Thank you, Mr. Chair and members of the committee, for inviting our office to address you on this important government initiative. I am Elizabeth Denham, Assistant Privacy Commissioner, and I am joined today by Hedy Kirkby, Acting Senior Legal Counsel and Carman Baggaley, Strategic Policy Advisor.
The Office of the Privacy Commissioner of Canada has long called for anti-spam legislation. We welcome and support the introduction of the Electronic Commerce Protection Act. This is an important piece of legislation that addresses a serious problem. Much more than a mere nuisance, unwanted electronic messages--or spam--have significant consequences for our economy. Spam affects productivity and undermines confidence in electronic commerce.
This legislation has the potential to help individuals and organizations deal with unsolicited electronic messages, and it also provides important redress mechanisms, including a private right of action. We believe it strikes the right balance between giving people greater control over the e-mail and text messages they receive, while still allowing legitimate businesses to continue to communicate with their clients and their customers.
In the run-up to the development of PIPEDA more than 10 years ago, concerns were expressed by businesses that are similar to those we've heard in this debate about ECPA. However, interestingly, in the PIPEDA review just two years ago, the business community did not raise the same concern that privacy rules would impede business. Business is adaptable. There's evidence that there's a competitive advantage to giving consumers choice and respecting their privacy. As well, for businesses that have actually been complying with PIPEDA for the past nine years and respecting the privacy of their customers, this law should have little or no adverse effect.
The legislation will help us fulfill our mandate to promote the protection of personal information. E-mail addresses are considered personal information under the Personal Information Protection and Electronics Documents Act, PIPEDA.
Our office is concerned about e-mail addresses being collected and used to send spam without consent. We're also concerned about the growing use of spam e-mails containing malware or spyware to collect personal information in order to commit fraud such as identity theft. I should also add that we see this legislation as complementing Bill S-4, which would amend the Criminal Code to deal with identity theft and related misconduct.
The CRTC, the Competition Bureau, and our office will share enforcement of the act. We look forward to working collaboratively with these two agencies and Industry Canada in carrying out our new responsibilities, including that of educating the public about this important new legislation. ECPA contains provisions to facilitate consultation, referral, and information sharing among the three agencies to enable more effective and efficient investigations and enforcement actions.
The three agencies will also have the authority to share information under written arrangements with foreign states where the information may be relevant to an investigation under a foreign law that addresses substantially similar conduct. This is an important provision that's going to help us deal with the challenge of a problem that really knows no borders.
The CRTC and the Competition Bureau will have shared responsibility for enforcing the anti-spam provisions, and those are the provisions dealing with the sending and the content of electronic messages. The Privacy Commissioner will have responsibility for investigating related contraventions of PIPEDA, specifically, the unauthorized collection and use of personal information through e-mail address harvesting, dictionary attacks, and the use of spyware to collect personal information.
The legislation will not change the existing enforcement powers of the Office of the Privacy Commissioner, nor is it expected to create a significant increase in complaints to our office. We actually anticipate that many complaints are going to be directed elsewhere, to the CRTC and the Competition Bureau.
The bill also imports two significant sets of amendments that have been discussed in the context of the review of PIPEDA. Under the first set of amendments, the Privacy Commissioner will have the discretion to decline to investigate a complaint--something we don't have now--or to discontinue a complaint investigation, including in cases where the matter could be more appropriately dealt with by the CRTC or the Competition Bureau.
Under the second group of amendments in ECPA, the commissioner will have the authority to collaborate and exchange information with provincial counterparts--not just those with substantially similar legislation--and with foreign counterparts who enforce data protection laws that are similar to PIPEDA. To be clear, these amendments apply to all our activities, not just those related to spam.
Under the proposed amendments to PIPEDA, the commissioner may decide not to accept a complaint if she believes that the complaint could be more appropriately dealt with under other available procedures. This includes procedures provided for under federal or provincial laws or grievance or other procedures. A complaint may also be refused if it is not filed within a reasonable amount of time--the evidence has gone stale--from the date when the issue actually arose.
The commissioner will notify complainants and also the responding organization if she decides not to investigate a complaint, and she'll provide reasons for her decision. The commissioner may reconsider a decision not to investigate if she is satisfied that there are compelling reasons to do so.
As well, ECPA provides the commissioner with the discretion to discontinue some investigations if she is of the opinion that there is insufficient evidence to pursue the investigation or if the complaint is trivial, frivolous, or vexatious.
The Office of the Privacy Commissioner of Canada has previously asked Parliament in the context of the PIPEDA review to provide the commissioner with the discretion to refuse or to discontinue complaints.
This is important because traditionally privacy issues have arisen in the context of interaction between one person and an organization. They have come to light as a result of a complaint by an individual. More and more often, however, critical privacy issues are arising from systemic threats, from rapidly advancing information technologies, including Internet applications and surveillance. This discretion to refuse and/or to discontinue complaints will, importantly, allow our office to focus our investigative resources on privacy issues that have broader systemic interest.
In closing, I would like to thank the committee for providing us with the opportunity to explain our role in enforcing this important new legislation and the reason we believe this initiative is going to help the office better protect the privacy interests of Canadians.
I would be happy to take your questions.
I would now be pleased to answer your questions.