Thank you.
My name is Suzanne Morin and I work for Bell Canada.
I am assistant general counsel at Bell Canada, as well as Bell's privacy ombudsman. However, I am here today in an individual capacity.
You might wonder why. Bell Canada is a member of all the associations appearing here; however, I participated on the task force as an individual and I just thought it might be useful for me to share with you, in my own personal capacity, some of those experiences, but also why, as an actual representative from an organization, I was on the task force.
Since the early 2000s, we've been doing some work internationally with our counterparts as well as with governments on the Internet Law and Policy Forum, as well as on the Global Business Dialogue on Electronic Commerce, where we really initiated some of the beginnings, if you like, of the international discussion around spam and what to do about it. As you've heard today, no one can really define what spam is because it's all a matter of someone's perspective, but everybody agrees that there is definitely a whole bunch of e-mail out there, the millions and billions of e-mails you hear about that clog up our networks and fill up the inboxes of users.
Through a lot of that international discussion, where players ended up was determining that there were two buckets, if you like, of unsolicited e-mails. There was that bucket that was truly harmful, where this wasn't about seeking consent to use someone's e-mail; this was about using false headers and false reply addresses, and it included selling false goods. There was this notion of falsity and fraud incorporated in them.
Then there was this other bucket, becoming smaller and smaller as the years progressed, because as you've heard, unsolicited commercial e-mail represents about 90% of e-mail circulating on the Internet today. So this smaller bucket was more in the sense of fair practices and whether or not organizations were actually adopting those. For example, the real estate agent scenario that we've heard about over the last week is not the kind of situation that internationally we thought actually made sense to go after, because typically privacy legislation would deal with those kinds of scenarios. So that , because we have privacy legislation here in Canada, and it would be perfectly normal that the complaint would be dealt with through that complaint process, through a kind of one-on-one, and usually the Privacy Commissioner would try to mediate that away. So we have existing privacy legislation in Canada--if we come ahead a few years now--that can deal with a lot of the scenarios and a lot of the unintended consequences potentially than what ECPA does.
However, ECPA definitely has a lot of the tools that in fact are needed to go after the really bad actors, those 17 bad spammers who still live and operate in Canada. A lot of different organizations can tell you, “We know who they are, we know where they live, and we know how they operate. We just need the tools in order to be able to go after them easily.”
If you compare that, however, with some of the statements you heard just a few moments ago, the issue is how do you balance a new regulatory regime to go after these bad actors while not imposing on legitimate Canadian businesses, who are really subject to privacy legislation and consumer protection legislation? And there are definitely different approaches to legislation.
I support privacy legislation, but how do we ensure that balance, given the framework that's been adopted? I think what you've heard here is that a lot of people have spent a lot of time thinking about these issues, and this is a very complicated piece of legislation. Every day that we speak with Industry Canada, either at a hearing here or over the phone, we better understand the intent behind some of the provisions that were there. But we don't fully understand the potential consequences it might have and how it might actually play out.
So I think what you've heard is that additional time is needed to work with Industry Canada. They've gone through a lot of effort to try to deal with some of those unintended consequences to try to make sure that legitimate businesses aren't hampered. But those are in fact good intentions, and words on a page are interpreted by courts and by regulators, and we don't know who will be interpreting those words. Just like that real estate agent example, he or she shouldn't have to file an undertaking with the CRTC if they make a mistake. They should be dealt with before the Privacy Commissioner's office through a very simple complaint and that would go away.
The last thing I might mention, in closing--because the dialogue that might happen is what we are really looking forward to--is that I actually filed a second spam complaint with the Office of the Privacy Commissioner, along with Professor Michael Geist. PIPEDA, our privacy legislation, proved to be perfectly capable of dealing with that situation. This was someone who owned pontoons on the east coast and wanted to sell them. He engaged a third party to send out e-mails to professionals. I happen to be a lawyer, so I was on a list of lawyers he got access to. It was as simple as that. I just happened to be on the task force at the time, and I thought this was perfect: a Canadian selling Canadian goods in Canada. Do we have legislation that can deal with this? Sure enough, PIPEDA rose to the challenge. The person changed his practices. His e-mail marketer changed their practices, and that was great. He wasn't subject to having to sign undertakings. He wasn't subject to significant AMPs.
The last point is a little bit of a discussion, and Mr. Hill referred to it as well. Is legitimate business being faced with significant monetary penalties, whether they're from a regulator or through private right of action? There is a lot of expense for organizations to ensure that they do their due diligence and change their practices so they aren't subject to those types of suits, whether it's before a regulator or before the court. Again it's the notion of balance. How do you go after the bad guys without unintentionally overburdening legitimate business?
With that, I welcome your questions.