Industry committee  Maintenance of data...?

Industry committee  If you are talking specifically about the notion of external invasion into networks, then spyware, for example, might be a gateway in order to allow and facilitate such invasions.

Industry committee  To that extent, address harvesting can result from spyware or can result in the application of spyware. They are all interrelated in that these are threats, and when they are threats to the digital economic platform, they're also threats to the networks, whose robustness and constitution impacts upon trust in that platform.

Industry committee  It would have been mentioned at certain meetings that we were pursuing this.

Industry committee  Often it could be the DGs, or the assistant deputy commissioners, or whoever it might be. There are different steering committees. There's the directors general steering committee, where we talk about broader issues as well as about ongoing investigations. As well, there are enforcement working groups that get together and talk about matters ongoing.

Industry committee  In this situation an organization was coupling the adware with the understanding of the contacts related to social media. It wasn't just social media that was spamming, no. It was this organization that was installing this adware along with other free adware. Social media was a component, but it was not the avenue by which it was delivered.

Industry committee  The adware would take a look at social feeds and deliver and identify advertisements related to the social feeds. It was making use of the social network.

Industry committee  This case was intelligence-driven. It pointed out with respect to these threats, address harvesting and spyware, it's more unlikely that individuals will know that they've been affected and impacted by that. Right from the outset with respect to the coming into force with CASL, we expected to take a more proactive approach.

Industry committee  There was more collaboration with the CRTC with regard to the Compu-Finder investigation because two agencies were carrying out the same investigation. Our office was looking at the collection of addresses whereas their office was looking at the dissemination of messages. To that extent the issue was very complementary.

Industry committee  Well, I can tell you how it can be related.

Industry committee  If you look at the recent case with respect to Wajam, you'll see that one of the features of this adware is that it was coupled with social media interactions and delivered to individuals. Social media could be leveraged by organizations that are carrying out some of these other activities, such as in the Wajam situation, in order to facilitate those activities.

Industry committee  I can talk about one specific outreach initiative where we thought we would do some reaching out to organizations that may not know they're implicated with respect to address harvesting—address harvesting being the collection of addresses through electronic means. Some organizations that use address lists may think that doesn't have anything to do with them, that they just purchase the lists and use them in order to do their marketing.

Industry committee  With respect to fightspam.gc.ca, that's one portal by which individuals can identify whether there are complaints. In terms of our process at the OPC, we can also receive complaints directly, related to CASL or other privacy matters. We have received certain complaints, but by the nature of what we are looking at, as with harvesting and spyware, they're opaque practices, so it's less likely for us to receive complaints.

Industry committee  Just to make one point as well, what we're seeing is often an intersection between issues of different regulatory spheres, an intersection between privacy issues and consumer protection issues. The commissioner talked about the one instance with respect to Ashley Madison where, while we were able to share information with the U.S.

Industry committee  With respect—