Red Tape Awareness Week

January 19-23 is the CFIB’s (Canadian Federation of Independent Business) 6th annual Red Tape Awareness Week.

During the week the CFIB will make several announcements, starting off by announcing the winner of its annual Paperweight Award, citing the most egregious example of government red tape on small businesses.  My guess is that CASL will win that.

My personal view is that government does a better job of talking about reducing red tape than actually accomplishing it.

(Cross posted to Slaw.)

Websites need to be legal

For the London Free Press – October 28, 2012

Read this on Canoe

Everyone expects a business to have a website. Not every business needs a complex interactive platform similar to Amazon. In many cases, a two-page static website from a do-it-yourself blog platform is more than adequate to meet a business’s needs.

Here are legal issues to keep in mind when creating your web presence.

Own your domain name: Domain names — such as — are often registered by an advertising agency, web designer or IT provider for one of their customers. They should be registered in their customer’s name, but often register it in their own name because it is easier, intending to transfer it later. That transfer is often forgotten.

Domain names are valuable property, and should be registered from the outset in the business’s name. The domain-name registrant has control over the website at that domain, including the ability to stop email, change the website and the domain account, even sell the domain. That’s a recipe for disaster if there should ever be a problem.

Make sure you have the rights to use all website content: Technology makes it easy to copy video clips, music, graphics, and text into your website. Regardless of the ease of doing that, you do not have the legal right to copy and use published content without the owner’s permission. Using the material of others without permission can result in an expensive copyright fight, and merely taking it down after a demand is not enough to end a damage claim. Take advantage of low-cost or no-cost sources of photographs intended for commercial use. And if you hire someone to create your website, get the actual files from them, and make sure you have an agreement with them that transfers ownership.

Think about global reach: Websites can be seen from around the world. You may not, however, want to, or be able to, sell your products or services everywhere. Reasons can range from professional regulation to shipping costs to product labeling and language issues. Care must be taken to either make it clear where you can sell your goods or services, or to give yourself the ability to refuse to provide your goods or services where you can’t or don’t want to provide them. 


Top 10 Legal Issues When Taking Your Business Online

Today’s Slaw post

I presented today at the London Bridges to Better Business conference on the top 10 legal issues when taking your business online, along with colleagues Mana Khami and Mike Mumby who presented on other top 10 legal issues. I thought Slaw readers might like to see the slides.

David Canton online business

Mana Khami top 10 – employment

Mike Mumby top 10 business



Employers need to control corporate domain names and social media accounts

My latest Slaw post:

I sometimes help clients wrestle back domain names and corporate social media accounts from disgruntled ex-employees or other unfriendly parties. All businesses and organizations should keep in mind that these are valuable assets. It is important that they are registered in the business name, and not that of an employee or service provider.

And if use or control of those accounts resides in an employee who is about to become an ex-employee for whatever reason, make sure that control is passed back at the time the employee leaves.

Otherwise, the disgruntled person with control of those can lock you out, prevent your use, take down your web site, cripple your email, publish embarassing things, and make you spend time and money to recover control.

Expect focus on virtual wallets in 2012

For the London Free Press – January 9, 2012 – Read this on Canoe

Here are some tech developments to look out for in 2012.

The proposed amendments to Pipeda, the Canadian federal-privacy legislation, will be passed. Several of the amendments are long overdue, and will give some practical relief to business, without any compromise to personal privacy.

The change with the most visible effect will be the requirement for a business that experiences certain privacy breaches to report the breach to the privacy commissioner or to the individuals whose information may have been compromised.

The federal anti-spam legislation expected to be in force in 2011 is still waiting for regulations to be passed before coming into force.

The draft regulations received a lot of criticism, and may be revised prior to the act coming into force. The act will be a compliance headache for many organizations, unless the regulations effectively narrow the broad definition of spam.

The act is intended to provide tools to stop what we all understand to be spam. But the act defines spam to include e-mails that many businesses or charities routinely send that the recipients probably would not consider to be spam.

The smartphone and tablet revolution will continue. Whether you are a fan of Apple, Android, or Windows Phone 7 (yes, Microsoft is still in the phone game with a new operating system that has been favourably reviewed), there will be new choices to buy. This always-connected, location-aware, augmented-reality world will lead to challenges to privacy, advertising and business models.

We will start to hear more about digital wallets and near-field communications (NFC). Our smartphones will eventually become our wallets and credit cards, allowing us to pay at stores like a tap-and-go card.

North America lags behind other parts of the world in near-field communications, but expect to see more phones with this ability on the market this year. There is some speculation there could be some near-field communications wallet promotion around the Olympic Summer Games in London, England.

The players in this field may extend beyond the traditional banks and credit-card companies. Companies such as Google and cellphone carriers are trying to get a part of this business. If we have choices, we need to watch to ensure we get the same protections for lost or compromised phones as we now get for lost cards.

Another buzzphrase we will hear more is “the Internet of things.” Sensor technology, and electronics in general, are becoming more pervasive and cheaper. So in addition to connecting to people and websites on the Internet, we will increasingly be able to connect to things such as our home thermostats and appliances. At the same time, voice control and gesture control will lead to new ways to interact with our devices.

