or in addition to that specified by the sender, unless:

  1. The alteration is made with the express consent of the sender or the recipient, and the person altering the data complies with provisions relating to the withdrawal of consent; or
  2. The alteration is made in accordance with a court order.

However, this prohibition does not apply if the alteration is made by a telecommunications service provider for the purposes of network management.

According to Subsection 11(4), where there is express consent to alter transmission data under Section 7, an unsubscribe mechanism must be provided to the recipient of the electronic message throughout the period covered by the consent and any activation of the unsubscribe option must be put into effect within 10 business days.

According to Subsection 1(1), the term "transmission data" is defined as data that:

  1. Relates to the telecommunications functions of dialling, routing, addressing or signalling;
  2. Either is transmitted to identify, activate or configure an apparatus or device, including a computer program, in order to establish or maintain a communication, or is generated during the creation, transmission or reception of a communication and identifies or purports to identify the type, direction, date, time, duration, size, origin, destination or termination of the communication; and
  3. Does not reveal the substance, meaning or purpose of the communication.

The above definition clearly covers any data transmission by means of telephone, Internet, and wireless, outside of the actual substance of the message.

The intent of Section 7 appears to be to capture all steps along the chain of transmission where a spammer or other malevolent communicator could insert some form of problematic technology such as malware or spyware, or fake an identity for the purposes of communication. This should include malicious activities such as man-in-the-middle attacks>6, network re-routing, and even Caller-ID spoofing7.

Subsection 12(2) confirms that a person only contravenes Section 7 if a computer system located in Canada is used to send, route, or access the electronic message.

The Installation of Computer Programs (Section 8)

This prohibition addresses the installation of software on computer systems and networks without authorization. It is intended to cover malware, spyware and virus installations, including computer programs that can be hidden in spam messages or accessed through hyperlinks to infected websites.

Section 8 of the Act provides that a person must not, in the course of a commercial activity, install or cause to be installed a computer program on any other person's computer system or, having so installed or caused to be installed a computer program, cause an electronic message to be sent from that computer system, unless:

  1. The person has obtained the express consent of the owner or an authorized user of the computer system and complies with the Act's provisions relating to the preservation of transmission data; or
  2. The person is acting in accordance with a court order.

This prohibition is aimed at the surreptitious installation of spyware and malware, such as the kind that compromise a computer in order to relay spam without the owner's permission.

According to Subsection 11(5), where there is express consent to download a program onto a person's computer under Section 8, a mechanism whereby the recipient can send a request to remove or disable the computer program because its function, purpose or other details were not as advertised in the original consent request, has to be provided for a year after the program's installation. In addition, the providers of the program must grant the request to uninstall, without cost, if the request is made because of misrepresentation of the program in the original request for consent.

Subsection 12(1) confirms that a person will contravene Section 8 only if the computer system is located in Canada at the relevant time or if the person either is in Canada at the relevant time or is acting under the direction of a person who is in Canada at the time when they give the directions.

As mentioned above, this prohibition will come into force on January 15, 2015.

Related Prohibitions (Section 9)

According to Section 9 of the Act, it is prohibited to aid, induce, procure or cause to be procured the doing of any act contrary to any of Sections 6 to 8.

Requirements for Express and Implied Consent

Express Consent

According to Subsection 10(1) of the Act, a person who seeks express consent under Sections 6 to 8 must clearly and simply set out the following information:

  1. The purposes for which the consent is being sought;
  2. Prescribed information that identifies the person seeking consent and, if the person is seeking consent on behalf of another person (if known), prescribed information that identifies that other person; and
  3. Any other prescribed information.

According to Section 5(1) of the Governor in Council Regulations, a person who obtained express consent on behalf of a person whose identity was unknown may authorize any person to use the consent on the condition that the person who obtained it ensures that, in any commercial electronic message sent to the recipient:

  1. The person who obtained consent is identified; and
  2. The authorized person provides an unsubscribe mechanism that allows the recipient to withdraw their consent from the person who obtained consent and any other person authorized to use it.

According to Section 3 of the CRTC Regulations, a request for consent may be obtained orally or in writing and must be sought separately for each act described in Sections 6 to 9 of the Act and must include:

  1. The name by which the person seeking consent carries on business, if different from their name (if not, the name of the person seeking consent);
  2. If the consent is sought on behalf of another person, the name by which the person on whose behalf consent is sought carries on business, if different from their name (if not, the name of the person on whose behalf consent is sought);
  3. If consent is sought on behalf of another person, a statement indicating which person is seeking consent and which person on whose behalf consent is sought;
  4. The mailing address, and either a telephone number providing access to an agent or a voice messaging system, an email address or a web address of the person seeking consent or, if different, the person on whose behalf consent is sought; and
  5. A statement indicating that the person whose consent is sought can withdraw their consent.

For the purposes of Section 8 of the Act (installation of computer programs), the person seeking express consent must also clearly and simply describe the function and purpose of the computer program that is to be installed. In addition, if the person knows and intends to cause that computer system to operate in a manner that is contrary to the reasonable expectations of its owner or authorized user, the person requesting consent must clearly and prominently (separately from the license agreement):

  1. Describe the program's material elements that perform the function(s), including the nature and purpose of those elements and their reasonably foreseeable impact on the operation of the computer system; and
  2. Bring those elements to the attention of the person from whom consent is being sought in the prescribed manner.

