You may have thought you heard everything about Canada's anti-spam law (commonly known as
"CASL") since it came into effect this
past July, but CASL has additional rules coming into effect on
January 15, 2015 dealing with the commercial installation and use
of computer programs on another person's computer system.
The rules apply to almost any computer program installed on a
broad range of computing devices as part of a commercial activity.
The rules are not limited to malware, spyware or harmful
There are potentially serious implications for Canadian
businesses that distribute computer programs, including any
business that has created a mobile app for distribution. In
addition, foreign businesses that distribute computer programs to
computer systems located in Canada are also captured. Businesses
will now need to shift their focus from the rules for commercial
electronic messages and consider the implications of these other
rules under CASL.
Unfortunately, the rules are challenging to interpret and apply
because CASL uses ambiguous terminology (such as, the meaning of
"computer program", and "computer system"). For
example, it is unclear whether the rules would apply to an online
store for mobile apps where the app installation is initiated by
the user of the computer system and automatically downloaded using
an online process. Industry Canada and the CRTC have issued limited
guidance to address these challenges. However, the CRTC has
indicated that additional guidance would be provided for these
The general prohibition for the installation of computer
programs under CASL provides that, subject to limited exceptions, a
person must not, in the course of a commercial activity, either
install or cause to be installed a computer program on any other
person's computer system (or having so installed or caused to
be installed a computer program, cause an electronic message to be
sent from that computer system) unless the person has obtained the
express consent of the owner or an authorized user of the computer
system. Express consent must be obtained through an opt-in
mechanism and contain prescribed requirements set out under
CASL rules also apply to the installation of updates and
upgrades to a computer program. However, in particular
circumstances an additional express consent does not need to be
obtained under CASL.
There are significant monetary penalties for contravention of
the rules. Liability may also extend to employers and directors and
officers of a corporation.
As a result, businesses need to be aware of the breadth of
CASL's rules and of any guidance from regulators, consider the
implications the rules have on regular business activities and
implement appropriate compliance measures prior to the rules coming
Employee turnover is an unavoidable reality for nearly all businesses. In addition to creating a number of financial and logistical difficulties, employee turnover also raises a number data security issues.
The Office of the Privacy Commissioner of Canada has ruled that the collection and use of a plaintiff's personal information for the purpose of defending against a civil lawsuit is not a "commercial activity" and, ...
While corporate executives are increasingly becoming aware of their obligation to be informed of cybersecurity threats and the steps being taken by their company to prevent data breaches, it is equally important for executives to ensure that the employees are educated with respect to cyber threats.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).