Launch Presentation (PDF Format)

Transcription

Co-Counsel
VANCOUVER
CALGARY
McCarthy Tétrault Co-Counsel:
Technology Law Quarterly
January–March 2005
LONDON
TORONTO
OTTAWA
MONTRÉAL
QUÉBEC
NEW YORK
LONDON, UK
Co-Counsel:
Message from the Editor,
Welcome to the inaugural issue of McCarthy Tétrault’s Co-Counsel: Technology
Law Quarterly. This publication will keep you informed of developments at the
intersection of Information Technology, Technology Finance/Mergers &
Acquisitions and the law. Throughout we’ve highlighted cases we believe will be
of interest to our clients and share our insight into the issues and trends we’ve
spotted.
This is a dynamic area of law and business. There is much going on and much to
keep track of, so this newsletter is a bit longer than what you might be used to
receiving from us. But we’ve organised the information to make it clear, and
draw your attention to those areas of most interest to you. If you view the
document on your computer you’ll notice that some articles are linked to other
documents online that can give you a more complete picture of those areas, or
more information on a specific case or judgment.
If you would prefer to receive a paper copy of the newsletter in future, or wish to
change your subscription information (including: requesting more copies,
subscribing for a colleague, or removing yourself from the distribution) please
contact the editor at the link below. As well, we’re happy to send you a binder to
keep paper copies of the newsletter as well as an annual index.
McCarthy Tétrault is proud of its position as a leader in all areas of law, and
recently the 2005 Lexpert Canadian Legal Directory, a peer review publication that
ranks law firms and lawyers, has noted McCarthy Tétrault as having the leading
technology law practice in the country.
Sukesh Kamra, Editor
TABLE OF CONTENTS
INTERNET/E-COMMERCE ...............................................................2
E-contracting ......................................................................................2
Jurisdiction.........................................................................................9
Regulatory ........................................................................................16
Criminal...........................................................................................18
Spam ................................................................................................22
E-commerce News Briefs..................................................................25
TECHNOLOGY CONTRACTING ...................................................26
Outsourcing News and Developments...........................................26
Technology Agreements ................................................................31
TECHNOLOGY FINANCE .................................................................33
Venture Capital/IPOs .....................................................................33
M&A................................................................................................35
INTELLECTUAL PROPERTY ..........................................................37
Copyright .........................................................................................37
Domain Names................................................................................40
Patents..............................................................................................43
Trade-marks .....................................................................................46
Trade secrets ....................................................................................46
PRIVACY....................................................................................................48
Cases ................................................................................................48
News/Legal Developments ..............................................................49
Privacy Legislation/Regulations.......................................................57
Privacy News Briefs ..........................................................................58
McCarthy Tétrault Co-Counsel: Technology Law Quarterly
INTERNET/E-COMMERCE
E-CONTRACTING
Québec: French Language
Requirements on Québec
Website
In a decision rendered on December
8, 2004, Procureur général du Québec v.
Produits métalliques C.M.P. Ltée, 2004
IIJCan 48901 (C.Q.) (CMP), the
Court of Québec ruled that a
company violated, among other
provisions, section 52 of the Québec
Charter of the French Language (the
Charter) by offering to the public on
its website in 2001 advertising which
was not entirely in French and
ordered CMP to pay a fine of
$500.
The Court concluded that section 52
of the Charter, which requires that
commercial directories and any
similar publication be drawn up in
French, creates a strict liability
offence for which the prohibited
activity creates a presumption of an
offence that the defendant can only
reverse by a defence of reasonable
diligence.
CMP argued that at the end of 2000
it had lost Nortel as a client, which
represented 65 per cent of its
revenues, and that this had created a
financial hardship on CMP
preventing it from complying with
section 52. However, the Court
concluded that between 1994 and
2001, CMP had not taken into
account the multiple notices received
from the Office de la langue française
(now Office québécois de la langue
française) (OQLF).
This decision confirms that section
52 of the Charter applies to
advertising on websites. In this
particular case, the defendant was
based in Québec and was selling its
products in Québec. The case does
not indicate whether or not the server
for the website was located inside or
outside Québec. This case is in line
with prior court decisions on the
subject and with the position of the
OQLF as posted on its own website.
McCarthy Tétrault Notes:
Michel Racicot and Charles Morgan
have advised our clients in this area.
In brief, the threshold question when
-2
–
determining the impact of the
Charter on website operations is
whether the Charter applies. In short,
the more links that a company has
with the Québec jurisdiction, the
more likely local law will apply. For
instance:
• Are you entering into
contractual relations with a
Québec resident?
• Are you targeting Québec
residents through your
advertising?
• Are you putting up billboard
advertising?
• Do you have a server in the
province?
All of these things are considered by a
court in addition to whether the
website operator has a physical
presence in the province. The other
factor to consider is not a legal one
but merely a business issue: if you are
thinking about targeting the Québec
market, whether or not you have a
place of business here, you probably
want to have a French language
website.
Once it has been determined whether
the Charter applies to a website
operator, it then becomes necessary
to determine which elements of the
website must be translated. The
Charter doesn’t specifically require
that the entire website be in French.
It does require, however, that certain
aspects of the website be in French.
In our experience, we have found
that whenever a complaint has been
launched and the OQLF has
contacted a website operator, it is
preferable for the website operator
not to ignore the OQLF and to
immediately start negotiating with
them. Typically, they will grant
sufficient time to translate those
portions of the website that contain
advertising. In addition, the OQLF
can be persuaded to exclude from the
French translation of the website
those portions of the website which
do not fall under section 52 or under
other mandatory provisions of the
Charter (such as those mandating
that contracts of adhesion, directions
for use of a product, warranty
certificates, etc., be drafted in
French).
-3
–
The best course of action is to contact
the OQLF before any complaint is
made. In our experience, the OQLF
has been more understanding when
approached before a complaint is
made which allows the OQLF, if a
complaint is eventually made, to reply
to the complainant and indicate that
the OQLF is aware of the situation
and is working with the enterprise to
resolve the issue.
Contact Michel Racicot at
mracicot@mccarthy.ca
Contact Charles Morgan at
cmorgan@mccarthy.ca
Québec: Enforceability of an
amendment to a paper-based
contract
On January 31, 2005, the Court of
Québec rendered a decision that
treated the issue of the enforceability
of an amendment to a paper-based
contract. The case involved a dispute
in relation to a hosting and services
agreement between Paysystems
Corporation and Aspencerl.com Inc.
The two parties entered into the
agreement in 2002. The original
agreement did not contain an
arbitration clause. On October 23,
2003, Paysystems Corporation
unilaterally amended the original
contract and added an exclusive
arbitration clause, made available via
hyperlink and subject to the following
online notice on the opening screen
of the Paysystems website:
“Your continued use of My
Paysystems Services is subject to
the current version of the My
Paysystems Contract.
This contract was last updated
December 18, 2003.
Please click here to review.”
The court had to determine whether
it had jurisdiction to hear the dispute,
given the presence of the arbitration
clause. In order to decide the matter,
the court first had to decide whether
the online unilateral amendment was
enforceable.
Pursuant to a legal analysis discussed
below, the court held that
Aspencerl.com Inc.’s mere use of the
Paysystems Corp. website following
the posting of the amendment and
the above notice was insufficient to
establish binding consent to the
posted amendments and hence the
-4
–
arbitration clause that was contained
in the amendments was
unenforceable, particularly where
there was uncontested testimonial
evidence to the effect that the website
user had not actually taken notice of
the amendments. The judgment is
silent as to whether or not the
Paysystems original agreement
stipulated that the agreement could
be amended by means of an online
posting of the amended terms.
Aspencer1.com Inc. v. Paysystems
Corporation (31 January 2005),
Montréal 500-22-101613-043 (C.Q.)
Although it is possible that the
court’s conclusion is essentially
correct, in our opinion the court’s
reasoning contains a number of
errors of law that would suggest that
the case is likely to be followed with
significant critique and
distinguishing. We address four
aspects of the decision below, which
are legally erroneous.
First, the court suggests that the
procedure used by an Internet-based
merchant to establish binding
acceptance of contractual terms may
not involve mere tacit acquiescence to
such terms. However, section 1386 of
the Civil Code of Québec (C.C.Q.)
states that the exchange of consents is
accomplished by the express or tacit
manifestation of the will of a person
to accept an offer to contract made to
him by another person. In other
words, it is legally erroneous to
suggest categorically that tacit
acceptance of an Internet-based offer
is unenforceable under Québec law.
Instead, each case must be examined
on its facts to determine whether or
not there is sufficient evidence of
tacit acceptance, based on the actions
of the offeree.
Second, the court, citing doctrine,
suggests that something more than a
mere ‘click’ is required in order to
establish binding consent to an
electronic contract. The suggestion is
oddly contradicted by the court later
in the same decision when it cites
with approval the Rudder v. Microsoft
decision (which is cited by the court
as an example of a decision consistent
with the rules of the C.C.Q. in
relation to consent). The Rudder
decision stands for the proposition
-5
–
that a valid contract may be formed
using a ‘clickwrap’ approach to
contract formation (a finding that has
been codified in most Canadian
provincial e-commerce laws). In many
instances, a mere ‘click’ will be
sufficient to establish consent (just as
marking a paper contract with an ‘X’
or saying ‘I Agree’ may form valid
contracts).
Third, the court cites, with apparent
approval, doctrine that suggests that
‘computer contracts’ are subject to a
signature requirement. The court
then notes that the amendments were
not ‘signed’ by the parties. This
doctrinal and legal assertion is
unfounded in our opinion. Only a
very limited sub-set of contracts (such
as those contracts subject to signature
requirements pursuant to applicable
Consumer Protection or Statute of
Frauds legislation) are subject to
signature requirements to be
enforceable.
The net result is that the court holds
that (i) tacit acceptance of an
electronic offer may never be binding;
(ii) something more than a “mere”
click is likely required to form a
binding online contract; and (iii) a
signature may be necessary to
establish binding consent to the
online contract. In our opinion, none
of these assertions are accurate.
Finally, the court’s reasoning is guilty,
in my opinion, of an error of
omission. Specifically, while the court
cites both the Ontario Superior
Court decision of Microsoft v. Rudder
and the Alberta Queen’s Bench
decision of North American Systemshops
v. King, it fails to cite the two
decisions that are arguably most
relevant to the analysis: Kanitz v.
Rogers Cable Inc. (Ontario) and CREA
v. Sutton (Québec), both of which are
much more favourable to the finding
of enforceable online contract
formation.
cmorgan@mccarthy.ca
Ontario: New Consumer
Protection Act To Come Into
Effect July 30th
Businesses selling to consumers in the
province of Ontario will have to deal
with some new and unique legal
-6
–
requirements coming this summer.
The proclamation of the new
Consumer Protection Act, 2002 (CPA
2002) was delayed for quite some
time in order for regulations to be
drafted, but the Ontario Ministry of
Consumer and Business Services is
expected to finally sign off on the Act
at the end of July. The objective of
the Act is to provide comprehensive
consumer protection to residents of
Ontario and at the same time provide
a heightened level of confidence in
online consumer transactions. The
basis for this project was the Internet
Sales Contract Harmonization
Template drafted in 2001 and the Act
will apply to all businesses who are
either located in Ontario or who
engage in activities with a consumer
located in Ontario. The new law will
target not only sales of goods, but also
sales of services.
For Internet agreements exceeding a
threshold of $50 in total potential
payment obligations, suppliers will be
required to: (a) provide consumers
with an express opportunity to accept
or decline the agreement and to
correct errors; (b) disclose specific
information to consumers; and (c)
deliver a copy of the agreement and
such information to the consumer
within certain time frames and in a
manner that will enable the consumer
to retain and print the agreement.
Failure to do either will result in the
agreement being cancellable at the
option of the consumer within
certain time frames.
Internet agreements are but one of
the enumerated types of agreements
contemplated by the Act, each with
its own set of requirements. To the
extent an Internet agreement also
falls within the definition of another
enumerated type, ordering rules in
the Act are used to determine which
requirements will apply.
The dollar threshold applies to
potential payment obligations. As a
result, suppliers whose agreements
provide for periodic payments that
fall below $50 but which, over time,
will exceed $50 will need to consider
whether these requirements will apply
to them.
-7
–
The Act provides prescribed methods
for amending or renewing Internet
agreements. As a result, the common
practice of posting revised agreements
to a website which are intended to be
effective immediately may no longer
be possible.
suppliers should also look to the
general exclusions under the Act
(such as those for financial products
or services regulated under other
provincial legislation) as well as
federal versus provincial jurisdiction
considerations.
The Act also limits the ability of
suppliers to require arbitration of
disputes if doing so prevents a
consumer from going to court to
exercise his or her rights under the
Act and also provides that a
consumer may commence or
participate in a class action
proceeding despite any term in a
consumer agreement that would
otherwise prevent such participation.
This was likely a response to Kanitz v.
Rogers Cable Inc., where Rogers was
able to preclude the commencement
of a class action proceeding through
the enforcement of a mandatory
arbitration clause. It is unclear what
effect these provisions have on
existing arbitration provisions, or on
disputes that are not limited to rights
under the Act.
Contact David Ma at
dma@mccarthy.ca
In determining whether the
provisions of the Act will apply,
Canada: Internet Spending to
Increase This Year
According to a recently released
report by Convergence Group Inc. on
spending over the Internet and data
access, Canadians will spend five per
cent more this year on purchases
made over the Internet. A higher
demand from businesses is said to be
the leading cause.
Delaware: Telemarketing
Company Held In Contempt
Mercury Marketing of Delaware was
held in contempt of court for
continuing to bill consumers for
Internet-related services without
authorization. Not only did this
violate a U.S. Federal law and an
Order directed against them in 2001,
but Mercury’s telemarketers also
-8
–
cold-called some small businesses
nationwide offering to create a web
page for them and then billed them
without their authorization. In fact,
in some instances, the company even
billed consumers who said they
declined to buy the services. The
court held the company liable in this
case and ordered them to pay US $50
million to compensate victims of the
fraud.
Australia: New Laws To Fight ECrime Impacts E-Business
Laws are being drafted by the
Australian Attorney-General to
impact proprietary payment systems,
like PayPal. The parliament of
Australia held an inquiry into cybercrime last year and the results were
essentially that the Internet had made
it easier for criminal and terrorist
money launderers to avoid
surveillance.
In its submission, Austrac, an agency
in Australia, warned that some cybertransactions were beyond its reach.
Although banks in Australia are
required to report transactions to
Austrac, the agency is concerned with
those transactions which take place
overseas.
JURISDICTION
Ontario: Libel on the Internet The Much Anticipated Bangoura
Case is Heard
An Ontario Court of Appeal in
Toronto recently heard the case of
Bangoura v. Washington Post which
may have an enormous impact on
those who read online newspapers.
In short, Bangoura was a UN drug
control officer working in West
Africa. There were allegations of
sexual harassment and financial
improprieties laid against him, yet his
ties to former UN Secretary-General
Boutros Boutrous-Ghali helped him
survive the accusations. Nevertheless,
Bangoura was fired by the UN and
moved his family to Ontario in 2000.
He alleges that he was cleared of any
wrongdoing before any of the reports
were published. He argues that since
the reports have been published, he
has been unable to find a job and has
since filed a lawsuit against The
Washington Post (The Post).
The Post and several other
newspapers filed a motion to dismiss
on the failure to meet the “real or
-9
–
prohibited. In this last case, Jameel
sued Dow Jones in the U.K. over a
story published in the U.S. regarding
rich Saudis. The court held that the
story was accessed by five people in
the U.K. – three of whom were
Jameel’s associates and dismissed it
for lack of jurisdiction.
substantial connection” test since
Bangoura has no real or substantial
connection to Ontario. The lower
court, however, held The Post to be
an international newspaper available
and accessible in Ontario, thus giving
the court jurisdiction. The Post and
other newspapers fear the potential
for future “forum shopping” and in
that context have decided to appeal.
England: Promoter Don King
Allowed to Sue in the U.K.
Lawyers for the newspapers say that
only seven people in the entire
province of Ontario had
subscriptions to The Post website and
that a more logical place to bring the
suit would be Washington, D.C.
The High Court of England rejected
an application to set aside a Master’s
order granting permission to serve a
libel claim brought by boxing
promoter Don King against Lennox
Lewis.
This case is along the same line as
Dow Jones & Company Inc. v. Gutnick
[2002] HCA 56 of Australia, where
the courts allowed a man to bring a
libel case in Victoria, Australia
against Dow Jones for a published
story in Barron’s magazine uploaded
in New Jersey.
According to the court, there were a
number of important factors to
consider, including that the acts took
place in the U.K., both King and
Lewis are residents in the U.S., but
Lewis is a citizen of the U.K. and
both parties frequent the U.K.
regularly and make public
appearances there.
However, a more recent case, Yousef
Jameel v. Dow Jones & Co. Inc. [2005]
EWCA Civ 75, seems to have righted
the ship, as most experts in the area
feel that forum shopping should be
This case concerned two publications,
the context of which is the ongoing
litigation in New York. In July 2003,
the website www.fightnews.com
- 10
–
contained an article written by a Mr.
Burstein accusing King of antiSemitic remarks. A second article
found on a separate web page also
included accusations of bigotry and
anti-Semitism.
The court spelled out that the burden
remains on the claimant to
demonstrate that this is an
appropriate case for service out of the
jurisdiction against each of the
defendants and that England is the
appropriate jurisdiction. By weighing
the evidence, the court held that King
has a substantial reputation in
England and indeed has made
frequent appearances on television,
radio and through other media.
The court pointed out that King’s
financial and business connections
are also in the U.K. and that it is
clear that Mr. King has earned
revenues from this jurisdiction. Thus,
the court held that the libellous
Internet publication originating in
New York is actionable in the U.K.
King v. Lewis, [2004] EWHC 168
(QB)
George S. Takach has recently written
a three column series on “cyber libel”,
which includes a discussion of
jurisdiction in libel cases. To read
these articles, please see:
1.
Cyber Libel (1): Reverberating
Rants on the Internet Can Be
Expensive
2.
Cyber Libel (2): Managing the
Risks Posed by Chat Rooms
3.
Cyber Libel (3): Libelling
Globally, Suing (and
Recovering) Locally
Disputes in cyberspace often lead to
disputes in personal jurisdiction and
in particular the definition of an
appropriate test for personal
jurisdiction. Courts around the world
have struggled in this area. Below are
some recent U.S. cases discussing the
‘interactivity test’ and the use of the
‘effects test’ from the popular case of
Calder v. Jones.
- 11
–
North Dakota: Passive Website
Insufficient for Personal
Jurisdiction
A U.S. District Court held that a
non-resident defendant’s
maintenance of a passive Internet
website, which was available in North
Dakota, was insufficient to permit
exercise of specific personal
jurisdiction over the defendant in
North Dakota.
The allegation in the lawsuit on
behalf of the plaintiff includes
defamatory comments made by the
defendant, which they argue fell
within the scope of the ‘effects test.’
The plaintiff therefore argued that
there is no doubt the court should
allow personal jurisdiction over the
defendant.
The court held that all of the
defendant’s contacts with North
Dakota were related to the plaintiff’s
claims of defamation and intentional
interference with business. The judge
stated that although the website
contained email addresses as contact
references, all of which were
hyperlinked, they were not
conducting business through the
website.
It is important to note that the judge
emphasized three key points: the
defendant’s communications via the
website were directed toward North
Dakota; the subject matter of the
website related to North Dakota; and
the defendants knew the plaintiffs
were residents of North Dakota.
Atkinson v. McLaughlin, 343 F. Supp.
2d 868 (D.N.D. 2004).
Colorado: Moderately
Interactive Website Insufficient
for Personal Jurisdiction
In this unfair competition case, the
New York defendant was held not to
be subject to personal jurisdiction in
Colorado, even though the defendant
operates a moderately “interactive”
website that is accessible nationwide
and through which orders may be
placed from all states, including
Colorado.
The court held that the mere ability
of Colorado residents to order
products from the defendant’s site
does not warrant a conclusion that
the defendant has purposefully
directed its activities toward
Colorado. Boppy Co. v. Luvee Products
Corp., 72 USPQ 2d 1577
(D.C. Colo. 2004).
- 12
–
Connecticut: Interactive
Website Sufficient For ‘Minimum
Contacts’ Test
North Dakota: Interactive
Bulletin Board Leads To
Personal Jurisdiction
A Nevada manufacturer of digital
media products that operated a
website at www.prosourcesales.com
was subject to personal jurisdiction in
Connecticut in a trademark
infringement action brought by a
nationally known video equipment
distributor conducting business
under its federally registered
trademark ‘Prosource’.
Linda Pickrell, from Colorado, was
subject to jurisdiction in North
Dakota in connection with a website
she operated regarding her former
boyfriend, Patrick Zidon.
In this case, the cause of action arose
out of allegedly tortuous conduct in
the forum state. Records indicate that
sales over US $300,000 were made to
Connecticut residents and businesses.
Furthermore, the website was
sufficiently interactive to establish
‘minimum contacts’ under the Due
Process clause of the U.S.
Constitution since customers used
the website to place orders online.
Broadcast Marketing International Ltd.
v. Prosource Sales & Marketing Inc.,
CV0-00517 (D. Con. 2004).
Zidon brought a defamation action
against Pickrell, who operated a
website entitled “Monster of Love:
Surviving Love/Sex Addicts and
Spiritual Predators” at
www.patrickzidon.com. Since the
website contained an interactive
bulletin board allowing individuals to
exchange information, the court held
that the website was interactive.
According to the court, Pickrell’s
Internet communications were
directed uniquely toward the State of
North Dakota since it was these
contacts with North Dakota that gave
rise to Zidon’s claims of defamation
and intentional infliction of
emotional distress. Zidon v. Pickrell
344 F. Supp 2d 624 (N.D. 2004).
- 13
–
Ohio: Direct Website Contact
With Ohio Residents Leads To
Personal Jurisdiction
California: Case Settles Before
Important Jurisdiction Question
Resolved
The U.S. Bankruptcy Court in Ohio
ruled that website operators situated
outside the U.S., who provide users
with access to computer software
programs designed to respond to
questions as part of a questionnaire
on the Internet, qualify as
“bankruptcy petition preparers”
under the U.S. Bankruptcy Code.
As such, these website operators are
subject to personal jurisdiction in the
U.S. as long as a direct link between
them and the state of the U.S. can be
established.
The question, simply put, is whether
U.S. federal courts have jurisdiction
over out-of-state Internet retailers.
In this particular case, the U.S.
Bankruptcy Court for the Northern
District of Ohio held that since the
website operators did indeed have
direct contact with the U.S., personal
jurisdiction had been established. In
fact, the court found that the
defendants had contacts in the state
of Ohio as they solicited business
from individuals located in Ohio and
were paid with funds drawn from a
bank account in Ohio. In re LaDonna
Malinda Thomas, 03-26213
(Bankruptcy Court, N.D.C.
Ohio 2004).
In an 8-3 decision, judges decided the
issue was moot because the parties,
Maine-based L.L. Bean Inc. and
Gator.com Corp. of Redwood City,
California, settled their dispute after
last summer's oral arguments.
Although Gator.com agreed to pay
L.L. Bean, the amount remained
under seal at the Ninth Circuit.
Included in the settlement agreement
was a provision that held Gator.com
liable to pay L.L. Bean an additional
US $10,000 if the panel decided in
favour of the well-known outdoor
apparel retailer. No money would
change hands if Gator.com had won.
The case was closely watched by
lawyers working in the still-developing
realm of Internet commerce and
Internet jurisdiction because it could
- 14
–
have impacted how companies in
different parts of the U.S. resolve
disputes that occur over the Internet.
However, the panel decided not to
step into that debate. Gator.com Corp.
v. L.L. Bean Inc., 366 F.3d 789
(9th Cir. 2004).
U.S.: Federal Circuit Remands
Case Back To District Court For
Website Jurisdiction Review
The Federal Circuit Court of Appeal
has remanded a case back to the
district court to reconsider a decision
to decline a case on jurisdictional
grounds.
The appellants (Trintec Industries, a
Canadian company and Time to
Invent, a D.C. corporation) sued
Pedre Promotional Products for
patent infringement in D.C. Pedre
moved for a dismissal for lack of
personal jurisdiction and improper
venue.
The president of Pedre Promotional
Products claims that its sole office
and place of business is in New York
City and it sells its products across
the U.S., but not specifically D.C. On
the other hand, Trintec filed a
declaration revealing that Pedre
products are extensively advertised on
a number of websites to customers
and potential customers in
Washington, D.C.
In rendering their decision, the court
ordered the case back to the district
court to examine issues such as:
• how frequently the interactive
features of the defendant's
websites are utilized;
• whether any District of
Columbia residents used that
website to transact business;
• how much control, if any, the
defendant has over the content
of third-party sites hyperlinking
to its products; and
• whether any actual sales of
infringing products occurred in
the forum.
Trintec Industries Inc. v. Pedre
Promotional Products, 04-1293
(Fed. Cir. 2005).
- 15
–
REGULATORY
Canada: Federal Government’s
Position On Online Pharmacies
Earlier this year, Canadian officials
drafted a proposal to prevent Internet
pharmacies from selling mail-order
prescription drugs to U.S. consumers.
This is a drastic move that would put
an end to a $700 million industry;
one that has become increasingly
popular with U.S. patients. Health
Minister Ujjal Dosanjh is considering
a three-pronged attack to prevent
Canadian doctors from
countersigning prescriptions for U.S.
patients without examining them in
person.
The initiative would effectively
prohibit non-Canadian residents,
who are not present in Canada, from
obtaining prescription drugs. It would
also ban the export of certain drugs
that are widely used by Canadians.
Although some wonder how the U.S.
Government is reacting to this slow
process, especially since the U.S.
wants an immediate end to the sale of
online drugs, the Minister has
indicated that he is not being
pressured from the U.S. to curb
Internet pharmacies and has made it
clear that the issue for Canadian
doctors is one of ethics.
U.S.: Health Information
Technology – New Report
Released
A new report conducted by
PricewaterhouseCoopers shows that
the current levels of proposed health
information technology funding are
vastly inadequate. The report
indicates that the proposed federal
funding is insufficient to get hospitals
and other health providers in
compliance with President George H.
W. Bush’s plan to have electronic
medical records within 10 years.
The President has proposed US $100
million for development of health
information technology in his 2005
budget and has also appointed a
National Health Information
Technology Director.
Technology improves healthcare and
computerized prescribing systems
have been shown to cut the risk of
patients receiving the wrong
- 16
–
medications by 80 per cent. On the
payer side, technology speeds up
transactions and reduces labour costs
associated with the administrative
tasks.
U.S.: Electronic Frontier
Foundation (EFF) Demands
Data From Justice Department
The Electronic Frontier Foundation
(EFF) filed a Freedom of Information
Act request with the U.S. Department
of Justice (DOJ) in order to
determine if the government is
secretly gathering information on the
Internet surfing habits of U.S.
citizens.
International: APEC Agrees To
Paperless Trading
In an effort to reduce the number of
trees killed, APEC Ministers
endorsed the APEC Strategies and
Actions Towards a Cross-Border Paperless
Trading Environment. This is a plan for
paperless trading and a way to reduce
costs and improve efficiencies. The
initiative highlights the need to
harmonize domestic laws and
customs declaration procedures
through the creation of a web-based
framework.
It is the position of the EFF that the
DOJ is collecting URLs using a device
known as a pen-trap device. The San
Francisco-based Electronic Frontier
Foundation says that the DOJ has not
confirmed whether it collects URLs
using pen-trap devices. The EFF is
concerned with the DOJ’s position
since it is in the best interest of the
public to find an answer to that
question.
- 17
–
CRIMINAL
Canada: CIRA Warns Of
Phishing Targeting Domain
Names
The Canadian Internet Registration
Authority (CIRA) has advised its
registrants not to reply to any emails
requesting verification of their user
account numbers and passwords.
CIRA has been advised that an
unknown party is attempting to
obtain CIRA user account numbers
and passwords from their members by
sending misleading email notices that
appear to originate from CIRA.
These emails request that the user
provide confidential information to
validate registrant information and
prevent the potential likelihood of
domain name suspension.
U.S.: FBI Abandons Carnivore,
But Not Snooping
In the past, the FBI had a technology
designed to read emails and other
online communications. The
technology known as Carnivore still
exists, but the FBI has decided to
abandon its activities under
Carnivore and has switched to
unspecified commercial software.
The objective behind this activity is to
spy on suspected criminals, terrorists
and spies. In addition, the FBI has
asked ISPs to conduct wiretaps on
targeted customers on behalf of the
government. Although the FBI has
not disclosed how much money it
spent on Carnivore, outside experts
say the government probably spent
between US $6 and US $15 million.
U.S.: Companies Not Ready For
Instant Messaging (IM) Attacks
A report recently released by
SurfControl suggests that most
American businesses have not yet
implemented an official policy on the
use of instant messaging (IM) in the
workplace. The result of this is the
growing number of IM-borne attacks.
The report found that although over
90 per cent of the 7,500-plus
businesses it surveyed had established
some form of policy, almost 50 per
cent have no official rules or
guidelines to manage IM and peer-topeer (P2P) software usage.
- 18
–
In the past several weeks, new
variants of existing IM threats have
surfaced due in large part to the
ignorance of companies and their
employees in this area. The method
of delivery and attack is simple – the
worm is normally hidden in the IM
message that appears to have been
sent by a known contact. The message
prompts the individual to click on a
link or open an attachment, but in
reality, the message is a malicious
code.
The report indicates that the number
of attacks is increasing, suggesting
that companies are experiencing
more than three times the number of
attacks this year compared to last.
U.S.: University Data Hacking
At California State University
and Boston College
The personal information belonging
to more than 59,000 students at
California State University has been
compromised in an attack on the
school’s servers.
The information includes Social
Security numbers of past and current
students and applicants of the
university. The faculty and staff have
also been affected.
In a separate incident, Boston
College officials have said that over
120,000 alumni may have had their
personal information stolen when
someone ‘hacked’ into the school
computer and stole their addresses
and Social Security numbers. An
outside contractor runs these
machines and during a routine
security check school employees
noticed something wrong.
U.S.: Bank Of America Loses
Confidential Customer Data
The Bank of America reports that it
lost computer data tapes containing
personal information on over one
million federal employees, including
members of the Senate.
The information lost includes Social
Security numbers, account
information and credit card numbers.
Although there were some reports
that the data tapes were likely stolen
off a commercial plane by baggage
handlers, the bank declined to give
any details regarding the manner in
which the information was stolen.
- 19
–
Among the many whose information
was stolen is Senator Pat Leahy of
Vermont, who has been calling for a
Senate Judiciary Committee inquiry
into whether further regulation is
needed concerning companies who
buy and sell personal data.
U.S.: Personal Information
Leaked at Choicepoint
ChoicePoint was fooled by thieves
into divulging the personal
information of more than 145,000
people from 50 U.S. states, D.C.,
Puerto Rico, Guam and the U.S.
Virgin Islands.
According to the company, since the
breach, the information obtained has
been used in an estimated 750
identity scams. In addition to the
image and reputation of the company
being tarnished, it is the subject of
various lawsuits, a U.S. Federal Trade
Commission inquiry and an SEC
investigation into possible insider
stock trading violations.
The company has now decided to
stop selling sensitive personal
consumer data to many of its
customers.
There have also been calls for new
legislation and in fact, a senator from
California has tabled a Bill entitled
the Notification of Risk to Personal Data
Act. The Bill would require
businesses and government agencies
to notify victims when a criminal
obtains personal information.
ChoicePoint has declared that it
supports a national dialogue on this
growing issue and expects huge losses
in revenue this year.
U.S.: 310,000 Personal Records
Accessed By Intruders At
LexisNexis
Intruders managed to use stolen
passwords to access personal
information including passwords
belonging to 310,000 legitimate
customers. LexisNexis uses Accurint,
the database that was breached, to sell
reports which include the individual’s
Social Security number, address, date
of birth and voter registration
information.
Although the database does not
contain any medical or financial
records, the public is outraged not
only by this incident, but by the sheer
- 20
–
number of incidents that have
occurred over the past several weeks.
Members of the U.S. Senate have
asked for immediate reform to
privacy and information legislation.
Capital Hill hearings on this matter
are said to have already begun.
U.S.: Anti-Phishing Working
Group Update
‘Phishing’ scams are online crimes
that use unsolicited electronic
messaging (spam) to direct Internet
users to websites that are controlled
by thieves, but designed to look like
legitimate and legal electroniccommerce websites.
The way ‘phishing’ works is that users
are asked to provide sensitive and
confidential information, including
passwords, bank account information
or a credit card number, often under
the guise of updating an account or
improving banking services.
per cent in November 2004. This
happened after a significant drop-off
in September and early October
2004. In all, the reports of phishing
websites have grown by an average
rate of 28 per cent monthly since July
2004.
U.S.: Paypal Customers Warned
About Phishing Scams
Customers of PayPal have been
warned that their email addresses
were leaked on the Internet. The
subsidiary of web auctioneer eBay
said that Benchmark Portal had not
properly secured an online form for
customers to opt out of a recent
survey that PayPal had hired the
company to perform. This may have
been the cause of the current leakage
of information. Although PayPal did
not indicate the number of e-mail
addresses that were leaked, it called
the breach “extremely limited.”
According to some research and data
compiled by the Anti-Phishing
Working Group, the number of
phishing websites associated with
online identity theft scams grew by 33
- 21
–
SPAM
Ottawa: Business Emails
Considered Personal
Information
Prof. Michael Geist, of the University
of Ottawa, the complainant against
the Ottawa Renegades Football team,
says that he received an unsolicited
pitch from the football club at his
work email address. Approximately
two weeks later he received a similar
promotional offer at a law firm where
he also works.
Representatives of the Ottawa
Renegades Football team said they
sifted through websites operated by
the University of Ottawa and the law
firm and found the e-mail address
there.
Geist accused the football club of
violating PIPEDA, which was created
as a tool for a number of reasons,
including the protection of
consumers from unreasonable
breaches of personal privacy.
protection to the name, title, business
address or phone number of
employees in an organization.
Although the decision is non-binding
and Geist says he has no intention to
take it to Federal Court to make it
binding, he says this will force
organizations to be less inclined to
adopt aggressive marketing strategies.
While some commentators argue that
Canada’s current laws, including
privacy law statutes, are adequate
to deal with the spam problem,
George S. Takach has made the case
recently that Canada needs a new law
to deal specifically with unauthorized
mass commercial e-mail: in particular,
the new law should allow for a private
right of action so that members of the
e-commerce community might be
able to bring “private law
enforcement” to bear where it is
warranted. For a fuller discussion of
this view, see We Need An Anti-Spam
Law – Now.
Under PIPEDA, the law protects
personal information that identifies
an individual, such as a name, phone
number or residential address.
However, it does not extend the same
- 22
–
Canada: Competition Bureau’s
Fairweb Initiative
The Canadian Competition Bureau’s
FairWeb initiative is a dedicated
Internet surveillance and
enforcement program aimed at
combating misleading and deceptive
advertising found on the Internet.
Now, for the first time, the bureau
has settled the first spam case under
this initiative. The case involved diet
patches Zyapex and Dyapex, from
Performance Marketing, and false
claims made about them in emails.
As part of a consent agreement
registered with the Competition
Tribunal, Performance Marketing has
agreed to refund consumers the full
value of the diet patches and has
assured that unsolicited emails (spam)
will not be used as a means of
marketing its products.
Canada: Competition Bureau
Participates in Two-Day
Program On Spam
The Competition Bureau and more
than 70 other governmental agencies
worldwide recently completed a
special two-day Internet surveillance
and enforcement program. The major
focus of this event was the
proliferation of spam and scams over
the Internet. The objective was to
provide consumers with information,
knowledge and skills to recognize,
report and stop these activities.
Iowa: First $1 Billion Spam
Decision
A judge in Iowa has awarded the
highest amount of damages in a spam
case to date. Bob Kramer filed a
lawsuit against more than 300
spammers, claiming that he received
over 10 million spam messages a day
in 2000. The judge in the case
awarded CIS Internet Services, the
company Mr. Kramer owns, a
judgment in the amount of
US $1 billion. CIS International v.
AMP Dollar Savings et al., 2004 WL
2952561 (S.D. Iowa), online: WL.
New York: Man Arrested Over
Instant-Messaging Spam
In the first ever case of “spimming” –
the new form of spam through
instant messaging, authorities in New
York confirm that they have arrested
a young man accused of broadcasting
- 23
–
over 1.5 million ads for pornography
and cheap mortgages.
The young man was charged with
spamming clients of MySpace, a very
popular social networking company
and had even threatened to tell other
spammers how he spammed them
unless the company made him part of
their marketing team.
This case demonstrates that
spammers are not content to stay
with email technology but are moving
to exploit holes in instant messaging
software. Recently Microsoft released
a security patch for its instant
messaging software designed to repair
an exploitable flaw.
U.S.: Compliance Up To Six per
cent Since CAN-SPAM Act
Introduced
About six per cent of unsolicited email sent through the Internet in
November 2004 complied with the
CAN SPAM Act passed by the U.S.
Congress last year.
has been tracking CAN-SPAM
compliance since the law went into
effect in January 2004 and issues
monthly reports on the subject based
on a random sample of 10,000 emails analyzed on a weekly basis. Six
per cent is the highest rate of
compliance reported by MX Logic
since it began conducting its tracking
reports.
According to The Email Service
Provider Coalition, an online
advertising industry group based in
York, Maine, legitimate advertisers
are complying with the law. Although
the Act was touted as a means to
reduce spam traffic on the Internet,
MX Logic has reported that about 75
per cent of all e-mail found on the
Internet is spam. Interesting to note
that during this same period last year,
that figure was around 67 per cent.
The study was conducted by MX
Logic, an e-mail security firm located
in Denver, Colorado. The company
- 24
–
E-COMMERCE
NEWS BRIEFS
1.
Digital River Inc., a global
leader in e-commerce
outsourcing, announced it
has signed an expanded
e-commerce agreement with
Computer Associates
International Inc. It is also
offering its online clients
MasterCard Secure Code and
Verified by Visa. They have
also expanded their
e-commerce solution through
the acquisition of
BlueHornet Networks Inc.
2.
Best Buy had an interesting
promo during the holidays.
Best Buy online had declared
that to save on shipping, Best
Buy's online customers were
encouraged to pick up
merchandise at the nearest
(brick-and-mortar) store.
3.
Multimedia Live changed its
name to MarketLive. The top
e-commerce technology
company took the name of its
leading product in order to
signify its move to the next
generation of e-commerce
technology.
4.
Exinda Networks recently
launched a software system it
claims will allow companies to
formally charge employees for
stealing bandwidth.
5.
Analysis International
announced in one of their
2004 reports that the volume
of e-commerce transactions in
China reached 440 billion
RMB (approx. $66 billion.)
- 25
–
TECHNOLOGY
CONTRACTING
OUTSOURCING
NEWS AND
DEVELOPMENTS
British Columbia: Province Of
B.C. Wins Outsourcing Dispute
Before B.C. Supreme Court
The B.C. Government and Services
Employees’ Union (BCGEU) filed a
petition with the Supreme Court of
British Columbia in an attempt to
stop the outsourcing of personal
health information of British
Columbians to a service provider.
They sought an injunction that would
prevent the outsourcing of certain
health benefit operations by British
Columbia to B.C. subsidiaries of the
Virginia-based MAXIMUS.
The BCGEU argued that the
privatization of the Medical Services
Plan (MSP) would violate Canada’s
Health Act and had the potential to
breach the privacy of patient data. A
decision in favor of the B.C.
government was delivered on
March 23, 2005 in which the
arguments of the BCGEU were
generally rejected. An interesting
aspect of the decision is that Mr.
Justice Melvin specifically reviewed
some of the measures taken by the
B.C. government in the outsourcing
agreement to protect the personal
information involved in the
transaction and specifically
determined that they provided a
reasonable expectation of privacy.
On a related note, the B.C.
government made some significant
changes to its freedom of information
and protection of privacy legislation
as a result of the USA PATRIOT Act
in the Fall of 2004. Other provinces
such as Alberta are currently
reviewing this issue. The federal
government has announced that it is
considering implementing certain
contractual provisions to address the
USA PATRIOT Act. B.C Govt Serv.
Empl. Union v. British Columbia
(Minister of Health Services), 2005
BCSC 446.
We acted for the B.C. government in
the outsourcing transaction with
MAXIMUS. As noted in the
judgment and other public
descriptions of the deal, a number of
unique structures were implemented
- 26
–
in order to protect the health records
that were being made available to the
B.C. subsidiaries of MAXIMUS.
These included a trust structure,
establishing new Canadian corporate
entities, technological and business
process restrictions, direct agreements
between the B.C. government and
MAXIMUS employees, whistle
blowing hotline, substantial penalties
and stringent data location and use
restrictions. The balancing act for
future outsourcing deals in Canada
will be the sensitivity of the
information involved, public
perceptions, the structuring
opportunities available in the deal
and costs involved in implementing
additional structures. Additional
measures of protection generally do
not come without an associated cost.
It will be interesting to see cost
impacts on the outsourcing industry
in Canada based upon the
heightened concerns over the USA
PATRIOT Act. Prof. Michael Geist
notes in his recently published article
on this issue: “The MAXIMUS case
will set the benchmark for future
outsourcing arrangements in Canada
with similar safeguards likely to be
introduced on a national level in the
months ahead. If accompanied by
order-making power and greater
transparency, it will go a long way to
ushering a new age for Canada’s
privacy law framework. The days of
light regulation for Canadian privacy
appear to be numbered.” 1
Contact Matthew Peters at
mpeters@mccarthy.ca
Gartner Consulting Report
Names IBM Leader Of
Outsourcing
A recent report by technology experts
at Gartner Consulting named IBM
the worldwide leader in technology
outsourcing, and suggest they’ll
remain so for the foreseeable future.
In preparing the report, Gartner used
criteria designed to give potential
clients the information necessary to
select companies based on their
current and future direction.
The report concluded that companies
who send jobs offshore are not
receiving anticipated returns. It was
1
Michael Geist, The Three Stages of
Can. Privacy Law (2005)
<www.michaelgeist.ca/resc/html_bkup/april
112005.html>
- 27
–
suggested that this is a direct result of
firms not taking a comprehensive
look at how outsourcing should be
implemented, but rather that
companies often look for the largest
wage differentials instead of finding
areas that fit their long-term goals.
If you are looking for additional
information on outsourcing, Adam
Vereshack has written a book entitled
