First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

E-Commerce

Why do so many practitioners misunderstand risk?

My apologies in advance to all those who talk about third–party risk, IT risk, cyber risk, and so on. We don’t, or shouldn’t, address risk for its own sake. That’s what we are doing when we talk about these risk silos. We should address risk because of its potential effect on the achievement of enterprise objectives.

 

, , ,

CASL and private right of action

Canada has the most onerous anti–spam/anti–malware law (CASL) in the world. In less than a year, July 1, 2017, it is going to become even worse. That’s when the private right of action comes into force.

 

, , , , , , , , , , ,

Top 10 most read Inside Internal Controls posts 2016 & Season’s Greetings

We are signing off with a list of the top 10 most read Inside Internal Controls posts 2016. Privacy issues and director’s liability seem to have been hot topics this year with several blog posts on the topics making it on the list. The top 10 most read Inside Internal Controls posts 2016 Director’s liability […]

 

, , , , , , , , , , , , , , , ,

Canada implements expanded WTO agreement

In December 2015, over 50 WTO members, including Canada, gathered at the Nairobi Ministerial Conference, and agreed to the expansion of the Information Technology Agreement (ITA), a WTO agreement that aims to eliminate tariffs on IT products. The ITA was originally concluded by 29 participants in 1996. It now has over 82 participants, representing around 97 per cent of world trade in IT products.

 

, , , , , ,

CASL made clearer: First CRTC decision released

Until now, the Canadian Radio-Television and Telecommunications Commission’s CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the Enforcement Branch and the company. But this decision, released on October 26, 2016, is significant because it is the first CASL enforcement decision to provide guidance on compliance. The decision contains several important lessons about regulation of commercial electronic messages in Canada before class action enforcement opens on July 1, 2017.

 

, , , , , , ,

Privacy injunctions in the age of the internet and social media

Canadian common law courts are still far behind the English courts which have developed a much more flexible tort of misuse of private information, as well as remedies for breach that include damages to compensate for the loss or diminution of a right to control private information, and now following the PJS case, perhaps also exemplary or punitive damages and an accounting of profits. Surprisingly, Canadian courts have not had to canvass recently whether the English common law tort of misuse of private information should be adopted in Canada.

 

, , , , , , , ,

IP address as personal information: Canadian and EU positions

The Office of the Privacy Commissioner’s findings do not mean that consent to the collection of an IP address is always required. There may be a number of legitimate reasons for collecting this information, including those relating to security of the site. These reasons would not necessarily extend, however, to collection and use of IP addresses for advertising purposes without some form of consent.

 

, , , , , , , , ,

CRTC’s reminder on record-keeping for CASL compliance

The Canadian Radio-television and Telecommunications Commission issued an enforcement advisory directing businesses and individuals to consider the importance of record-keeping pursuant to Canada’s anti-spam legislation (CASL). Under CASL, the onus remains on the sender of commercial electronic messages (CEMs) to demonstrate that it had the proper consents in place to send CEMs (whether implied or explicit).

 

, , , , ,

Consulting with Canadians on accessibility legislation

Between July 2016 and February 2017, the federal government is consulting Canadians on planned accessibility legislation. The goal of the law would be to promote equality of opportunity and increase the inclusion and participation of Canadians who have disabilities or functional limitations in all areas of every day life.

 

, , , , , , , , , , , , ,

Proving consent under CASL: CRTC issues enforcement advisory notice

The Canadian Radio–television and Telecommunications Commission has issued an Enforcement Advisory notice directed to businesses and individuals that send commercial electronic messages (CEMs) as part of their commercial activities. Notably, the sender of CEMs must have the consent of the recipient to send them a message, or else the message is considered spam.

 

, , , , ,

Public Safety Canada calls for submissions on new national cybersecurity strategy

On August 16, 2016, Public Safety Canada (“PSC”) issued a consultation paper, launching a public consultation as part of PSC’s development of an updated national cybersecurity strategy. The consultation will close on October 15, 2016. Businesses may want to consider making submissions in respect of some key questions posed around possible regulation or standard-setting regarding Internet of Things and connected devices, certification for E-commerce activities, and information sharing (especially in respect of critical infrastructure).

 

, , , , , , , , , , , , , ,

U.S. online payment processor Dwolla fined $100,000 for misrepresenting data security practices: Lessons for Canadian companies

In March, 2016 the U.S. Consumer Financial Protection Bureau (“CFPB”) issued a Consent Order against Dwolla Inc., an online payment platform, for deceiving consumers about its information security practices. The CFPB levied a $100,000 civil monetary penalty against the company, a first for the CFPB. While Canada has different privacy and consumer protection regimes, the lessons from the Dwolla case point to a new direction in enforcement approaches.

 

, , , , , , , , , , , , , ,

The board of directors’ role in crisis management

Sooner or later, every enterprise will face a crisis. When it hits, the ability to side-step disaster depends on the effectiveness of your company’s response. Preparedness and oversight of crisis management is a key responsibility of the board of directors.

 

, , , , , , ,

The art of restraint

A restrictive covenant is a class of legal “promise” imposing a restriction on one party for the benefit of another. When drafted correctly, restrictive covenants are an invaluable tool to protect your business.

 

, , , , , , ,

Private right of action under Canada’s Anti-Spam Law (CASL)

As of July 1, 2017, individuals and organizations will be entitled to institute a “private right of action” before the courts against those that contravene certain provisions of Canada’s Anti-Spam Law (“CASL”). In the event of a contravention of the message rules in CASL, a monetary penalty up to a maximum of $1,000,000 per day may be imposed. This private right of action should be taken seriously right now. From this perspective and building on previous publications, this bulletin discusses this new mechanism.

 

, , , , , , , , ,

Previous Posts