The Competition Bureau announced earlier this week its participation in Fraud Prevention Month, which this year focuses on the growing problem of online fraud. Fraud Prevention Month is an annual education and awareness campaign held in Canada and around the world. The Competition Bureau’s website provides some great education and prevention information including a new interactive quiz designed to test consumers’ and businesses’ fraud awareness. I’d encourage you to take the quiz!
The posting of a YouTube video of a woman throwing a tantrum at the Hong Kong International Airport should serve as a reminder to Canadian businesses that employees these days can (and do) easily record and post videos online from their mobile phones.
The three minute video shows a Cathay Pacific customer yelling and flailing her limbs as she lies on the floor after missing her flight from Hong Kong to San Francisco. I’ve been upset at missing a flight before, but the woman in this video takes things to an entirely new level. The video has drawn over five millions views and nearly 21,000 comments, which has resulted in some incredibly cruel and objectionable online commentary about the woman. Since the release of the video, Cathay Pacific has disciplined the gate worker who recorded the video on his mobile phone (although the video was posted on YouTube by a third party) and the company has issued a formal apology to the woman.
The video is noteworthy because it demonstrates the power of new technologies such as YouTube and the corresponding risks to Canadian businesses. Had the video been recorded by an employee of a Canadian business, subject to Canadian privacy laws, the potential privacy complaint and/or lawsuit by the woman in the video could have been substantial.
Canadian businesses should be reminded of the need to protect against the dissemination of this type of video through employee privacy training and the adoption and enforcement of privacy policies and procedures.
The Government of Canada announced today the introduction of anti-spam legislation called the Electronic Commerce Protection Act (“ECPA”) that “aims to boost confidence in online commerce by protecting the privacy and personal security concerns that are associated with spam, counterfeit websites and spyware.”
According to the government’s News Release, the ECPA would allow businesses and individuals to initiate civil actions against anyone who violates the law. The ECPA deals with unsolicited text messages, or “cellphone spam”, as a form of “unsolicited commercial electronic message”.
It would establish a regulatory enforcement regime that would enable the CRTC to impose penalties of up to $1 million for individuals and $10 million in all other cases. The Competition Bureau would use a penalty regime already provided for in the Competition Act, and the federal Privacy Commissioner‘s powers to cooperate and exchange information with her counterparts would be expanded in respect of the Personal Information Protection and Electronic Documents Act.
The ECPA is nearly 70 pages long. Stay tuned to this blog. As soon as I’ve been able to digest the content I’ll post again on how the ECPA is likely going to affect Canadian businesses, especially those enaged in online marketing.
The current global economic climate has led to a growing number of bankruptcy and insolvency proceedings, particularly in the U.S. In dealing with these proceedings, many business leaders have not paid enough attention to the role of privacy law and its impact on the bottom line.
Of course, Canadian companies are subject to Canadian privacy laws such as PIPEDA, which require the consent of individuals for the disclosure of personal information to third parties. In structuring privacy policies, Canadian companies should consider all outcomes including bankruptcy. As a result, privacy policies should be carefully drafted with consideration of the possibility that personal information may be shared with third parties in the event of bankruptcy. Doing so will almost certainly not be enough to fully comply with Canadian legal requirements, but it’s a prudent step in the right direction – especially in these uncertain economic times.
Businesses are increasingly being asked to reduce their “carbon footprint”. And while many customers are interested in doing business with organizations that are trying to reduce their carbon footprint, many customers are also concerned about their own “digital footprints“.
The Discovery Channel has an interesting online tool that allows you to play a simple scenario by conducting your normal transactions as you would on any given day. Doing so shows you how often you provide your personal information to businesses and governments. You can then play the scenario again to try to reduce your digital footprint. Click here to play!
Businesses can help reduce their customer’s digital footprints by ensuring they only collect the personal information of customers necessary for the purposes identified by the organization and required for particular transactions. Additionally, businesses should avoid collecting personal information indiscriminately. As I’ve mentioned in a previous post, reducing the volume of personal information that a business collects (and is then responsible for safeguarding and destroying in accordance with applicable privacy laws) helps customers to reduce their “digital footprints”. It also helps businesses to comply with privacy laws like PIPEDA and improve customer relations.
I recently discussed with Nymity News some of the privacy issues related to third party opt-out websites. Specifically, I highlighted in the interview the risks facing organizations who honour requests from such websites. Marketing research organizations such as those that are members of the MRIA may find the interview of particular interest, but it’s still worth reading regardless of what industry your business operates in if you’re not yet aware of these types of third party opt-out websites.
I don’t know what those assets will be, but I think it is an interesting example of the fact that even in recessions we still see acquisitions of companies. When an organization’s assets are bought, one of the most valuable assets that are purchased is often its customer list.
PIPEDA and other applicable privacy laws, of course, govern transactions involving personal information. In the course of such transactions some companies are now implementing concepts once used only to secure physical assets. For example, many organizations are choosing to employ “escrow” arrangements to ensure the security of personal information.
Most businesses now understand that the implications of violating applicable privacy laws can be very serious to the reputation and bottom line of both the vendor and purchaser. As part of a sale of a customer list, and depending on the specific circumstances, both parties may agree that the customer list be placed in escrow until the transaction is completed. This ensures that what is likely the most valuable asset in the transaction – the customer list – is protected from unintended disclosures prior to the actual transfer of the business.
My September 3, 2008 column in the Winnipeg Free Press reports on the findings of the Privacy Commissioner of Canada regarding canada.com’s outsourcing to a U.S. based service provider. The finding highlights the complexities of Canadian and U.S. laws as they relate to the personal information of customers and reminds Canadian businesses of the need to have legal agreements with third party service providers, especially those located in the U.S.
My October 1, 2008 column in the Winnipeg Free Press reports on a survey released by the Privacy Commissioner of Canada and the vital need for businesses to train their staff to identify and deal with privacy issues. Privacy training, or lack thereof, can affect the bottom line.