Fraud Prevention Month to focus on online fraud

March 4, 2011

The Competition Bureau announced earlier this week its participation in Fraud Prevention Month, which this year focuses on the growing problem of online fraud. Fraud Prevention Month is an annual education and awareness campaign held in Canada and around the world. The Competition Bureau’s website provides some great education and prevention information including a new interactive quiz designed to test consumers’ and businesses’ fraud awareness. I’d encourage you to take the quiz!

Must departing employees “de-friend” connections on LinkedIn?

June 16, 2010

Can the act of connecting with other professionals on social networking websites such as LinkedIn constitute a violation of a non-compete or non-solicitation contractual undertaking? Are departing employees that are subject to such restricted covenants required to disconnect and “de-friend” colleagues and customers of their former employer until the contractual undertaking have expired?

ComputerWorld is reporting today that an IT staffing firm has accused one of its former employees of violating her non-compete undertaking through her conduct on LinkedIn. I’m not aware of any similar lawsuit to date in Canada so it’ll be interesting to see how this particular case evolves in the U.S. This case and others that I’ve previously noted highlight the blurring line between online and offline worlds. Businesses should consider whether or not, and to what extent, they should try to enforce such restrictive covenants in the social networking world. Stay tuned…

What would happen if one of your employees posted a video of an irate customer on YouTube?

May 25, 2009


The posting of a YouTube video of a woman throwing a tantrum at the Hong Kong International Airport should serve as a reminder to Canadian businesses that employees these days can (and do) easily record and post videos online from their mobile phones.

The three minute video shows a Cathay Pacific customer yelling and flailing her limbs as she lies on the floor after missing her flight from Hong Kong to San Francisco. I’ve been upset at missing a flight before, but the woman in this video takes things to an entirely new level. The video has drawn over five millions views and nearly 21,000 comments, which has resulted in some incredibly cruel and objectionable online commentary about the woman. Since the release of the video, Cathay Pacific has disciplined the gate worker who recorded the video on his mobile phone (although the video was posted on YouTube by a third party) and the company has issued a formal apology to the woman.

The video is noteworthy because it demonstrates the power of new technologies such as YouTube and the corresponding risks to Canadian businesses. Had the video been recorded by an employee of a Canadian business, subject to Canadian privacy laws, the potential privacy complaint and/or lawsuit by the woman in the video could have been substantial. 

Canadian businesses should be reminded of the need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy policies and procedures.

Canadian businesses don’t need to look too far to find examples where more effective employee privacy training may have mitigated, or even prevented, privacy complaints.

Read the rest of this entry »

Government introduces anti-spam legislation

April 24, 2009

The Government of Canada announced today the introduction of anti-spam legislation called the Electronic Commerce Protection Act (“ECPA”) that “aims to boost confidence in online commerce by protecting the privacy and personal security concerns that are associated with spam, counterfeit websites and spyware.”

According to the government’s News Release, the ECPA would allow businesses and individuals to initiate civil actions against anyone who violates the law.  The ECPA deals with unsolicited text messages, or “cellphone spam”, as a form of “unsolicited commercial electronic message”.

It would establish a regulatory enforcement regime that would enable the CRTC to impose penalties of up to $1 million for individuals and $10 million in all other cases.  The Competition Bureau would use a penalty regime already provided for in the Competition Act, and the federal Privacy Commissioner‘s powers to cooperate and exchange information with her counterparts would be expanded in respect of the Personal Information Protection and Electronic Documents Act.

The ECPA is nearly 70 pages long.  Stay tuned to this blog.  As soon as I’ve been able to digest the content I’ll post again on how the ECPA is likely going to affect Canadian businesses, especially those enaged in online marketing.

Bankruptcy and privacy considerations

April 22, 2009

bankruptcyThe current global economic climate has led to a growing number of bankruptcy and insolvency proceedings, particularly in the U.S. In dealing with these proceedings, many business leaders have not paid enough attention to the role of privacy law and its impact on the bottom line.

