Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

Office of the Privacy Commissioner of Canada discusses its investigation against Compu-Finder

By Karl Schober
August 14, 2016
  • Canada
  • Enforcement
  • Marketing, Cookies & Spam
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The Office of the Privacy Commissioner of Canada (OPC) recently hosted a knowledge session to stakeholders to discuss its recent investigation against Compu-Finder. This was the first investigation by the OPC involving the address harvesting provisions under the Personal Information and Electronic Documents Act (PIPEDA). See our post summarizing the findings and the OPC’s full report here.

While the OPC could not disclose details of its investigation, the OPC provided attendees with information about its interpretation of its investigative powers, its approach to the investigation and tips for organizations.

The Investigation

Unlike its complaint-driven investigations, this investigation was an intelligence-driven case under the address harvesting provisions that were added to PIPEDA by Canada’s Anti-Spam Legislation (CASL). After significant intelligence gathering to meet its reasonable grounds burden, a Commissioner-initiated investigation was commenced allowing the OPC to collect further intelligence from Compu-Finder, affected individuals and third parties, including by affidavits. The OPC highlighted it applied a cross-functional investigation, using numerous departments and tools, including extensive use of the OPC technology LAB.

It is important to note that unlike the Canadian Radio-television and Telecommunications Commission (CRTC), which is the regulator with main responsibility for enforcement of CASL, the OPC must have reasonable grounds to start an investigation that has not been filed by an individual. The CRTC does not have to discharge that burden before commencing an investigation.

Key Takeaways

“The truth is in your records”. The OPC stressed the importance of record keeping. This has become a consistent theme regarding PIPEDA and CASL. (See our post on the CRTC’s guidance here.) The OPC highlighted that record-keeping was a fundamental issue in its investigation. Organizations must be able to meet their due diligence obligations and prove they have consent for the personal information they collect and use, and for every e-mail they send under CASL. The OPC found that Compu-Finder’s records were inadequate or in some cases may have contradicted their position.

Other lessons offered were:

  • Exercise care when crafting responses to the OPC during investigation
  • An established privacy compliance program can greatly assist you in demonstrating accountability
  • Part of due diligence involves following up, double checking and auditing your policies and procedures

Stakeholders undoubtedly appreciated the OPC’s proactive gesture in providing this opportunity to learn more.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Karl Schober

About Karl Schober

Karl Schober is a Senior Associate with Dentons' Privacy and Cybersecurity group, and Transformative Technologies and Data Strategy practice. Based in Toronto, his thriving practice focuses on privacy compliance, emerging technologies, marketing and advertising, regulated products, and general consumer protection laws and regulations.

All posts Full bio

RELATED POSTS

  • Marketing, Cookies & Spam

Cookies: the UK ICO perspective

We’re now well past the UK grace period for cookie compliance. But what are companies actually doing about this? Are […]

By Nick Graham
  • Data Transfers
  • Enforcement
  • Europe

Safe Harbor: A29 Statement Released on “What’s Next?”

By Nick Graham
  • Marketing, Cookies & Spam

Safe Harbor fallout: where are we now?

By Nick Graham

About Dentons

Dentons is the world’s largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. www.dentons.com.

Dentons Digital

Twitter

Categories

  • Accountability
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2021 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site