In appearances before the committee and in representations that have been made to Industry Canada over the summer, we have had a number of variants on the idea that instead of having a due diligence defence there should be a defence of honest mistake; in fact, inadvertence.
Our response to this is that in section 33 we have actually two categories of defence that are recognized with respect to AMPs, and they're equally applicable to the private right of action. These are, first of all, due diligence, which is the general standard that's applicable to any person where they may have been negligent or they may have caused harm without having intended it. The notion there is that as long as reasonable efforts have been made that avoid the actual harm that was caused--so you put in place, in our case, procedures to ensure that you don't e-mail people who haven't given permission--then you're okay, even if once in a while you make a mistake.
But the second part of it says that every rule and principle of the common law that would be a defence against a charge or offence is applicable in this situation. Through that mechanism we also bring in--and I can't think of many circumstances where it would apply--the concept of a mistake of fact, inadvertence, or any other standard of defence that's available at law.
So I think that rather than changing our standards...we've actually got a very flexible standard, the general rule being due diligence, which is usually enough for most corporate entities. But beyond that, they can rely on other defences that are available at common law. It's for the imagination of lawyers to imagine what other defences they might possibly want to bring, depending on the circumstances, if they need to.