The Office of the Privacy Commissioner of Canada (OPC) recently
hosted a knowledge session to stakeholders to discuss its recent
investigation against Compu-Finder. This was the first
investigation by the OPC involving the address harvesting
provisions under the Personal Information and Electronic
Documents Act (PIPEDA). See our post summarizing the findings
and the OPC's full report
While the OPC could not disclose details of its investigation,
the OPC provided attendees with information about its
interpretation of its investigative powers, its approach to the
investigation and tips for organizations.
Unlike its complaint-driven investigations, this investigation
was an intelligence-driven case under the address harvesting
provisions that were added to PIPEDA by Canada's Anti-Spam
Legislation (CASL). After significant intelligence gathering to
meet its reasonable grounds burden, a Commissioner-initiated
investigation was commenced allowing the OPC to collect further
intelligence from Compu-Finder, affected individuals and third
parties, including by affidavits. The OPC highlighted it applied a
cross-functional investigation, using numerous departments and
tools, including extensive use of the OPC technology LAB.
It is important to note that unlike the Canadian
Radio-television and Telecommunications Commission (CRTC), which is
the regulator with main responsibility for enforcement of CASL, the
OPC must have reasonable grounds to start an investigation that has
not been filed by an individual. The CRTC does not have to
discharge that burden before commencing an investigation.
"The truth is in your records". The OPC stressed the
importance of record keeping. This has become a consistent theme
regarding PIPEDA and CASL. (See our post on the CRTC's guidance
here.) The OPC highlighted that record-keeping was a
fundamental issue in its investigation. Organizations must be able
to meet their due diligence obligations and prove they have consent
for the personal information they collect and use, and for every
e-mail they send under CASL. The OPC found that Compu-Finder's
records were inadequate or in some cases may have contradicted
Other lessons offered were:
Exercise care when crafting responses
to the OPC during investigation
An established privacy compliance
program can greatly assist you in demonstrating accountability
Part of due diligence involves
following up, double checking and auditing your policies and
Stakeholders undoubtedly appreciated the OPC's proactive
gesture in providing this opportunity to learn more.
Dentons is the world's first polycentric global law firm. A
top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm
is committed to challenging the status quo in delivering consistent
and uncompromising quality and value in new and inventive ways.
Driven to provide clients a competitive edge, and connected to the
communities where its clients want to do business, Dentons knows
that understanding local cultures is crucial to successfully
completing a deal, resolving a dispute or solving a business
challenge. Now the world's largest law firm, Dentons'
global team builds agile, tailored solutions to meet the local,
national and global needs of private and public clients of any size
in more than 125 locations serving 50-plus countries.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances. Specific Questions relating to
this article should be addressed directly to the author.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On Thursday, September 22, 2016, Dentons hosted a panel discussion about the management of liabilities and risks associated with environmental crises, including potential liabilities for directors and officers and provided insight into risk and liability techniques associated with environmental crisis management.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).