A prime example is the bankruptcy of U.S. online toy retailer, had collected vast amounts of personal information from its online consumers in accordance with its privacy policy, which stated that the company would never share its database with third parties. Despite the promise, then made attempts to sell the database. The U.S. Federal Trade Commission (“FTC”) then sued seeking injunctive and declaratory relief to prevent the sale of the database by The complaint alleged that had violated U.S. law by misrepresenting to consumers that personal information would never be shared with third parties, and then disclosing, selling and offering that information for sale. later settled with the FTC. The settlement agreement forbid the sale of the database except under very limited circumstances.

Of course, Canadian companies are subject to Canadian privacy laws such as PIPEDA, which require the consent of individuals for the disclosure of personal information to third parties. In structuring privacy policies, Canadian companies should consider all outcomes including bankruptcy. As a result, privacy policies should be carefully drafted with consideration of the possibility that personal information may be shared with third parties in the event of bankruptcy.  Doing so will almost certainly not be enough to fully comply with Canadian legal requirements, but it’s a prudent step in the right direction – especially in these uncertain economic times.

“Digital footprints”: What’s being left behind in the electronic world?

April 15, 2009

footprints-6Businesses are increasingly being asked to reduce their “carbon footprint”. And while many customers are interested in doing business with organizations that are trying to reduce their carbon footprint, many customers are also concerned about their own “digital footprints“. 

The Discovery Channel has an interesting online tool that allows you to play a simple scenario by conducting your normal transactions as you would on any given day. Doing so shows you how often you provide your personal information to businesses and governments. You can then play the scenario again to try to reduce your digital footprint. Click here to play!

Businesses can help reduce their customer’s digital footprints by ensuring they only collect the personal information of customers necessary for the purposes identified by the organization and required for particular transactions. Additionally, businesses should avoid collecting personal information indiscriminately. As I’ve mentioned in a previous post, reducing the volume of personal information that a business collects (and is then responsible for safeguarding and destroying in accordance with applicable privacy laws) helps customers to reduce their “digital footprints”.  It also helps businesses to comply with privacy laws like PIPEDA and improve customer relations.

The National Do-Not-Call List, PIPEDA and risks with third party opt-out websites

March 25, 2009

obsoleteI recently discussed with Nymity News some of the privacy issues related to third party opt-out websites. Specifically, I highlighted in the interview the risks facing organizations who honour requests from such websites.   Marketing research organizations such as those that are members of the MRIA may find the interview of particular interest, but it’s still worth reading regardless of what industry your business operates in if you’re not yet aware of these types of third party opt-out websites.

Escrow as a new tool for privacy

March 23, 2009

keys-2Bell Canada recently announced that it would acquire The Source, a national electronics dealer.  Bell has indicated that it will be acquiring substantially all of the assets of The Source.

I don’t know what those assets will be, but I think it is an interesting example of the fact that even in recessions we still see acquisitions of companies.  When an organization’s assets are bought, one of the most valuable assets that are purchased is often its customer list.   

PIPEDA and other applicable privacy laws, of course, govern transactions involving personal information.   In the course of such transactions some companies are now implementing concepts once used only to secure physical assets.  For example, many organizations are choosing to employ “escrow” arrangements to ensure the security of personal information.

Most businesses now understand that the implications of violating applicable privacy laws can be very serious to the reputation and bottom line of both the vendor and purchaser.  As part of a sale of a customer list, and depending on the specific circumstances, both parties may agree that the customer list be placed in escrow until the transaction is completed.  This ensures that what is likely the most valuable asset in the transaction – the customer list – is protected from unintended disclosures prior to the actual transfer of the business.

Canada, U.S. laws on privacy complex

February 12, 2009

canada-us-relations-2Canada, U.S. laws on privacy complex

My September 3, 2008 column in the Winnipeg Free Press reports on the findings of the Privacy Commissioner of Canada regarding’s  outsourcing to a U.S. based service provider. The finding highlights the complexities of Canadian and U.S. laws as they relate to the personal information of customers and reminds Canadian businesses of the need to have legal agreements with third party service providers, especially those located in the U.S.

Privacy matters to most customers

February 12, 2009

privacyPrivacy matters to most customers: Staff should be able to handle concerns

My October 1, 2008 column in the Winnipeg Free Press reports on a survey released by the Privacy Commissioner of Canada and the vital need for businesses to train their staff to identify and deal with privacy issues.  Privacy training, or lack thereof, can affect the bottom line.


Get every new post delivered to your Inbox.

Join 135 other followers