Industry committee  Moreover, I think there's a real problem with records. You need to have records to be able to prove that you fit within the various exceptions and exemptions. Those are quite onerous. To tell a sales force for a business that when they're reaching out to these businesses this is what they have to do, that every time they meet someone they have to scan their business card and put it into their CRM and if they met them they provide an annotation to that effect.

Industry committee  That's right.

Industry committee  Obviously, I haven't seen this yet. This would have come out at 11 o'clock while we're sitting here, right? I was paying attention to you. My question is, what was the evidentiary basis for making that finding? Certainly, in a proportionality analysis, you would look at what the public benefit is.

Industry committee  I think you might have to do a little more there. Part of the problem is what the act targets and another part is what the enforcer targets and where they put their resources. One of the possible mechanisms we have seen in other statutes is the authority of the department. In this case you could have a direction to the CRTC that says that it should be prioritizing certain types of cases.

Industry committee  If there is a way to laser target only malicious types of spam, which would be a huge change to the act, then I don't think we would have that concern with the PRA.

Industry committee  Sure. I think the point about staff that I was making and the allocation of the powers to staff without oversight directly from the CRTC is problematic when you have a new law with very vague provisions and very vague standards. You're putting it all on the shoulders of front-line staff to interpret that, to deal with the companies, to issue notices of violation.

Industry committee  That is certainly set out as one of the factors to be taken into account when assessing fines. Properly applied, it makes some sense. If you have a violation for a single flyer publisher, which we've had one of, you're not going to fine them to the same amount as a multi-million dollar company.

Industry committee  I think Compu.Finder is an interesting case, because by all accounts they were what a lot of people would consider to be a spammer. They were sending out commercial electronic messages fairly indiscriminately and repeatedly ignoring requests to be taken off the list. In a way, it's difficult to say if they went over the top on that within the confines of the legislation.

Industry committee  I guess the answer is I think those are illegal. This is criminal behaviour. I think the solution maybe is directing resources there to go after them, but the CRTC is not going to bring down the Nigerian prince over a phishing scam because it's not even within their authority or their jurisdiction.

Industry committee  I did, just briefly. I just want to make something clear. We're talking about it being aimed at damaging and deceptive types of spam. I want to make it clear that the electronic messaging provisions of CASL don't target those. The sections in CASL aren't about the Nigerian princes and aren't about phishing scams.

Industry committee  If it is, or—

Industry committee  In the limited time I have, in addition to those two points that Wally raised about disproportionate penalties and perhaps the wrong target audience, I would say that part of the problem with CASL enforcement is that we don't know where the lines are being drawn when enforcement decisions are made and put out.

Information & Ethics committee  Far be it for me to say that Ms. Stoddart would be wrong. What I would offer is that we would take a contrary opinion.

Information & Ethics committee  Yes. I mean, certainly there may be cases where organizations would not follow recommendations, and may not agree with the recommendations or the findings that the Privacy Commissioner may make, as is their right to do. Ultimately, the way the act is structured, the way it's supposed to be resolved, is that the matter gets brought before the Federal Court.

Information & Ethics committee  I think it is. From her perspective, it's more difficult to go through that hoop, rather than just to impose a fine directly, so I suspect that's where that motivation comes from.