A Practical Guide to Outsourcing
Agreements to be published in Canada
and the United States (LexisNexis) in
June 2005. The book contains a
detailed analysis of the fundamental
provisions of outsourcing agreements
for both Information Technology
Services and Business Process
Outsourcing with numerous
precedent clauses. The book has been
written for lawyers who wish to have
a better understanding of the basic
principles of outsourcing contracts
and for CIOs and CFOs who may be
considering outsourcing. A table of
contents can be viewed here.
Gartner Report Estimates
Increase in Call Centre
Outsourcing
Gartner estimates customer service
outsourcing will increase from
US $8.4 billion in 2004 to
US $12.2 billion in 2007.
The offshore percentage of this will
remain quite limited, growing from
two per cent in 2005 to only five per
cent in 2007. While outsourcing can
reduce costs by up to 30 per cent,
Gartner also warned there are added
risks, given that outsourcing service
providers can experience employee
attrition rates of up to 80 per cent
annually, while in-house call centres
are traditionally in the 25 per cent
range.
Gartner also predicts that up to
60 per cent of organizations that
participate in call centre outsourcing
will experience customer problems
and other difficult to measure costs
that may well overshadow the
possible savings attained by
outsourcing.
Contact Adam Vereshack at
adamv@mccarthy.ca
- 28
–
The findings of this report echo our
experience in assisting parties in call
centre outsourcing deals, whether in
North America or offshore.
Companies wishing to outsource have
to be careful to understand the risks
specific to outbound vs. inbound call
centres.
Inbound call centres generally require
a greater level of sophistication on the
part of the staff. So when considering
outsourcing, supplier staff attrition
rates become a very important
measure. For an outbound call centre
these issues matter less.
McCarthy Tétrault often
recommends that clients consider a
‘pilot test’, whereby two service
providers are asked to run a small
scale operation for a period of time so
that concerns can be discovered and
addressed prior to a full-scale
outsourcing.
Contact Cheryl Slusarchuk at
cslusarchuk@mccarthy.ca
International: India Still The
Leader in Global Offshoring
The Economist Intelligence Unit has
ranked India as the current leader in
offshoring, but due to an increase in
offshoring to Eastern Europe, analysts
predict a big surge from Europe.
The report also indicates that China
is second behind India and the gap
between both nations is quite
significant due in part to the fact that
India has a large number of Englishspeaking graduates, very low labour
costs and its developed legal system.
The report examined 60 offshoring
destinations and surveyed over 500
senior executives. It concluded that
over the next several years, companies
will continue to redistribute service
functions to Asia and Eastern
Europe.
The report also suggests that about 57
per cent of executives in the survey
cite outsourcing as a critical force in
the global marketplace. This number
is up from last year.
- 29
–
Adam Vereshack has made
presentations and written several
articles in the area of outsourcing,
including the following:
Managing Risk Through An
Effective Business Process
Outsourcing Contract: The
presentation was given at the
Conference Board of Canada entitled
2004 Business Process Outsourcing
Conference in Toronto. This
presentation covered a number of key
elements to effective outsourcing
contracts, including the development
of a transition plan and the
importance of a well-drafted scope of
services section with reference to
benchmarking.
Particular emphasis was made to the
pricing scheme, including a detailed
breakdown of the prices and the
importance of both Additional and
Reduced Resource Charges. Adam
makes a point of highlighting service
levels and ensuring that all services to
be outsourced are listed accurately
and in an organized manner.
Other topics include: Risk
management strategies and benefit
sharing, disaster recovery plans as well
as examining pre-outsourcing factors,
such as security of the geographic
area, accessibility controls, auditing
and the existence of a strong legal
system for protection of IP rights.
Contact Adam Vereshack at
adamv@mccarthy.ca
International: Why Natural
Disasters are an Important
Factor in Outsourcing
Before a company decides to
outsource its products or services
outside of Canada, they will often try
to ensure that security and political
stability of the destination region are
weighed and found to be acceptable.
A recent article indicates that only
after the tsunami devastation has the
component of natural disasters
become an issue. A report published
by Computerworld Reports indicates
that the frequency of large-scale
disasters impacts the levels of risk.
Although the report suggests that
disasters such as the recent tsunami,
- 30
–
or the 1975 earthquake that hit
China, killing 242,000 people, are
devastating, the accumulated damage
from minor natural disasters is cause
for concern as well.
TECHNOLOGY
AGREEMENTS
The court dismissed most of the
plaintiff’s arguments, including their
unjust enrichment one and held that
the argument under the Indiana
Deceptive Consumer Sales Act was
invalid since the section they were
relying on applies only to claims that
“sound in fraud” and are “grounded
in fraud.” SMA Corporation v.
PeopleSoft USA Inc., 1:00-CV-01095-LJM-VS
(S.D. Ind. 2004).
Indiana: Fraud Claims Against
Peoplesoft Relating to Software
License Dismissed
International: Harald Welte
Sends Out Warning Letters Re:
Linux Open Source
Following the dismissal of fraud
claims arising out of a software
license agreement, a U.S. District
Judge in the Southern District of
Indiana dismissed state claims for,
among other things, unjust
enrichment and theft by deception.
The Linux open source developer,
Harald Welte, sent out warning
letters to several IT vendors at a
recent technology show in Germany
for violation of the General Public
Licence rules. In all cases, computer
code of each company’s products
used the GPL code but they failed to
make the source code available.
Among those warned were Motorola
and Acer.
The complaint itself referred to
statements made at meetings and
elsewhere regarding the successful
implementation of the PeopleSoft
software. In fact, the allegation is that
PeopleSoft knew that the software
they were creating was not compatible
with the platform and did not
function as promised.
Welte, one of the core developers of
the Linux kernel firewall engine and
the mastermind behind the famous
www.gpl-violations.org website, a site
designed to prevent companies from
- 31
–
violating the General Public License
rules, has been very active in
promoting the open source project.
In the past, Welte has made
arrangements with over 25 companies
that were previously in violation of
the GPL code for the same reasons.
centralized approval of all OSS used
in the organization and periodic
audits to ensure compliance with the
policy.
Contact George S. Takach at
gtakach@mccarthy.ca
While Open Source Software (OSS)
can present users and technology
companies with some interesting
opportunities and potential cost
savings, OSS comes with a fair
number of risks as well. There are
strategic, operational and legal risks,
including issues surrounding: ability
to customize; compatibility and
interoperability; maturity; forking;
code integrity; infringement and
warranties and indemnities. For
software companies that use OSS in
their proprietary products, there is
also the extreme outbound licensing
risk that otherwise proprietary code
itself becomes OSS due to the viral
licensing terms of the relevant OSS
license. Therefore, it is critical that
users and software developers alike
adopt an OSS policy, that includes a
- 32
–
TECHNOLOGY FINANCE
VENTURE
CAPITAL/IPOs
Québec: New Government
Assistance for Québec-Based
Enterprises
On April 21, 2005, the Québec
provincial budget included a new
form of government assistance for
business. The program allows
Québec-based enterprises with less
than 200 employees to benefit from
specialized consulting services,
including legal services. The
assistance will apply, in particular, to
the following projects:
In general, the assistance granted will
take the form of a non-refundable
contribution of up to 40 per cent of
eligible project implementation
expenditures, to a maximum of
$50 000. Government financial
assistance may not exceed 50 per cent
of all the expenditures inherent to
the project. The assistance will cover,
in particular, professional fees and
research expenses for the acquisition
of patents and the protection of
intellectual property.
Contact Michel Racicot at
mracicot@mccarthy.ca
• development of new products
or innovative processes;
Canada: March Networks Files
IPO
• technology transfer;
March Networks, the Canadian-based
IP digital video surveillance solutions
provider, has filed its prospectus with
the securities regulatory authorities in
all Canadian provinces in
conjunction with its IPO of its
common shares.
• improvement of management
skills;
• acquisition or protection of
intellectual property;
• development of financing
strategies;
• realization of investment
projects; and
• carrying out of feasibility
studies.
- 33
–
RECENT INVESTMENTS
INVESTOR
COMPANY
AMOUNT
Investors from health sector
Wellinx / Purkinje
US $11 million
Technology Partnerships
Migenix
$9.3 million
Soses Investments
NewspaperDirect
$8.5 million
Government of Canada
Westport Innovations
$6 million
BPS
Brascan
$1 million
Wellington Financial
Environmental
$1.5 million
Desjardins
Technologies Photogram
$900,000
BDC
Netistix Technologies
$750,000
BC Advantage Funds (VCC)
Vectis Technologies
$525,000
Canada
Ltd., the Working Opportunity
Fund (EVCC) Ltd. Managed by
GrowthWorks Capital Ltd., the
Western Universities
Technology Innovation Fund
(WUTIF), Koldyk Ventures
- 34
–
M&A
Canada: SS&C Technologies
Prevails in Battle for Financial
Models Company
On April 19, 2005, SS&C
Technologies, Inc. of Windsor,
Connecticut completed its
acquisition of Financial Models
Company Inc. (FMC), a leading
provider of technology solutions for
the investment world, for
approximately $205 million pursuant
to an all-cash take-over bid
announced on February 25, 2005.
The SS&C offer represented a
premium of 115 per cent to the
closing price of the FMC common
shares the day before the bidding
process started. The completion of
this transaction followed a highly
contested take-over bid process
involving two other bidders, Linedata
Services S.A. of Paris, France and a
holding company of Mr. Stamos D.
Katotakis, the President and CEO of
FMC, as well as a string of hearings
before the Ontario Securities
Commission, the Ontario Superior
Court of Justice and the Ontario
Court of Appeal regarding take-over
bid financing requirements and the
interpretation of a shareholders’
agreement among FMC’s major
shareholders.
McCarthy Tétrault acted for FMC in
this transaction with a team led by
Graham Gow and Phillip Moore.
Contact Graham Gow at
ggow@mccarthy.ca
Contact Philip C. Moore at
pmoore@mccarthy.ca
Canada: Ubisoft to Acquire Part
of MC2 Microids
Video game maker Ubisoft has
announced that it has acquired part
of the MC2 Microids operations in
Canada. This is the second recent
development for UbiSoft. Earlier it
said that it would begin developing a
series of sports titles after it acquired
worldwide licensing agreements. It
has already confirmed that it acquired
source code in Microsoft Game
Studios team sports games and has an
exclusive agreement with Vijay Singh,
- 35
–
an elite professional golfer, to
produce a signature golf game.
Canada: Guest-Tek to Acquire
Golden Tree Communications
In-hotel entertainment and
technology company Guest-Tek
Interactive, based in Calgary, will
acquire Golden Tree
Communications of California.
Under the deal, Guest-Tek will pay
half cash and issue 1.8 million shares
to buy Golden Tree, which provides
high-speed Internet service to hotel
customers.
- 36
–
INTELLECTUAL PROPERTY
COPYRIGHT
Ottawa: Government of
Canada’s Copyright Reform
Announced
The Hon. David L. Emerson,
Minister of Industry and The Hon.
Liza Frulla, Minister of Canadian
Heritage and Minister responsible for
Status of Women, released a
statement in late March outlining
proposed amendments to Canada’s
Copyright Act that will address the
many challenges of the Internet and
digital copyright. These amendments
will include:
• Implementation of the WIPO
(World Intellectual Property
Organization) treaty.
• Anti-circumvention provision
that applies to copyright
material and Technological
Protection Measures (TPMs)
• A “notice and notice” provision
for ISPs. An ISP must only
inform the infringer of the
infringement, but cannot ask
that it be taken down.
• The Act is also intended to
include provisions for
photographers’ rights with an
exception for consumers who
commission photographs for
domestic purposes.
• A provision to allow materials
for research and educational
purposes will be created.
• A full reproduction right for
performers in sound recordings
will be introduced.
Barry Sookman has written numerous
articles in the area of copyright law,
particularly digital copyright law and
has been a leader in publishing his
work on list servs for others to view
and discuss, a few of which can be
found below:
'TPMs': A perfect storm for
consumers: Replies to Professor
Geist: The linked article has its
origins in an article written by Prof.
Michael Geist and published in the
Toronto Star entitled “‘TPMs’: A
perfect storm for consumers.” The
response by Barry Sookman addresses
some of the issues raised by the
Government’s copyright reform and
provides an excellent analysis on the
reasons why modernizing Canada’s
copyright laws will have a beneficial
- 37
–
impact on small and large businesses
who rely on copyright to recover from
technological advances and reach a
fair copyright balance in a
competitive marketplace.
OBA Conference Centre in Toronto.
Barry spoke to the issue of how
copyright has kept up with the
evolving world of computer
technology.
Sound Bytes, Sound Rights: Canada
at the Crossroads of Copyright Law:
The music industry after BMG v. John
Doe (and Jane Doe) 2004 FC 288. A
presentation given by Barry Sookman
on February 11, 2005, in Toronto,
Ontario on the issues surrounding
the case and some of the broader
copyright policy concerns raised in
Canada and the U.S.
Please click here to see a copy of
Barry Sookman’s presentation
entitled, “Technology in Bloom Has copyright kept up with evolving
computer technologies?”
IT.CAN Roundtable: The Tariff 22
Decision: Internet Meets Copyright:
Law Presentation given on September
20, 2004 on the impact of the Tariff
22 decision on copyright law.
Contact Barry Sookman at
bsookman@mccarthy.ca
Professional Notes: Conference:
Technology in Bloom
Barry Sookman spoke at a recent
Ontario Bar Association (OBA)
Conference, entitled Technology in
Bloom, held on April 8, 2005 at the
Contact Barry Sookman at
bsookman@mccarthy.ca
U.S.: Grokster Case Before U.S.
Supreme Court
In the most anticipated copyright case
in the U.S., the Supreme Court is
currently hearing arguments in the
Grokster case.
Essentially, the case boils down to
whether the makers of P2P software
can be held liable for the mass
copying of songs and movies on the
Internet. The entertainment industry
is seeking an affirmative response to
the question, even though Grokster
and StreamCast argue that such a
decision would run counter to the
- 38
–
1984 Sony Corp. v. Universal City
Studios, Inc., 464 US 417 case.
That case held that the maker,
distributor and seller of videocassette
recorders were not liable since the
technology, then the VCR, was
capable of non-infringing uses. It is
this test that is being re-visited by the
parties in this dispute, especially since
the technology is now far more
advanced.
As it currently stands, the Ninth
Circuit Court held that the P2P
networks were neither contributorily
liable nor vicariously since the
networks were capable of substantial
non-infringing uses and both
Grokster and StreamCast did not
have the ability to stop the infringing
users.
Arizona: File Sharing Conviction
Confirmed
was sentenced to a three-month jail
term, three years probation, 200
hours of community service and a US
$5400 fine. In addition, the judge
ordered the student to take a course
in copyright law at the University of
Arizona.
International: Report Indicates
Increase in Music Sales
According to data released by the
music industry’s major trade and
lobbying group, there was an increase
of two per cent last year in the
number of CDs and other music
products shipped to retail stores.
Although this does not reflect the
actual sales to consumers, the data is
seen as positive. In a separate report,
the International Federation of the
Phonographic Industry reports that
last year’s worldwide sale of CDs and
other music products was essentially
the same as the year before.
A University of Arizona student has
pleaded guilty to possession of
unauthorized copyrighted material.
Parvin Dhaliwal is said to be the first
person in the U.S. to be convicted of
the crime under the Arizona state laws
against illegal downloading. Dhaliwal
- 39
–
DOMAIN NAMES
U.S.: Nissan Motors Inc. Wants
Mr. Uzi Nissan’s Domain Name
The U.S. Supreme Court has received
an application from Nissan Motor
Co. asking it to review a Ninth
Circuit ruling that allowed a
computer business to continue using
the domain name www.nissan.com.
The car manufacturer argued that the
court’s decision could lead to massive
abuse of trademark owners’ rights.
An individual by the name of Uzi
Nissan has associated his name in
connection with several business
ventures including Nissan Computer
Corp., the defendant in this case.
Nissan Motor Corp. v. Nissan Computer
Corp. 73 U.S.L.W. 3619 (U.S. 18
April, 2005).
New Hampshire: Delay in
Commencing Lawsuit Not Costly
in Cybersquatting Case
The New Hampshire Supreme Court
has upheld an injunction against a
vacation home owner’s use of the
domain name www.nordicinn.com,
even though there was an issue of
mitigation of damages, since the
plaintiff did not bring the lawsuit in a
timely fashion.
Although the court did not believe
the reasons given for the delay by the
plaintiff, it nevertheless upheld the
injunction saying that there was no
bad faith and that the public interest
in preventing further confusion
outweighs the harm to the
homeowner. Nordic Inn Condo.
Owners’ Association v. Ventullo 864
A.2d 1079 (N.H. 2004).
Florida: Infringement of
Federally Registered Trademark
is Illegal
In this case, the defendant MedPets
advertised and sold pet care products
through its websites MedPets.com
and 1-888-MedPets.com.
Since the defendant’s domain names
were nearly identical to the plaintiff’s
trademark (PetMeds), the plaintiff
warned the defendant that these
websites violated his federallyregistered trademark and demanded
that the defendant cease his
infringing conduct. The defendant
continued to use the mark after being
- 40
–
notified of the infringement by the
trademark holder.
The U.S. District Court for the
Southern District of Florida held that
infringement of federally registered
trademarks through website domain
names was wrong and constituted
infringement. PetMed Express, Inc. v.
MedPets.com Inc. 03-62019-CIV
(S.D. Fl. 2004).
Illinois: Cybersquatting Has
Legislative Exceptions Judge
Says
A Texas-based website development
company, Pure Imagination Studios
Inc. was liable for infringement of the
Pure Imagination mark, which was
registered and used by an Illinois
website development company. Both
companies conducted business
primarily over the Internet.
A court in Illinois took into
consideration factors such as, the
similarity of the marks, the low level
of sophistication of the customers
and the incidents of actual confusion,
and issued a finding of ‘confusion.’
Nevertheless, the Texas company was
not liable under the AntiCybersquatting Consumer Protection Act
since Imagination Studios Inc. was
protected by an exception within the
Act. The exception allows a registered
domain name owner, who had
reasonable grounds to believe that the
use of the domain name was,
amongst other things, lawful, to be
exempted from the Act.
In this case, Imagination Studios truly
believed it had prior rights in the
domain name and when Imagination
Studios conducted a trademark
search, it failed to find the pending
registration of the Illinois company.
Pure Imagination, Inc. v. Pure
Imagination Studios, Inc., [2004] U.S.
District LEXIS 23064 online: LEXIS.
International: WIPO Releases
Domain Name Dispute Decisions
Book
The World Intellectual Property
Organization (WIPO) has just
released a publication that includes
an overview of over 7,000 domain
name dispute decisions since 1999.
- 41
–
Lawyers feel that one of the most
important uses of the book will be
gauging their clients’ chances of
winning an action. Although all
decisions of the Uniform DomainName Dispute-Resolution Policy
(UDRP) have been available online
for several years, this is the first text
that provides a comprehensive
guideline on how the panelists have
interpreted the UDRP.
The book, which is written in the
form of a Q&A, concerns itself with
providing critical information on
both substantive and procedural
questions. For example, the research
conducted shows the interpretation
given by the panelists in determining
what constitutes cybersquatting. In
other words, what an individual
needs to prove to illustrate that a
domain name is “identical and
confusingly similar” to a trade-mark.
We recently acted for the successful
respondent in a UDRP domain name
complaint brought by a well known
U.S. organization.
The complainant had trade-mark
registrations since the 1950s in an
acronym which would qualify as a
famous mark. The respondent’s
domain name incorporated the
complainant’s trade-mark in its
entirety and used the mark as a metatag for its websites.
However, we were able to successfully
argue, on behalf of the respondent,
that it had a legitimate interest in the
domain name because it was using
the domain name in a descriptive or
nominative sense to describe the
services that it provided.
The decision is an important one
because it confirms that the UDRP
process should not be used to short
circuit trade-mark litigation. In a
UDRP proceeding, bad faith and the
intention to confuse are what is
relevant, not the mere likelihood of
confusion. The panel found that
whether or not actual trade-mark
infringement occurred was a matter
appropriately resolved by a court
rather than by a panel charged with
implementing the UDRP.
Contact Navin Khanna at
nkhanna@mccarthy.ca
- 42
–
PATENTS
More than ever Canadian tech
companies are expanding their
businesses globally. This is good news
for them and for the economy, but
with expanded reach comes expanded
exposure of IP assets. Companies
must ensure that they use appropriate
strategies to protect their IP in all
jurisdictions.
Recently we advised a client about the
ability to enforce IP rights using court
injunctions in both Croatia and
Slovenia. With Slovenia recently
joining the European Union (EU),
we were familiar with the
comprehensive IP legislation that has
now made that country compliant
with EU directives and were able to
provide comfort on injunctive
remedies. In contrast, we cautioned
the client about the impracticality of
obtaining injunctions in Croatia – a
country not yet aligned with the EU
approach.
As companies grow and begin to
operate in numerous jurisdictions,
they need lawyers who have the
experience and knowledge to
anticipate the law as it evolves amid
changing legal regimes. In addition to
our familiarity with broadening EU
law, we have advised clients on
extensive legal changes in many
countries, all over the world.
In a recent case we advised a client
operating in South Africa. Recent
large-scale revisions in employee
human rights legislation in that
country have led to a need for highly
current advice. With our knowledge
of legal areas outside of traditional IP
boundaries, we have been able to
provide advice that is well-tailored to
suit these changes.
Privacy is another area of recent flux
and companies need counsel who are
able to ensure that the transfer of
personal data from a subsidiary
company in another jurisdiction to a
parent company in Canada is
authorized and unrestrained. We
have found that building our practice
around the dynamic triangle of IP,
employment law and corporate
structuring has enabled clients to rely
on us for their essential needs and, as
- 43
–
a result, to expand internationally
with tremendous efficiency.
Contact Cheryl Slusarchuk at
cslusarchuk@mccarthy.ca
Contact Stephen Lowry at
slowry@mccarthy.ca
California: Sony Ordered To
Stop Selling Playstation 2
A judge of the U.S. District Court for
North California held that a patent
infringement case filed against Sony
by Immersion, a San Jose-based
developer of the “haptics” technology,
was valid and has issued an
injunction against Sony from
manufacturing and selling the
console in the U.S.
The injunction also forces Sony to
pay licensing fees to Immersion.
Although this case has been ongoing
for over two years and previous
judgments in the case have also
favored Immersion, the recent
decision forces Sony to pay the San
Jose-based company over US $95
million and impacts the manufacture
and sale of over 45 PlayStation games
as well.
Sony says it will continue to sell the
console and games in the U.S. as it