Smartphone revolution – ignore at your peril

That we are in the midst of a huge change in the way we communicate in our work and personal lives is no revelation.  But I think many of us don’t realize how rapidly this change is happening, and the many ways it will affect us.

It is a combination of things like mobile access, handheld computing power, inexpensive apps, cloud computing, location awareness, and social media.

Consider this: mobile devices are outselling PC’s, and digital media is equal to television in importance amongst ad executives. 

The explosion of smartphones and tablets enables us to get information about almost anything immediately wherever we are.  And to provide information to others just as quickly.  Tools like Google Goggles and Siri can do that by simply taking a picture of something, or speaking into our phones. (And really, the “phone” part of our phones is dwindling in importance to the rest of their features.)

All businesses and organizations should be thinking about how this is now affecting  them, and how it will affect them in the future – both in how it will challenge their current business models, and how they can use it to their advantage. 

And don’t forget to think about who your competitors will be.  For example, who is going to own the mobile payment space?  It might be the banks and credit card companies – but it could be telcos or Google.

It also raises interesting legal issues – like who owns the movie rights to a crowdsourced story, and how do privacy rights tie in with location aware services?

The one certain thing is that we ignore this revolution at our peril.

Get your Twitter handle before someone else does

That’s the title of my Slaw post for today.  It reads as follows. had a story yesterday about a Humber College professor named Tom Green who uses @tomgreen as his twitter name. Fans of comedian Tom Green have been campaigning him to give his twitter name to Tom Green the comedian, who uses @tomgreenlive.

While it is an amusing story, and professor Tom Green has every right to keep his twitter handle, there is a lesson here.

Even if you are not a social media fan, and you don’t have an immediate desire to tweet or update your facebook status, it is a good idea to at least register your name on twitter, linkedin, and facebook before someone else with a similar name does. Or before someone else who has an axe to grind with you registers it.

Anyone starting a new business, or creating a new brand should look at social media availability. The usual corporate name searches and trade-mark searches may not be enough for a business or brand that wants a social media or web presence. And let’s face it, every business or brand that has customers or deals with the public should.

So when making name and brand decisions, see if the corresponding domain names and social media names are available, and lock those down immediately. If they are not available, then you might want to reconsider the business or brand name. It costs nothing or next to nothing to do – but the cost of not doing it could be significant.

Company laptops now private affair

For the London Free Press – May 30, 2011 – Read this on Canoe

The recent Ontario Court of Appeal decision in R v. Cole establishes that employees have a reasonable expectation of privacy in the personal use and contents of their work-provided laptop computers.

The case involved a Sudbury high school teacher whose work-provided laptop was investigated by a school board computer technician after a higher than normal amount of network use was noticed. The technician accessed the content on the teacher’s laptop through the school server and found sexually explicit images of a student on the hard drive. The school obtained the laptop and turned it and two discs over to the police who searched both without a warrant and charged the teacher with possession of child pornography and unauthorized use of a computer.

The Court of Appeal ruled that the teacher had a reasonable expectation of privacy in the personal use of his work laptop and in the contents of his personal files on the hard drive. Even though the laptop was owned by the school board and issued for work purposes, the court found that a reasonable expectation of privacy existed.

The Court of Appeal ordered a new trial and that certain of the evidence obtained without a warrant could not be used.

While this decision is regarded by some as a game changer for employee privacy rights, its real impact may be limited by two significant factors. First, the court’s finding of a reasonable expectation of privacy was based on specific facts which may not be typical of all workplace situations. In Cole, the teachers were provided with laptops for use in teaching but they were also explicitly allowed to use the laptops for personal use.

Second, the impact of the decision is tempered by a finding that the teacher did not have an expectation of privacy with respect to access to his hard drive by the school board’s computer technician for the limited purposes of maintaining the technical integrity of the school’s information network and the laptop.

While some commentators are heralding this decision as a significant change in the law, it really doesn’t stray far from conventional wisdom. It may, however, make employers more cautious in how they treat their employees’ personal use of work technology. For those employers who have not implemented a comprehensive technology use policy, this decision should be the impetus for them to do so.

Anti-spam Act – bill C-28 – how it might affect you

That’s the title of my Slaw post for today.  It reads as follows:

The anti-spam bill – Bill C-28 – was recently passed, and is expected to be in force sometime later this year.

If you think it won’t affect you because you don’t send mass emails trying to sell random products, and don’t infest other people’s computers with spyware, you would be wrong.

It applies to the sending of commercial electronic messages that many of us would not consider to be spam.  An email to just one person that you consider a potential customer or client who you met at an event may fall into the prohibitions.  And it applies to other forms of electronic communications, such as instant messages, and various kinds of social media.

It can also apply to software updates in certain circumstances.

So while the intention is to control what we all understand as spam and spyware, it has the potential to affect many things that we may not intuitively consider spam or spyware.  Similar to privacy legislation, this Act will no doubt lead to situations where our first reaction is to label it spam or spyware if we receive it, but not consider the same thing spam or spyware if we send it.

There are details that will be covered in yet to be drafted regulations.  Personally, I would like to see some kind of volume threshold where it is deemed not to be spam if it’s a targeted message sent to a small number of individuals.