According to Subsection 10(5), this extra information must be provided if the installation will do one of the following: (1) collect personal information stored on the computer system; (2) interfere with the recipient's control of the computer system; (3) change or interfere with the recipient's existing settings, preferences or commands; (4) change or interfere with data that affects the recipient's lawful access to it; (5) cause the recipient's computer system to communicate with another computer system or device without the recipient's consent; or (6) install a computer program that may be activated by a third party without the knowledge of the recipient. According to Section 5 of the CRTC Regulations, the computer program's material elements that perform one or more of these functions must be brought to the attention of the person from whom consent is sought separately from any other information provided in the request for consent and an acknowledgement in writing must be obtained from the person from whom consent is being sought, confirming that they understand and agree that the program performs the specified functions.

Express consent is not required for the installation of an update or upgrade to a computer program if express consent was previously given in accordance with Section 10 of the Act, the person who gave the consent is entitled to receive the update or upgrade under the terms of the express consent, and the update or upgrade is installed in accordance with those terms.

According to Subsection 10(8)(a), a person is also deemed to have given express consent to the installation of a computer program if:

  1. The program is: (1) a cookie, (2) HTML code, (3) Java script, (4), an operating system, (5) any other program that is executable only through the use of another computer program whose installation or use the person has previously expressly consented to, or (6) any other program specified in the regulations; and
  2. The person's conduct is such that it is reasonable to believe that they consent to the program's installation.

Section 6 of the Governor in Council Regulations adds the following additional programs:

  1. A program installed by or on behalf of a telecommunications services provider solely to protect the security of all or part of its network from a current and identifiable threat to the availability, reliability, efficiency, or optimal use of its network;
  2. A program installed for the purpose of updating or upgrading the network, by or on behalf of the telecommunications service provider who owns or operates the network, on the computer systems that constitute all or part of the network; and
  3. A program that is necessary to correct a failure in the operation of the computer system or a program installed on it solely for that purpose.

Implied Consent

According to Subsection 10(9) of the Act, for the purposes of Section 6 (unsolicited electronic messages), consent is implied if:

  1. The sender of the message (including those who cause or permit it to be sent) has an existing business relationship or an existing non-business relationship with the recipient;
  2. The recipient has conspicuously published (or caused it to be conspicuously published) their electronic address, the publication is not accompanied by a statement that they do not wish to receive unsolicited commercial electronic messages, and the message is relevant to the recipient's business, role, duties or functions in a business or official capacity;
  3. The recipient has disclosed their electronic address to the sender without indicating a wish not to receive unsolicited commercial messages at that address, and the message is relevant to the recipient's business, role, functions, or duties in a business or official capacity; or
  4. The message is sent in circumstances set out in the regulations.

According to Subsection 10(10), the term "existing business relationship" means a business relationship between the sender (including those who cause or permit the message to be sent) and the recipient, arising from:

  1. The purchase, lease or bartering of a product, good, service, land or an interest or right in land by the recipient within the two-year period preceding the sending of the message;
  2. The acceptance by the recipient, within the preceding two-year period, of a business, investment, or gaming opportunity offered by the sender;
  3. A written contract entered into between the recipient and the sender in respect of a matter not referred to above, if the contract is currently in existence or expired within the preceding two-year period; or
  4. An inquiry or application made by the recipient to the sender, within the six-month period preceding the sending of the message, in respect of anything mentioned above.

According to Subsection 10(12), if the owner of a business has an existing business relationship with another person and the business is subsequently sold, the purchaser who purchases the business is also considered to have an existing business relationship with that other person.

According to Subsection 10(13), the term "existing non-business relationship" means a non-business relationship between the recipient and the sender (including anyone who causes or permits the message to be sent) arising from:

  1. A donation or gift made by the recipient within the two-year period preceding the date that the message is sent, where the sender is a registered charity, a political party or organization, or a person who is a candidate for publicly elected office;
  2. Volunteer work performed by the recipient for, or attendance at a meeting organized by, a registered charity, a political party or organization, or a person who is a candidate for publicly elected office; or
  3. Membership (as defined in the regulations) by the recipient in a club, association, or voluntary organization (as defined in the regulations), within the two-year period preceding the date that the message is sent.

Subsection 7 of the Governor in Council Regulations defines "membership" as the status of having been accepted as a member of a club, association, or voluntary organization in accordance with its membership requirements. It also defines "club, association, or voluntary organization" as a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation, or for any other purpose other than personal profit, if no part of its income is available for the personal benefit of any proprietor, member, or shareholder of that organization unless the proprietor, member or shareholder is an organization whose primary purpose is the promotion of amateur athletics in Canada.

Transitional Provisions

According to Section 66 of the Act, a person's consent to receive commercial electronic messages from another person is implied until three years after the date that Section 6 comes into force (July 1, 2017) or until they withdraw their consent, whichever comes first, if when that section comes into force (July 1, 2014):

  1. Those persons have an existing business relationship as defined in Subsection 10(10) or an existing non-business relationship as defined in Subsection 10(13), even those occurring outside the two year period mentioned in those subsections; and
  2. The relationship includes the communication of commercial electronic messages between them.

According to Section 67 of the Act, if a computer program was installed on a person's computer system before Section 8 comes into force (January 15, 2015), their consent to the installation of an update or upgrade to the program is implied until three years after the date on which that section comes into force (July 15, 2018) or until they withdraw their consent, whichever comes first.

Administrative and Criminal Penalties

Administrative Monetary Penalties

Pursuant to Section 20 of the Act, the CRTC has the authority to impose an administrative monetary penalty for any violation of Sections 6 to 9. According to Subsection 20(4), the maximum penalty for a violation is $1,000,000 in the case of an individual and $10,000,000 in the case of any other person.

According to Section 30, violations are not considered criminal offences. Subsection 20(2) also confirms that the purpose of the penalty is to promote compliance with the Act and not to punish violators. Subsection 33 provides for a due diligence defence, but other common law defences can only be used to the extent that they do not conflict with other provisions of the Act.

According to Section 31, an officer, director, agent or mandatary of a corporation may be liable for a violation committed by the corporation if they directed, authorized, assented to, acquiesced in or participated in the commission of the violation, regardless of whether proceedings are commenced against the corporation itself. In addition, Section 32 states that an employer is also liable for a violation that is committed by their employee acting within the scope of their employment (or their agent or mandatary) acting within the scope of their employment, whether or not the employee is proceeded against or identified.

Criminal Penalties

The Act also contains several criminal offences:

  1. Section 42 makes it an offence for a person who fails to comply with a demand, notice, or warrant issued in connection with the administration of the Act. However, according to Subsection 46(2), a person will not be convicted under Section 42 if they establish that they exercised due diligence to prevent the commission of the offence.
  2. Section 43 makes it an offense for a person to obstruct or hinder, knowingly make a false or misleading statement, or provide false or misleading information to a designated person who is carrying out their duties and functions under the Act.

According to Subsection 46(1), every person who commits an offence under Section 42 or 43 is guilty of an offence punishable on summary conviction and is liable:

  1. To a fine of not more than $10,000 for a first offence or $25,000 for a subsequent offence, in the case of an individual; or
  2. To a fine of not more than $100,000 for a first offence or $250,000 for a subsequent offence, in the case of any other person.

Private Right of Action

According to Subsection 46(1) of the Act, a person who alleges that:

  1. They are affected by a violation of Section 6, 7, 8 or 9 of the Act;
  2. Their electronic address has been obtained without consent through data mining or other automated crawling, or where personal information has been obtained through accessing a computer system, or causing it to be accessed, without authorization (in violation of related amendments to the Personal Information Protection and Electronic Documents Act); or
  3. They have been the target of false or misleading electronic messages (in violation of related amendments to the Competition Act);

may apply to the court for an order of compensation against one or more persons who they allege have committed a violation or reviewable conduct. However, according to Subsection 46(2), no application may be brought later than three years after the day on which the subject matter of the proceeding became known to the applicant.

As mentioned above, this private right of action provision will come into force on July 1, 2017.

Information Sharing with Foreign States and International Organizations

According Subsection 60 of the Act, the CRTC, the Commissioner of Competition, and the Privacy Commissioner are authorized to share information with foreign states and international organizations for the purposes of pursuing violations. All such information-sharing arrangements must be in the form of written agreements and they may concern only illegal activity under foreign laws that do not have penal consequences. However, a written agreement can be presumed from the acceptance of a written request for assistance from a foreign state or international organization if it is accompanied by a declaration that assistance between Canada and the requesting party will be reciprocal.

Conclusion

Although the Government of Canada hopes that the Act will discourage spam originating from Canada, it is not expecting to completely eliminate it, since a significant amount of spam originates from other countries. Nevertheless, as Canada is the last of the G8 countries to introduce anti-spam legislation, the Act's implementation will certainly add to existing global efforts aimed at eliminating spam.

Canadian businesses will need to exercise due diligence in order to ensure that they do not violate the Act. These businesses should review their existing internal policies on the use of commercial electronic messages, in order to ensure compliance once the Act comes into force on July 1, 2014.

Footnotes

1. An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23).

2. R.S.C., 1985, c. C-34.

3. S.C. 2000, c. 5.

4. S.C. 1991, c. 11.

5. 81000-2-175 (SOR/DORS).

6. This involves the interception and re-routing of Internet messages between a sender and recipient, making them believe that they are talking directly to each other.

7. This involves causing the telephone network to display a number on the recipient's caller ID display that is not the actual originating telephone number.

Original Newsletter(s) this article was published in: International Business Bulletin: January 2014

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Henry Chang
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement

    Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of www.mondaq.com

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

    Disclaimer

    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

    Registration

    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

    Cookies

    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

    Links

    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

    Mail-A-Friend

    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

    Emails

    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .

    Security

    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at enquiries@mondaq.com.

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions