David Canton – for the London Free Press – April 14, 2007

Read this on Canoe

Organizations are under increasing pressure to ensure their information technology assets are secure and protected for both practical and legal reasons.

Businesses are growing increasingly reliant on information technology, including typical desktop and server systems, the use of services provided by others, websites and electronic commerce, communication by e-mail and the use of portable devices such as Blackberry’s or smart phones. For many organizations even a temporary failure or breach of information technology systems can cause significant losses or business interruption.

From a legal perspective there are a number of different factors affecting IT infrastructure. There is a growing emphasis on IT governance requiring information technology to be considered at the board and executive level. This includes increasingly stringent accounting requirements for internal controls and liability on senior executives for the accuracy and integrity of financial statements.

Information security and integrity issues are increasingly being affected by legal requirements for confidentiality, privacy, exposure to negligence claims, consumer protection requirements, and electronic documents as evidence issues.

So what does this all mean?

It is increasingly important for organizations to pay attention to information technology issues that might result in an interruption of their business, compromises to the integrity of information, or attract legal liability.

Examples include the need for information security to protect against the loss of information, as well as preventing access to it by unauthorized people. It is also important to ensure the integrity of the data, meaning it is not easily manipulated by unauthorized persons. The reliability of data should also be supported by audit trails to show what has happened to the data through its life.

Data must be backed up effectively and be tested to ensure the recovery actually works. That should be done in the context of disaster recovery and business resumption plans to allow resumption of business in the face of any business interruption.

Software must be properly licensed including for unique issues that arise from the use of open-source software. Organizations also need to ensure they are properly authorized to use third-party information or creative works such as photographs. They also need to ensure they own or have adequate rights to use intellectual property from others.

These issues are similar whether the business is a sole proprietor or a large multinational corporation. The complexity of the issues and solutions changes, but the same questions need addressing.

Michael Geist points to a post with a chart showing how high Canadian wireless data rates are compared to other countries.

Canada’s wireless phone use has lagged places like Europe and Asia. The fact that we have a better existing wired infrastructure is generally cited as the reason for that. Perhaps the fact that we pay more has something to do with it as well.

As an aquaintance pointed out to me yesterday, if the EU follows through with their effort to control roaming charges, we might be better off getting a phone based in the EU!

Look at the chart and comments on ThomasPurves.com

ITBusiness.ca has an article about the recent case that said a web site had to charge GST to foreign customers, and the proposed change in the recent Federal budget that would reverse that.

Anyone with a web site based in Canada should consult with their tax advisors to determine their position on GST.

Read the ITBusiness.ca article

Techdirt has an interesting post entitled HP [Hewlett Packard, not Harrison Pensa] Starts Worrying About Forecasted Death Of Printing. The post talks about how and why the paperless office is looking more like a reality.

It has to do with both technology, and the expectations and habits of people. The comments to the post illustrate the people issue – with strong thoughts on both sides.

The post is consistent with my thoughts expressed in my 2006 year end prediction article which said:

And speaking of the office, remember when technology was going to reduce the amount of paper we use? So far, that’s been considered a joke, as computers seem to have increased paper. We may, however, be at the tipping point where electronic record-keeping will actually start to reduce paper. The technology is available — indeed, many of us already have it.

The combination of central storage, document management tools, wifi and cell networks, the convergence of platforms (such as the unified messaging features mentioned above), and document markup tools like tablet computers make it possible. What is lacking is the will and determination to make it happen.

Read the Techdirt post

David Canton – for the London Free Press – April 7, 2007

Read this on Canoe

The information age raises concerns about privacy rights — but privacy cannot be absolute or considered without context.

Two decisions of the Privacy Commissioner of Canada balance privacy expectations with the needs of business to identify their customers.

The Personal Information Protection and Electronic Documents Act (PIPEDA) provides Canadians with the right to privacy with respect to personal information collected, used or disclosed by an organization in the private sector.

The government strives to strike the right balance between an individual’s right to control how their information is used with the needs of businesses to use personal information for reasonable and appropriate purposes.

In the first case, the issue was whether PIPEDA permits a retailer to require someone returning goods to provide photo identification for the purpose of combating fraudulent return of goods.

The complainant had purchased an item, then returned to the store to exchange the item because it was defective.

He was annoyed to learn he would have to provide photo identification to make the exchange.

Even though the store had notices posted indicating photo identification was required for a return or exchange, there was no explanation why it was needed or how it may be used.

The Assistant Privacy Commissioner found the store’s purpose for collection appropriate, and making the provision of photo identification a condition of service was acceptable as long as the purposes are explicitly stated in the privacy policy.

In the second case, the complainant wanted to make a change to his website registration information.

He argued the company providing his domain name registration and management services to his website was trying to collect more information from him than necessary.

The domain name registrar asked for a copy of his driver’s licence or passport to change the administration e-mail address for the website domain name.