has decided to appeal the decision.
Immersion v. Sony Computer
Entertainment America, C 02-0710
(D.C.N.D. Cal. 2005).
U.S.: Rambus, Infineon End
Their Long Dispute
Rambus Inc. and Infineon
Technologies AG settled their legal
claims on their respective
technologies by agreeing to grant each
other licenses.
Under the proposed agreement, the
German memory chip maker,
Infineon, will pay Rambus a quarterly
license fee of close to US $6 million
over a period of two years. Rambus
was also granted a perpetual license
for Infineon’s memory interface.
Analysts who have been following
this case closely suggest that the
ruling by a U.S. federal judge a few
weeks ago in Virginia dismissing
Rambus’ claims only helped
Infineon’s case.
- 44
–
U.S.: Problem With Microsoft’s
Ipv6-Like Patent
system (bill payment division), eBay
stocks plummeted considerably.
The Public Patent Foundation says
that a patent that Microsoft filed in
1998 may be invalid. The claim states
that Microsoft failed to disclose prior
work done by the Internet
Engineering Task Force. Although
Microsoft states it will assert its right
over the patent, the Public Patent
Foundation says that a significant
amount of prior art references were
never disclosed to the U.S. Patent
Office when Microsoft applied for the
patent.
As an aside, this case is quite
similar to the Amazon.com/
Barnesandnoble.com patent
infringement case regarding the
patented “1-Click” system. In that
case, the two companies settled out of
court in 2002. MercExchange v. eBay et
al., 03-1600-1616 (Fed. Cir. CA).
U.S.: Court Says Ebay Patent
Infringes
The U.S. Court of Appeals for the
Federal Circuit held that the ecommerce giant e-Bay infringed a
patent held by a small business in
Virginia.
In particular, eBay’s fixed-price
auctions and some of its payment
methods infringe on a patent
obtained by a Virginia-based
company. Although eBay said the
ruling will not have an impact on its
business since it does not involve its
popular auctions nor its PayPal
International: Ericsson Sues
Sendo Over Patent Dispute
The U.K.-based mobile phone firm
Sendo is being sued by Sweden’s
Ericsson for infringements to its
GSM and GPRS handset technology
patents.
Ericsson representatives say they seek
monetary damages in addition to an
injunction against the continued sale
and marketing of Sendo’s phones.
They allege that Sendo is using their
patented technology.
Sendo is a relatively small player in
the worldwide mobile phone
industry, having sold only 5 million
phones in 2004, but it had sales of
over US $420 million.
- 45
–
TRADE-MARKS
New York: Philip Morris
Awarded US $173 Million in TM
Suit
A U.S. District Court in New York
has decided in cigarette giant Philip
Morris’ favor and has awarded it US
$173 million in damages from
Otamedia, a Swiss online cigarette
retailer, in a trademark-infringement
lawsuit. Otamedia operated an
Internet site by the name of
www.yesmoke.com, which sold
cigarettes around the world but
avoids tariffs and taxes that are
normally subjected to domestic
retailers. Philip Morris USA, Inc. v.
Otamedia Ltd., 331 F.Supp. 2d 228
(S.D.N.Y. 2004).
MBC Enterprise, [2004] U.S. App.
LEXIS 27103 online: LEXIS.
Microsoft has filed a
copyright/trademark infringement
lawsuit against Era Soft Corp., an
Illinois-based company which had
previously been enjoined from
distributing phoney Microsoft
software. It was held that the
company distributed counterfeit
software and related components.
Microsoft Inc. v. Era Soft Corp.
(Case in progress, Westlaw).
TRADE SECRETS
U.S.: Microsoft TM lawsuits
California: Toshiba to Pay for
Breach of Fiduciary Duty
A U.S. federal appeals court reversed
a $1 million damages judgment
awarded to Microsoft after finding
that there were questions of fact
which precluded summary judgment
in Microsoft’s lawsuit against an
alleged counterfeiter. This
copyright/trademark infringement
suit was started in the District Court
for the state of Utah. Microsoft Inc. v.
Memory card maker Lexar sued
Toshiba arguing that Toshiba entered
into an agreement with them to
purchase their technology and then
betrayed the alliance by joining forces
with a competitor. The California
State Superior Court in San Jose
found for Lexar and awarded US
$380 million in damages.
- 46
–
In addition, Lexar is anticipating the
court to rule on its separate claim for
unfair competition. It also intends to
ask the court for an injunction
barring the sale of Toshiba products
in the U.S. Lexar Media, Inc. v. Toshiba
Corporation, [2005] U.S. Dist. LEXIS
5213 online: LEXIS.
U.S.: Wal-Mart Files Trade
Secrets Lawsuit
Wal-Mart has filed a lawsuit against a
former employee alleging that he
stole trade secrets shortly before
resigning from the company. The
individual in question worked for
Wal-Mart as a systems programmer
and had access to confidential
information on a UNIX operating
system. Wal-Mart alleges that prior to
his leaving the company, the former
employee sent emails from his work
station to his home e-mail address
containing over 13 megabytes of WalMart data. Many of the documents
attached to the emails contained
confidential information related to
the UNIX system. Wal-Mart is
seeking an injunction and
compensatory damages.
- 47
–
PRIVACY
CASES
• A thorough review and
update of employee
confidentiality/ privacy
agreements on a yearly basis.
Canada: First Canadian FederalProvincial Privacy Action
The Privacy Offices of Alberta and of
Canada have conducted an
investigation into a case involving
health records being transmitted by
fax to the wrong person, and have
found it to be a contravention of
provincial and federal privacy laws.
The joint investigation was a first for
the two privacy offices.
The faxed information, sent to two
Alberta apartment managers,
contained personal information,
including the name, age, height,
smoking habits and patient number
of an unnamed individual. Also
included was a diagnosis and specific
medical test results. The offices
informed the offending company that
it had violated PIPEDA and proposed
a number of changes, including the
following:
• Implementation of measures
designed to notify individuals
whose personal information
has been inadvertently
disclosed via misdirected
facsimiles.
New York: Provisions of the
U.S. Patriot Act struck down
A U.S. District judge struck down
U.S. Patriot Act provisions authorizing
the FBI to issue national security
letters (NSL) that require Internet
service providers (ISPs) to produce
customer records.
The court held that the NSL violated
the Fourth Amendment and that the
disclosure violated the First
Amendment. The NSL is a unique
form of administrative subpoena
pertaining to national security issues.
The section in question is 2709,
which was amended by the U.S.
Patriot Act, wherein the Act removed
the previous requirement that section
2709 inquiries have a nexus to a
foreign power, replacing the past
language with a broader standard of
relevance to investigations of
terrorism or clandestine intelligence
activities.
- 48
–
The court had a difficult time with
this decision since this case centres
on two fundamental principles:
values and limits. The paramount
value will undoubtedly be national
security and it was based primarily on
this discussion that the court struck
down the provision. John Doe et al., v.
John Ashcroft et al., [2004] WL
2185571 (S.D.N.Y.), online: WL.
NEWS/LEGAL
DEVELOPMENTS
Canada: CIBC Mistakenly
Discloses Confidential
Information; Class Action
Begins
CIBC mistakenly faxed out
confidential information belonging
to RRSP investors and clients to
unauthorized individuals. The
data in the faxes contained highly
confidential and personal
information, including Social
Insurance Numbers, bank accounts,
GIC numbers and amounts, as well
as client signatures. It is alleged the
bank engaged in faxing to the wrong
number for more than two years.
A law office in Toronto has begun a
class action lawsuit suggesting that
even after CIBC became aware of the
leak, they took no steps to identify
and warn its clients of the disclosure.
One way to avoid such problems is to
conduct a privacy audit to identify
potential weaknesses. We were
recently asked by a company to
conduct a privacy audit. We adopted
the following process, which the
client found to be effective.
Our privacy audit process began by
meeting with a core group of the
client’s legal, IT, HR and sales teams
in order to describe and validate our
approach and to get a sense of the
company’s privacy awareness and
practices. The idea was to identify
and enrol key stakeholders from the
beginning of the process and to
identify “red flag” issues as early as
possible, which included the
following process:
- 49
–
• We launched the process more
broadly by making a
presentation regarding the
Canadian data protection
framework (with particular
attention to industry-specific
issues) to over 65 client
employees, including senior
management. The purpose was
to raise sensitivity to privacy
issues, to provoke discussion
and to commence training.
• We commenced the formal
audit process by asking each of
the company’s departments to
produce a data flow summary
that keyed in on the most
privacy relevant aspects of each
business unit’s practices. Much
of this information was
subsequently included in the
Inventory Report, which
provided a “snap-shot” of the
client's current privacy practices.
• We prepared a Gap Assessment,
structured around the 10
privacy principles at the core of
Canada’s data protection
regime, which compared and
contrasted the client's privacy
practices with their legal privacy
obligations, identifying gaps.
• We prepared a Privacy
Compliance Implementation
Plan, which set out a high level
strategy for compliance (closing
the gap), with references
throughout to the business
units that are principally
affected. We focused on the
commonality of the
implementation requirements
across business units as much as
possible, instead of organizing
our implementation plan on a
business unit by business unit
basis.
• We scheduled a series of
meetings with senior
management, including reps of
each of the business units in
order to obtain feedback on the
accuracy of the inventory report
and the feasibility of the
implementation plan. This also
served as a training session and
permitted an opportunity for
informal Q&A.
• We prepared Privacy Guidelines
that were also structured
around the 10 privacy
principles, but provided much
more detailed advice concerning
action items (on a business unit
by business unit basis),
regarding how to operationalise
the implementation plan. The
Privacy Guidelines included a
number of substantive
- 50
–
implementation plan. The
Privacy Guidelines included a
number of substantive
schedules including two privacy
policies, one for employees and
one for customers, using our
standard McCarthy Tétrault
privacy policy templates,
customized using information
from the data flow
summaries/inventory report.
The guidelines also included an FAQ
section, a “tips” sheet, standard
consent language templates, as well as
procedures for responding to privacy
inquiries and complaints. For
branding purposes, we used a
consistent report template for all of
our work products. Throughout, we
implemented a structured approach
to the privacy audit such that the
materials used could be recycled in
future audits to the greatest extent
possible.
cmorgan@mccarthy.ca
Charles Morgan has published several
articles on privacy law, including the
following:
Privacy Issues in Major Business
Transactions: A presentation given
by Charles Morgan at the Eighth
Annual Canadian IT Law Association
Conference, October 21-22, 2004 in
Calgary, Alberta.
Privacy Issues in Multi-Jurisdictional
Compliance: A presentation given by
Charles Morgan at Osgoode Hall Law
School on September 30, 2004 in
Toronto, Ontario.
Alberta: Identification Theft
Being Investigated
The Alberta Privacy Commissioner,
in response to information obtained
from the Edmonton Police Service,
initiated a privacy investigation into
the possible breach of safeguarding
confidential and personal
information from three companies,
namely, Linen ‘n Things, Nor-Don
Collection Network Inc. and Digital
Communications Group Inc.
- 51
–
Under the Alberta Personal
Information Protection Act (PIPA),
private sector organizations in Alberta
are required to protect personal
information against risks such as
unauthorized access, collection and
use of personal information.
The investigation concluded that
these three businesses failed to
protect personal information in their
custody.
The Alberta Office of the
Information and Privacy
Commissioner made some
recommendations including,
ensuring that all records containing
personal information are stored
securely; limiting the access to
personal records to staff and need-toknow personnel only; and, providing
