Outsourcing and cloud computing service engagements are fraught with financial, security and other risks, especially if dealing with an unproven service provider. Obtaining a third party assurance report with respect to a service provider’s internal controls can provide some comfort. However, customers are often confused about what kind of assurance report they should obtain.
Canadian Standard on Assurance Engagements 3416 (CSAE 3416), Reporting on Controls at a Service Organization, is the Canadian accounting standard for reviewing and reporting on controls at a service organization. It is issued by the Auditing and Assurance Standards Board (AASB) and is equivalent to the Statement on Standards for Attestation Engagements (SSAE) No. 16, which is the standard in the United States, and is substantially similar to the International Standard on Assurance Engagements (ISAE) No. 3402. Continue Reading
The Supreme Court of British Columbia recently confirmed that there is no common law tort of invasion of privacy in that province. This is in contrast to an earlier decision from the Ontario Court of Appeal which accepted such a cause of action.
In January, 2012, the Ontario Court of Appeal released Jones v Tsige, in which it held that there is a tort of invasion of privacy in Ontario. Sharpe JA, writing for the court, canvassed jurisprudence from the US and Commonwealth countries and determined that, to reflect the technological changes of modern times, there must be a tort of invasion of privacy or “intrusion upon seclusion.” Sharpe JA adopted the elements of the cause of action from The American Law Institute’s Restatement (Second) of Torts (2010):
- the defendant’s conduct must be intentional or reckless;
- the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and
- a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. Continue Reading
At McCarthy Tétrault’s 3rd Annual Technology Law Summit, Charles Morgan, Barry Sookman, George Takach (all of McCarthy Tétrault) and John Chang of PricewaterhouseCoopers were featured in the Innovation in Outsourcing panel. Top takeaway tips from the session include:
Do your Diligence: You would never buy a company without performing comprehensive diligence first, and you should take the same approach to signing an outsourcing contract. Diligence ought to be thorough and rigorous – go to the facility where your data will be stored and ask tough questions about network latency, data security, service levels, technical infrastructure and privacy.
Pay for the Best: Ensure that the very best people are assigned to you. Good people are worth paying for, and will be critical in determining the success of any outsourcing arrangement. Continue Reading
As discussed in the November 9, 2012 post, Supreme Court Invalidates Pfizer’s Blockbuster VIAGRA® Patent, the Supreme Court of Canada struck down Pfizer’s blockbuster VIAGRA® patent (the “‘446 Patent”) on the basis of insufficient disclosure: see Teva Canada Ltd. v. Pfizer Canada Inc., 2012 SCC 60.
In a curious twist, the SCC declared the ‘446 Patent “void”, despite the case being brought under the Patented Medicines (Notice of Compliance) Regulations (“PM(NOC) Regulations”). However, on June 4, 2013, the SCC granted Pfizer’s rare Rule 76/81 Motion, varying this controversial aspect of its judgment to clarify that it had found Teva’s invalidity allegation justified, as opposed to declaring the ‘466 Patent invalid: see Supreme Court of Canada’s Order on Motion to Vary Pronouncement / Order, and for Re-Hearing dated June 04, 2013.
Importantly, any confusion and worry caused by the SCC’s original judgment as to whether patents can be suddenly voided by the Federal Court under the scheme of the PM(NOC) Regulations is now over.
Pfizer’s story highlights an important distinction that all patentees of pharmaceutical products need to be aware of. Continue Reading
The Liberal government in Ontario has introduced significant new amendments to its health privacy legislation, the Personal Health Information Protection Act (PHIPA).
While there are many important aspects to the new legislation, one key aspect involves significant new responsibilities imposed on “prescribed organizations” or “PO”s in the proposed amendments to PHIPA. Sections 55.1 and 55.12 of the proposed amendments appear to contemplate a process by which Lieutenant Governor in Council may regulate the organizations responsible for “creating or maintaining [an] electronic health record”. A definition in s. 55.1(1) suggests that this means to:
- administer, create, integrate, manage, maintain or service an electronic health record (a “record”)
- conduct data quality assurance activities on PHI provided to a PO; and
- conduct analyses of PHI in the record in order to provide alerts and reminders to health information custodians for their use in providing health care to individuals. Continue Reading
On May 29, 2013 Justice O’Reilly of the Federal Court dismissed Bayer PM Notice of Compliance (NOC) proceeding against Cobalt. The issue before the Court was whether Cobalt’s proposed generic product would infringe a single claim (claim 13) in a Canadian Bayer patent to drospirenone, an active ingredient in Bayer’s YASMIN contraceptive. The Court determined that Cobalt’s non-infringement allegation was justified. For the full written decision see: Bayer Inc. v. Cobalt Pharmaceuticals Company 2013 FC 573. Continue Reading
On May 23, 2013, the Office of the Privacy Commissioner of Canada (the “Privacy Commissioner”) has released a position paper (“Position Paper“) calling for substantial changes to the Personal Information Protection and Electronic Documents Act(“PIPEDA”).
The Privacy Commissioner argues that PIPEDA is currently insufficient to meet the challenges posed by the advent of technology that allows organizations to collect, use, and disclose an unprecedented amount of data which include personal information (“Big Data”). Big Data poses challenges both with respect to the security of Canadians’ data, and the manner in which entities use that data (especially businesses looking to use that data to increase their earnings). Continue Reading
At McCarthy Tétrault’s Toronto Technology Law Summit, Bram Abramson, Daniel Glover, James Archer, Bob Nakano, Pat McCay, Naseem Malik, and David Tait, were featured in the Six Minute Lawyer panel. Each lawyer provided brief updates on a variety of topical and timely tech law issues, ranging from the regulation of commercial communications to tax issues.
Unsolicited Telecommunications Rules
Bram Abramson provided an overview of the CRTC Unsolicited Telecommunications Rules (“UTRs”), which are overseen by the Commission’s Compliance and Enforcement Section. These rules cover unsolicited phone calls or faxes for the purpose of solicitation. The most well-known feature of the rules is the National Do Not Call list, however they also include requirements for each organization to maintain its own internal Do Not Call list, as well as rules relating to the use of “Automatic Dialing-Announcing Devices” (“ADADs”, also known as “robo-callers”) and rules of conduct which govern the content and conduct of telemarketing calls. Continue Reading
In a judgment pronounced on May 10, 2013, Justice O’Reilly of the Federal Court of Canada, granted Apotex’s claim against Pfizer for section 8 damages under Canada’s Patented Medicines (Notice of Compliance) Regulations, SOR/93-133. The sole issue before the Court was whether Apotex had a valid claim to damages. The amount is to be determined in a subsequent proceeding. For the full written decision see: Apotex v. Pfizer Canada Inc., 2013 FC 493.
The section 8 claim arises out of a failed prohibition proceeding. In early 2000, Apotex sought approval for its generic version of ZITHROMAX (azithromycin), a significant anti-infective drug product marketed by Pfizer. In response, Pfizer brought an application to prohibit Apotex from entering the market. Apotex alleged that its generic version of the drug would not infringe on Pfizer’s patent. Justice Snider agreed with Apotex and held that there was no infringement and dismissed Pfizer’s prohibition proceeding: see Pfizer Canada Inc. v. Apotex Inc., 2003 FC 1428. Continue Reading
In Part 1 of this blog series on digital advertising, we canvassed the disclosure rules in light of the recent the U.S. Federal Trade Commission’s recent publication, “.com Disclosures, How to Make Effective Disclosures in Digital Advertising”. In Part 2 of this blog series, we will set out some tips and guidelines to assist businesses in complying with the disclosure rules and avoid falling afoul the FTC.
Entities conducting business online in the U.S. ought to consider whether its advertising meets these guidelines:
- Prominent and Unavoidable: Disclosure should be at least as large as the related claim and should be in a colour that contrasts with the background. In some cases, graphics may help make the disclosure more prominent. Keep in mind that viewers will see the advertisement on a variety of devices, so websites should either be designed so that the disclosure is clear and conspicuous regardless of the type of device, or a mobile-specific website could be created. Continue Reading