It was the registrar’s position its request for I.D. and verification of information was not excessive and done to protect the domain name owners when domain name hijacking is common. The Assistant Privacy Commissioner found the request for photo I.D. was not excessive.

In the cases the Assistant Commissioner referred to section 5(3) of PIPEDA which says an organization may collect, use or disclose personal information only for the purposes a reasonable person would consider are appropriate. In her opinion, the “reasonable person test” was met. One caveat is the reason must be made clear at or before the time the information is collected.

David Canton is a business lawyer and trade-mark agent with a technology focus at Harrison Pensa LLP. This article, written with the assistance of Saleema Khimji, contains general comments only, not legal advice. Contact David at 519-661-6776 or www.canton.elegal.ca.

My blog has been changed to a completely new look. The old version has served well for 2 ½ years – but it was time for a change. Why? Several reasons.

The previous look had a lot going on, not unlike many other blogs. That suits the traditional blog reader well, but may be overwhelming or confusing to those new to blogs. While I’m glad to have anyone as a reader, my main target audience is clients, potential clients, and client influencers. Now that IE7 makes RSS feeds easier to use, more people will be introduced to blogs. The thought is that a cleaner, simpler look will be more attractive to those new readers.

If you look at some of the client comments in my profile, there is a common theme of giving practical advice in a field of complex, changing legal issues. The cleaner, simpler look of the blog is consistent with that approach.

The change also provides on a more consistent look and feel for my eLegal brand, powered by Harrison Pensa, across different platforms.

The new look moved the blog roll, archive lists and other links to a second page. While it takes an extra click to get to them, I think the tradeoff is worth it. Check out the blog list at the “weblinks” link. The list has been updated to include blogs I follow that I think my readers would find interesting.

New technology requires us to re-think a lot of things, including business models, laws, and how they apply. Web 2.0, or Internet innovation is one of those. Too often, though, people have a difficult time putting things in a new perspective.

A couple of recent articles illustrate that point.

Techdirt has a post about the Viacom suit against Google/YouTube claiming that YouTube should be responsible to prevent videos on YouTube that are not authorized by the copyright holder. Techdirt refers to comments made by Google legal counsel, stating:

… he then points out that Viacom has been making mistakes, forcing content offline that wasn’t actually infringing which leads him to note perceptively: “Viacom seems unable to determine what constitutes infringing content, [yet] its lawyers believe that we should have the responsibility and ability to do it for them.” If even Viacom is unable to police its own content correctly, how can they claim that it’s no problem for Google?

Michael Geist’s latest Law Bytes column talks about a disturbing push by some groups to have the CRTC step in and regulate Internet content delivery to enforce Canadian content rules.

The reality is that while disruptive forces are at work here, and traditional notions of copyright, and the protection one needs for creative works and culture are being tested, these forces also give new opportunities. In the end, the winners will be those who figure out how to use the new opportunities, not those who fight them.

Think back 100 years ago when the automobile was emerging. If a buggy maker tried to fight the automobile, they lost. Much better if they decided they were in the transportation business and found a way to work as part of the automobile industry.

Read the Techdirt post

Read Michael’s column

David Canton – For the London Free Press – March 31, 2007

Read this on Canoe

Copyright laws say one cannot copy an article, book, photograph, website, song, video or other creative work without the express permission of the author.

Some have attempted to make it easier for authors to give permission to others to use their material without having to specifically request permission.

The Creative Commons is a non-profit organization dedicated to making creative works accessible for others to legally build upon and share. They created “Creative Commons Licences” allowing copyright holders to grant some or all of their rights while retaining others. My blog at www.canton.elegal.ca, for example, is published under a Creative Commons licence.

The use of a Creative Commons licence makes sense in a lot of situations, but like any licence or document, one has to be careful to ensure it does what you intend.

Author Seth Godin can attest to that. He was not pleased when he saw his free e-book, Everyone’s an Expert, being sold as a physical book on Amazon. Godin could not prevent that, as the Creative Commons licence he used allowed others to copy his work and spread his ideas around.

In the end, Godin came to an agreement with the publisher that allowed the publisher to continue to print the book, but with clear attribution as to its origin.

Those copying anything published under a Creative Commons licence should also pay attention to the conditions and limitations that the licence imposes.

The process to obtain a Creative Commons licence is simple. The author goes to the Creative Commons website and answers a few questions. Then he receives a commons deed, which includes an easily understood summary of the licence and a legal code that includes the fine print.

There are four optional conditions that authors can attach to the work through a Creative Commons licence.

The first condition is attribution — where the author agrees to let others use their work, but only if they credit the author.

The second condition is noncommercial, which allows anyone to use the other’s work, but only for non-commercial purposes.

“No derivative works” is the third choice which allows others to use exact copies of their work but not incorporate them into their own work.

The last condition is “share alike.”

This allows other to distribute derivative works but only under a licence that is identical to the original.

While Creative Common licences are a refreshing change from the traditional use of copyright laws, authors must think their desires through carefully when making those choices.