privacy and security training and
awareness to employees.
Alberta: Social Insurance
Numbers Stolen
The Edmonton Sun reports that a
man by the name of Daniel Sims,
who is now serving time in jail in the
U.S., had in his possession the Social
Insurance Numbers (SINs) of staff of
the Edmonton law firm that sued
him after he beat up a broadcaster so
badly that the individual lost an eye.
The Canadian lawyer who sued the
man for the injury of his client had
his own personal information
revealed to Sims while Sims was in a
U.S. prison.
The SINs are found as part of a
1,000-page immigration file Sims
obtained from American authorities.
He is currently battling a deportation
back to Canada. It was in connection
with an immigration hearing that
Sims was revealed this information,
including confidential and financial
information of the lawyer and his
family.
Canada: Federal Privacy
Commissioner Receives
“Negative Option” Privacy Policy
Complaint
The Federal Privacy Commissioner
received a complaint from a Toronto
man who says that the Rogers
Wireless service contract that he
signed includes a “negative option”
privacy policy – which he believes is
illegal.
- 52
–
A communications consultant also
complained about a fine print section
of the company’s service agreement
that requires cell phone customers to
fill out an online form or to contact a
sales representative to prevent Rogers
from disseminating information to
other Rogers companies for
marketing purposes, including
telemarketing.
A senior privacy investigator says that
he has commenced an investigation
under PIPEDA that Rogers Wireless
is allegedly using negative consent
when obtaining customers’
permission to collect, use and disclose
their personal information.
Canada: Federal Privacy
Commissioner Releases Q&A on
PIPEDA and Provincial Privacy
Laws
Canada’s Privacy Commissioner has
released a detailed Q&A regarding
the relationship between Canada’s
Federal privacy law, PIPEDA, and
similar provincial laws in Alberta and
British Columbia.
The Q&A discusses how the laws
apply to different categories of
organizations within those provinces,
and spells out the similarities and
differences between PIPEDA and the
provincial laws. It also clarifies the
application of PIPEDA to provincially
regulated organizations that engage in
inter-provincial or international
commercial activities.
The Q&A addresses the complaints
mechanism in place in each province,
as well as defines some important and
key terminology, including ‘personal
information’, ‘organization’ and
‘individual.’ The Q&A answers some
questions relating to the interplay
and application of both provincial
and federal laws and the question of
whether and in what circumstances, if
any, do both sets of laws apply.
Canada: Health Information
Privacy Law May Become
Similar To PIPEDA
The Canadian government has
proposed an order that could deem
Ontario's Health Information Protection
Act (HIPA) as substantially similar in
protection to the federal privacy law.
If registered, this would be the fourth
such designation.
- 53
–
Essentially, the Order which appears
in the Canada Gazette reads as
follows: HIPA is substantially similar
to PIPEDA. The purpose of this
Order is thus to exempt from
PIPEDA those health information
custodians, as defined in HIPA, in
respect of the collection, use and
disclosure of personal health
information that occurs within the
province of Ontario, in the course of
commercial activity. PIPEDA will
continue to apply to the collection,
use and disclosure of personal health
information outside the province, in
the course of commercial activity.
Canada: Government Alters
Contracts To Address U.S.
Patriot Act
In a response to the U.S. Patriot Act as
well as other U.S. privacy legislation,
the Canadian government will
revamp the wording of future federal
contracts in order to counter the U.S.
powers granted under the antiterrorism laws.
The move is intended to prevent the
U.S. FBI from seeing sensitive data
about Canadians that our
government supplies to American
firms doing business with federal
departments in Ottawa. This is a
direct consequence to the U.S. Patriot
Act, passed following the September
11, 2001 terrorist attacks, giving the
FBI broader access to records held by
firms in the U.S.
In addition to this stance, the
government has asked all agencies
and departments to conduct a
“comprehensive assessment of risks”
to Canadian information they release
to U.S. companies carrying out work
under contract.
The FBI currently has the power to
apply to a U.S. court to have a
company disclose records, including
personal information about
Canadians, to assist with
investigations involving prevention of
terrorism or espionage.
Canada’s Privacy Commissioner,
Jennifer Stoddart, says that if a
federal institution outsources
information to a U.S. company to
process personal information about
Canadians, then as long as the work
is being carried out in the U.S.,
American laws apply.
- 54
–
Canada/U.S.: Privacy Protection
In Canada vs. The U.S.
Prof. Michael Geist explains in his
article in the Toronto Star that
Canadian legislation does not extend
to investigating organizations without
a physical presence in Canada.
He goes on to argue that such a
jurisdictional gap can become a
problem for Canada, so much so,
that the hole left by the Canadian
privacy legislation provides much less
protection than that found in the
U.S.
U.S.: Hearings on the
Implementation of the
U.S. Patriot Act
The U.S. House Judiciary Committee
has committed to hold hearings on
the implementation of the U.S. Patriot
Act.
It will conduct a number of classified
and non-classified hearings before
August 2005 to examine whether the
expiring provisions of the Act should
be renewed. There are several areas to
be reviewed, including the
effectiveness of the Act’s powers and
how responsibly they have been
applied by the DOJ.
In addition, the committee will
conduct a hearing to examine
whether any changes ought to be
made to non-expiring provisions of
the Act, including expanded
surveillance powers such as pen
register searches and roving wiretaps.
U.S.: Truste Ends E-Business
Relationship With freeipods.com
TRUSTe, an independent nonprofit
organization dedicated to enabling
individuals and organizations to
create trusting relationships based on
their idea of privacy protection in the
growing world of electronic business,
has decided to end its relationship
with the company that operates
www.freeipods.com.
In its decision to revoke its
partnership with the website,
TRUSTe stated that there were
numerous violations of privacy
promises to consumers. Although this
is the first such revocation in the past
two years, TRUSTe has admitted that
it has ended ties with other websites
- 55
–
recently as a result of similar privacy
violations.
U.S.: Hewlett-Packard Named
Most Trusted U.S. Company For
Privacy
TRUSTe and Ponemon Institute, an
information-management think tank,
announced that the Most Trusted
Company for Privacy Award has been
awarded to Hewlett-Packard (HP),
essentially due to its establishment
and enforcement of progressive
privacy practices.
The panel of judges, consisting of
privacy experts from academia and
industry, reviewed and selected HP
out of 50 eligible companies for its
comprehensive privacy program. The
Most Trusted Company for Privacy
Award is based on consumer
experience and perceptions of trust
along with expert insight into a
specific company's active privacy
initiatives to create a trusted brand.
Australia: Major Privacy Breach
At Acer
Acer’s online customers suffered a
major privacy breach after the
computer maker's Australian
shopping website exposed personal
details about the customers to all
shoppers using the service.
The online shopping portal at Acer
was guilty of revealing purchase order
information, including names,
addresses, emails and contact
numbers of customers who had
placed orders through the site. If
there is any consolation, the company
states that no customer credit card
numbers were disclosed.
In addition, all customers who logged
onto the website to check the status
of their equipment orders through a
bookmark stored in their web
browser were able to access order
details of other customers, including
personal information. An IT security
consultant discovered the problem
while checking the status of his
equipment order and immediately
reported it to the company.
Australia: National ID Plan
Raises Some Privacy Concerns
There is some concern in Australia
that the identity of Australians could
be subjected to severe and
unprecedented scrutiny.
- 56
–
The Australian Federal cabinet will
soon see a proposal for a national
“document verification service”
designed to combat identity-related
crimes ranging from welfare fraud to
terrorism. The impact of the
proposal, if passed into law, would
give federal and state government
agencies and key businesses the right
to verify the identity of clients by
cross-checking them against several
forms of ID cards, including, birth
certificates, drivers' licenses and
passports.
All of this will be done through a
central data exchange hub. Airlines,
banks and other businesses
vulnerable to welfare fraud or
terrorism are keen to be part of the
project. The possible introduction in
the not-so-distant future of newgeneration passports - with so-called
biometric data, including fingerprints
or facial features - means the system
could have extraordinary reach over
the next several years.
PRIVACY
LEGISLATION/
REGULATIONS
New regulations on “secure electronic
signatures” for PIPEDA recently
entered into force. The Personal
Information Protection and Electronic
Documents Act, in Part 2, allows for a
framework to be established through
various means, including regulations,
in order to accommodate electronic
alternatives to the traditional paperbased means of communication.
Digital signature technology is the
only technology to date that can
provide a means of a secure electronic
signature. The regulations address
this part of the Act.
- 57
–
PRIVACY
NEWS BRIEFS
1.
2.
3.
Scotia Bank refuses to hand
over confidential information
to RCMP: The Bank of Nova
Scotia and the RCMP seem
headed for a showdown that
will be watched by all other
banks as The Bank of Nova
Scotia has refused to turn
over files to a white-collar
crime unit.
The Canadian Bar
Association is raising
concerns over a federal bill
that would enlarge the
national DNA data bank by
allowing the seizure of blood,
hair and saliva samples from
less serious offenders.
Several employees in the
Office of the Privacy
Commissioner have been
allowed to keep the pay raises
that were ordered by the
former privacy commissioner,
George Radwanski.
4.
In a recent survey, Canadians
report a higher rate of identity
theft even though they are far
more cautious than
Americans about sharing their
personal information.
5.
Broad Privacy Bill: Privacy
advocates in the U.S. have
said for years that the country
needs “umbrella privacy
legislation” so that lawmakers
do not have to revisit privacy
laws aimed at emerging
technologies.
6.
Biometrics: American
authorities are now preparing
to issue passports with
embedded personal and facerecognition data strictly for
American citizens.
7.
Nanny Cams: Do they work?
That's the question for
parents when it comes to
videotaping the nannies they
bring into their homes to care
for their children. In fact,
RCN Corp. recently rolled
out a “WebWatch”
monitoring system in the U.S.
- 58
–
as demand for surveillance
cameras increases.
8.
U.K. National ID Cards:
There is a growing concern
over the implementation of
ID cards and the major issue
lies with human rights
laws on privacy and
discrimination. There are
serious doubts about the
amount of personal
information available on
such cards.
9.
A new solution for securing
sensitive and confidential
information is being
implemented by Ingrian
Networks, the leading
provider of data privacy
solutions.
11. Kimberly Gray, the chief
privacy officer for Highmark
Inc., was recently appointed
to the Board of Directors of
the International Association
of Privacy Professionals.
10. Entrust has implemented a
software to ensure the privacy
of electronic communications
and transactions across
corporate networks and the
Internet.
- 59
–

Launch Presentation (PDF Format)

Transcription

Similar documents

Newsletter 7 1984 - Tools and Trades History Society

the farter`s survival guide

highfalutin press release 101013

McCARTHY CENTER AMENITIES - Irvine Company Offices for rent

McCARTHY CENTER - Irvine Company Offices for rent

Power to the people! Ford gives Focus an EcoBoost BMW 3 Series

We`ll take the hiccups out of your holiday

PIPEDA 101 PowerPoint (Done by Communications)

PIPEDA 101 PowerPoint (Done by Communications)

View the presentation