Until we see the regulations, it is going to be hard to give specific advice to a typical business or organization as to what they must do to comply.  Many things that could potentially affect a typical business fit threshold situations that might result in a different answer depending on the regulations.  The penalties are significant, so it’s not legislation to be taken lightly.  Remedies include fines of up to $1,000,000 for individuals, $10,000,000 for others, and private rights of action.

Some things are “reviewable conduct”, meaning that it is subject to the investigatory and order making powers of the Privacy or Competition Commissioners.

The act is long and complex, and includes amendments to four existing acts – the CRTC Act, Competition Act, PIPEDA, and Telecommunications Act.

Directors and officers can be personally liable if they authorized or acquiesced in the offence.  Employers are vicariously liable for the actions of their employees acting within the scope of their authority.

While we await the regulations, here are some things to ponder for those who don’t consider themselves spammers.

The act starts with a broad definition of “commercial electronic message”, and says that you can’t send them unless it fits within a specific exemption.  One of the keys will be to figure out what the boundaries are of “commercial activity”.

“Electronic message” is broadly defined to include a message to email, instant message, phone, or “any similar account”.  That could include things like a twitter direct message – but I would think not a general tweet to people who choose to follow you.

In some circumstances you can send the message, but must include accurate information about the sender, and a way to opt out of future messages.

It is not spam if the recipient consented to receive the message.  The Act has extensive provisions defining what amounts to explicit or implicit consent.  It includes things we might expect, such as on ongoing business, personal or family relationship – some of which have two year windows.  Also exempted are messages to those who publish their address or have provided you with their address – so long as the message is relevant.  I suspect that means that since my email address is published on our firm web site and other places, you will be able to email me with anything relevant to the practice of law – but you won’t be able to email me trying to sell me a trip.

Or if I hand you my business card, the same applies.

It is up to the sender to show that they have consent if there is a complaint.  So will we need to track that to be safe, i.e. somehow track that you got my address from our web site, or the card I handed you?

Directors and officers personal liability will be tempered if they can show diligence.  Since almost everyone in an organization routinely sends email, tweets, etc., organizations may want to set up policies and training programs to educate employees and reduce potential corporate, director and officer liability.

Exemptions for an “existing non-business relationship” includes donations, volunteer work, or memberships – with a two year window.  Charities will need to review these provisions carefully, as they will affect how they approach prospective donors and volunteers.

One example to think about is a press release.  Those sending a press release will need to think about the purpose of the release, and who is on the email list.  Is it being sent beyond traditional news services?  Does the fact that a recipient has published their email address on their firm’s website mean that they can or cannot get the release depending on the content of the release?  Does the fact, for example, that my email address is listed on my newspaper column mean I can be sent emails that could not be sent if my address was only on our firm web site?  Does it make a difference that I may be listed somewhere on a list of journalists because I write a newspaper column?  Are bloggers considered the same as journalists?  Does it make a difference if my address is disclosed on various social media platforms, such as Facebook, LinkedIn, Twitter, or .tel?  

Am I restricted from sending personalized individual emails to a handful of influential people active on social media who I hope will spread whatever message I want to get out?  Am I going to have to analyse each recipient to see how close or distant a connection they have under the exemptions, or how their email address has been published?

Will the answer be different if I send it to them as direct message on twitter, rather than by email?

How will senders possibly track all this, or find the time to do so?

Those creating and selling software will need to consider how this affects them.  The Act adopts the broad definitions of “computer program” and “computer system” from the criminal code.  It thus applies to any electronic instructions that execute to perform a function, on any device capable of executing them.  That would include phones and tablets.  And since almost everything includes some kind of computing power these days – might some of these provisions affect things such as PVR’s or cars?

The Act has provisions that affect software that collects personal information.  Certain functions will require specific permission, such as anything that changes or interferes with settings, interferes with a user’s control, or causes it to communicate with another computer.  Consider, for example, how that might apply to software that is licensed for a specific term that automatically stops working at the end, or allows the vendor to cripple it for non-payment.

Software vendors may have to amend their EULA’s to comply.  And some circumstances will require specific permission with full disclosure before the change can be made, regardless of the contents of a EULA.  So software vendors will have to think through how their software works, how the Act might come into play, and what permissions are required. 

Another thought for software vendors is whether changing from a traditional installed software model to a hosted SAAS or cloud model will avoid some of these issues.

Stay tuned for more as the regulations are drafted and we come to grips with the ramifications.  There will no doubt be a lot written about this over the next few months, as well as educational opportunities.

Alberta Court of Appeal wrongful dismissal decision

Michael Fitzgibbon has a good article summarizing a recent case in which the court made some very clear comments on various aspects of damage awards for wrongful dismissal on his Thoughts from a Management Lawyer blog. Its a worthwhile read.

Even though I’ve used the common term “wrongful dismissal” – the court points out that there is no such thing.   Either employer or employee can end their arrangement at any time for any reason.  The real issue is how much notice must be given. 

I guess we will have to come up with a new term to replace “wrongful dismissal” – how about “insufficient termination notice”.