If you think our red tape is bad…

We often get frustrated with seemingly unnecessary red tape and arbitrary rules – but every once in a while we run across requirements from other countries that are mind boggling.  For those who have never encountered this, it goes something like this.

A government agency or business in a country your client does business in requires a copy of a document.  If they were here, they may not need that document in the first place, but even if they do it would be a simple manner of scanning and emailing a pdf.

But no, they require a notarial copy – still simple enough.  Then they say the document needs to have a corporate seal as well.  Explaining that most Canadian companies don’t have corporate seals because they have not been required here for decades doesn’t help – its easier and cheaper to just buy a corporate seal.

But they won’t accept a notarial copy on its own, it has to be consularized, meaning the document has to go to that country’s embassy or consulate to be vetted and stamped or formalized in some way.  So you look up the process for that on the consulate web site and see that they have very specific rules about things such as what time of day they will accept documents, what ID has to be provided by the requesting person, and the need to bind the document together in a way that avoids substitution.  It may suggest methods such as sealing wax or an eyelet.  No staples allowed.  So the firm gets canvassed to see if there exists anywhere an eyelet/rivet tool that some lawyers used decades ago to fasten wills together. That fails, so you end up sending the document to a print shop to be bound.

Before the bound document goes to the consulate, it has to go to the provincial Ministry of Government Services so they can sign the document to confirm that the notary who signed it is really a notary.   Then it goes to the consulate where they add their official seal for a modest fee.

But we are still not done.  All of this is in English, so you have to send it to be translated by a certified translation agency or law firm in the country it is going to.

Then it can go to whomever requested it.

By the time this is all done, that document copy has been certified/stamped/sealed by: originating company, notary, provincial official, consulate, official translator.

The task that would have taken 5 minutes here has stretched into hours of work, various fees, and an elapsed time that might be measured in weeks.

Cross posted to Slaw

harrisonpensa.com/lawyers/david-canton

CASL-cure provides a CASL solution

Perhaps the most difficult compliance challenge arising from CASL – the new Canadian anti-spam law – is how to deal with one-off emails sent by individual employees.  A new online service called CASL-cure provides an outbound email filter solution to this problem.

CASL requires either express consent, or one of a complex series of implied consents, before you can send email that is even slightly promotional in nature.  Just 1 non-compliant email sent by 1 employee can put a business at risk for significant sanctions, including multi-million dollar fines, personal director and officer liability, and starting in 2017 private rights of action including class action suits.  The onus is on the sender to prove compliance, so records must be kept to show how and when express consent was obtained, or how the recipient fits into an implied consent category.  The email itself must contain specified contact info and an unsubscribe mechanism.

That is a lot to expect any employee to understand, let alone comply with, regardless of how much training they get.

CASL-cure solves this challenge in two ways.  First, it automatically adds CASL compliant contact information and an unsubscribe mechanism to every email.  Second, it compares the outbound email addresses to a whitelist of emails that have consent.  If it detects an address that is not listed, it holds the email and sends a reply to the sender saying that the intended recipient is not on the CASL approved list, and offers a menu that the sender can use to enter the details of the nature of the consent.  Once the sender completes that information, that consent detail is added to the whitelist and the email is released.

This solution significantly reduces the risk of sending non-compliant emails.  And since it records how and who added the consent details to the database, it is easy for the business to deal with an employee who tries to cheat the system.  It also helps immensely with a defense under CASL if an investigation results from a complaint.  First, because the system records consent details.  Second, if a non-compliant email does get through for some reason, such as an employee entering false information, it provides a due-diligence defense showing that the business did as much as it possibly could to prevent a violation.

Transparency disclosure – the providers of CASL-cure are clients of mine.

Wipe your car before you sell it

I’m in the process of buying a new car, and realized that when we get rid of a car we should think about more than just cleaning out the glove box and taking the snowbrush out of the trunk. A list of data to clear is at the end of this post.

At one time, cars stored no personal information other than the odometer reading and radio presets.

Cars are laden with computers that control and monitor things like the engine, brakes, climate control, entertainment, tire pressure, and safety features. With this comes more data, and with more data comes the temptation to save it and to use it for other things. This is becoming even more so for hybrid and electric cars.

An example is the OBD (on board diagnostics) and EDR (electronic data recorder) system. They contain useful information for the diagnosis of problems, and information for a short period (measured in seconds or minutes) for accident investigation, such as speed, seat belt use, steering angle, number of passengers, engine speed, and throttle position.

It is possible to plug devices into the OBD port to use and retain that information for displaying a dashboard on your phone, spying on your kids driving habits, or sending to your insurer for rate calculations.

Since the EDR system contains limited memory and overwrites itself quickly, there is little risk of that personal information being used after you give up your car – but if you are concerned, make your last drive a leisurely one.

