Good morning, Chair, and members of the committee.
Good morning, Mr. Chair and members of the committee.
It's very nice to be here again and see some familiar faces. As you've just said, I am accompanied by Tom Pulcine, our director general, corporate services, as well as Steven Johnston, our senior security and technology advisor. Steven is available in case we get into some IT technicalities that are well beyond my knowledge.
I understand that we're here to discuss supplementary estimates (C) relating to the OPC's oversight role in relation to anti-spam legislation, referred to in the last session as Bill C-27, and more commonly as the Electronic Commerce Protection Act or ECPA.
I thought it might be worthwhile to take a couple of minutes to put our role regarding that legislation in context. Would that be helpful, Mr. Chair?
I'm afraid that with the somewhat short notice our office didn't have time to write and translate a statement, and I confess that I was much more up to speed on the content of this legislation when I appeared before the House industry committee in June. As of this morning, this legislation has not been reintroduced in either House, but I am speaking now as though the legislation will be the same as that passed by the House last November.
As many of you know, the overarching purpose of ECPA is to combat spam in order to provide for a safer Internet. Spam is a serious problem that has a significant impact on the economy. I should point out that Canada is currently the only G7 country without such legislation. Once passed, the legislation would involve a triad of federal agencies in oversight: the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner.
Our role will be to investigate the unauthorized collection and use of personal information from e-mail addresses through a variety of different techniques: harvesting, dictionary attacks, and malware or spyware. I'll be happy to talk about these later if there is interest.
The legislation doesn't change our existing enforcement powers, and we don't expect a significant increase in new complaints to our office under this law. However, we need to gear up incrementally. We need to explain this new law to our stakeholders and the public, and undertake compliance education. The investigations themselves are likely to involve increased technical complexity, as well as collaboration with domestic and international enforcement bodies, and a need for legal enforcement action in some cases.
The legislation also imported some amendments to PIPEDA that are familiar to many members of this committee. Number one is to give the commissioner discretion to decline to investigate a complaint, discontinue a complaint or refer it elsewhere, and allow for collaboration with and the exchange of information with provincial and foreign counterparts who oversee and enforce laws that are similar to PIPEDA. These are general amendments to PIPEDA and would therefore apply to all of our activities, not just those activities related to spam.
In this fiscal year of 2009-10 we have estimated $100,000 in operating costs, anticipating that this bill will receive royal assent in this fiscal year. That amount relates to communication, education, and awareness activities.
Canadians need to be aware that our office will take complaints related to spam through dictionary attacks, spyware, or other methods. We need to prepare for public inquiries and inquiries from business and other government agencies. So we've been busy drafting materials and have developed internal training materials for our own staff. We've also really ramped up our technical expertise that will be needed for investigations dealing with spyware and malware under ECPA. And we've invested in software for these online investigations.
Perhaps that's enough to give you some context for our request. I'm happy to answer any questions.