Keeping in mind that it is easy to get a used car report showing owner name and address to link data on your old car back to you, here are some things you might want to do before you part with your car:

  • Delete Bluetooth pairings.
  • Delete stored phone numbers and call history.
  • Remove any CDs, DVDs, and usb keys. (It’s easy to forget a usb key, for example, plugged into a port hidden in the glove box or other compartment, and it might have more on it than just music.)
  • Delete built in garage door opener codes.
  • Clear the GPS of pre-programed destinations and route history.
  • Clear wifi hotspot settings and passwords.
  • Remove any OBD/EDR recorders you have added.
  • Cancel Onstar subscription and reporting. (I know someone who forget to cancel reporting, and continued to get monthly reports on his old car now with the new owner.)
  • Cancel or transfer satellite radio.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

 

 

 

Russian hackers amass 1.2 billion username/password combinations

A New York Times story says that: “A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses…”.  This was discovered by a company called Hold Security, that so far has not named the sites.  I’m a bit skeptical of the news, however, when Hold Security has a paid service to find out if your site is affected by this.

This emphasizes yet again the importance of using proper passwords and taking advantage of multi-factor authentication wherever it is offered.

Since the only good password is one we can’t possible remember, and they should be different for each site, the best approach is to use a password manager.  Password managers both create strong unique passwords and save them for you.  Here’s a recent PC Mag article on The Best Password Managers.

Make sure your password to get into your password manager is a strong one, and take advantage of multifactor authentication for it.  Make sure you have a backup copy of those passwords.  And lets hope that the password manager sites have protected themselves strongly enough that they can’t be compromised.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Can a tablet replace your work PC?

Apple CEO Tim Cook recently said that 80-90% of his computer time is spent on an iPad.

This comment lead tech journalist Mike Elgan to wonder: “Could 80 percent of the corporate workforce do 100 percent of their work on a tablet?”  

His article sets out arguments for and against, but basically concludes that tablets would be sufficient for many.

For me personally, for what I need it for, while you would have to pry my tablet out of my hands, it is not adequate to replace my PC.  For too many things it is just not quite good enough, or efficient enough.  But depending on what one’s role is, a tablet may indeed be sufficient.

What do readers think?  Is anyone using a tablet while their PC gathers dust?

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Express Consent CASL app

Check out this new iPhone app (Android app coming soon) that helps solve the CASL problem of getting and proving you have consent to send email to people that you have just met, such as at a networking event.

Sometimes when legislation like CASL comes in like a freight train, it gives rise to opportunities for entrepreneurs and problem solvers.  This is an example of an innovative solution to help solve some of the difficult challenges that CASL brings.

(Disclosure – this was developed by a client.)

Simple is not easy

Have you ever used an app – whether on a phone, tablet, or desktop, and found them lacking?

Developers creating app versions of existing desktop software or online services face a dilemma. Apps are generally slimmed down versions of the original as they need to be used on touch interfaces, and the code needs to be smaller.

So app developers need to decide what features are important, how the app might be used differently in that context, and what can be left out.  Even though desktop software is often bloated with features that are rarely used, deciding what to leave out is not easy.   With computer code, similar to drafting contracts, simple is good but not easy.  Sometimes things are left off that are missed by some users or that drive users nuts because they spend so much time trying to figure out how to do something that is missing.

I recently found, for example, that the Windows metro Dropbox app won’t let you select more than 1 file at a time to download.  That’s a real pain if you are trying to download a couple hundred photos.  I’ve also noticed that the OneDrive app doesn’t let you access OneDrive databases other than the one linked to that computer.  And seen weather apps with reduced information.

This is a factor that makes some people lean towards HTML5 websites vs apps.

Cross posted to Slaw.

harrisonpensa.com/lawyers/david-canton

CASL now in force

You may be tired of hearing about CASL, and tired of getting the consent requests that people were sending out before July 1.  The pre July 1 scramble was done because sending an email to request consent is now itself considered spam.  But we may still see requests, which can be sent if the recipient fits into one of the exceptions.

In hindsight, I wish I had kept track of the number of consent requests I got, how many of those were not technically compliant with CASL, and how many were from entities I’d never heard of that were just trolling for contacts.

There are uncertainties over the interpretation of many parts of CASL, but it can’t be ignored.  Businesses need to do the best they can to comply and demonstrate diligence.  CASL compliance will be an iterative process over time as the interpretation hopefully becomes more clear. While the CRTC will no doubt focus on real spammers, anyone can complain, and you never know who they might choose to make an example of.  Don’t set yourself up to be that example.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw

CASL hits next week – are you ready?

CASL – Canada’s new anti-spam legislation – becomes law on July 1.  It is a sledgehammer to kill a fly approach to spam that requires attention by almost every business and not for profit.  In my view, the significant amount of time, effort, and money that it will take for legitimate businesses and not for profits to comply with the act will come nowhere close to justifying any meagre benefit.

Many business have complied, many are just waking up to it now, and many are ignoring it.  It doesn’t help that the act has a broad definition of spam that goes way beyond the drugs, diets and deals emails that the average person would consider spam - then picks away at it with a myriad of convoluted exceptions.  Many can’t believe that such an act was passed in the first place.  But CASL is not going away any time soon.  At some point someone is going to take a run at the constitutionality of it – but that could take years.

Given the significant potential sanctions for non-compliance, resistance is futile.

If you have not taken steps to comply yourself, do it now.

When you get an email requesting consent, do the sender (and yourself) a favour and grant your consent if it is something you want to keep getting.  If the email is for something you don’t want, or from someone you have never heard of before that is trolling for new contacts, consider unsubscribing instead of just ignoring it – ignoring it is not the same as unsubscribing.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw.