snIP/ITs

Insights on Canadian Technology and Intellectual Property Law

Hot Off the Press – Canadian Contractual Interpretation Law: A New Edition

By McCarthy Tétrault LLP on Posted in Contracting/Outsourcing

The second edition of Canadian Contractual Interpretation Law, by Geoff Hall, has just been published.

The book is the only text focused on contractual interpretation under Canadian common law and the new edition includes commentary on contractual interpretation under Quebec civil law. As such, it is a helpful resource for commercial lawyers who are responsible for drafting contracts; litigators who deal with contractual interpretation disputes; and judges and arbitrators who hear such cases.

The second edition includes a discussion of the new test for the interpretation and application of exclusion clauses set out by the Supreme Court of Canada in Tercon Contractors Ltd. v. B.C. (Transportation and Highways). This section will be of particular interest to in-house counsel in the tech space as well as sourcing and procurement professionals.

Geoff is a senior commercial litigator at McCarthy Tétrault, a University of Toronto adjunct professor who teaches contractual interpretation and a contributing blogger to the Canadian Appeals Monitor.

Further information may be found on McCarthy Tétrault’s website and the book is available for purchase on LexisNexis’s website.

Tech Law Summit Recap – Navigating the Cloud: Tips & Tricks

By Roland Hung on Posted in Contracting/Outsourcing

Cloud computing is fast-emerging as an efficient and low cost alternative to more traditional information technology (IT) solutions. It enables a business to outsource its IT requirements to a specialist service provider who can provide required services in a more efficient and cost effective manner and allows a business to focus on its core competencies. However, cloud computing also comes with legal and business risks that need to be managed. Some of the oft-cited issues with this model surround security, confidentiality, performance as well as data location, access and retention.

At McCarthy Tétrault’s Toronto Technology Law Summit, partners George Takach, Matthew Peters, John Boscariol, and salesforce.com’s Shanti Ariker discussed customers’ concerns with cloud computing and provided some tips on how to successfully navigate the cloud:

  • Understand the offerings – Cloud computing runs the gamut from “public” models (i.e., sharing of infrastructure with the general public) to “private” models (i.e., dedicated infrastructure). There are also hybrid models such as partial shared clouds. The risks of the cloud are more or less a function of the degree to which the infrastructure is abstracted and shared. There are also different service models to consider:
    • infrastructure as a service (IaaS) – virtual servers that are available on demand
    • platform as a service (PaaS) – development platforms that allow third parties to create their own application
    • software as a service (SaaS) – web-based replacements for desktop applications (like salesforce.com)
  • Assess your situation – What services are you looking to buy? Where are you in the service model stack? What’s the size of your buy? The answers to these questions will impact your ability to negotiate terms and conditions with cloud providers. If you are considering a standard offering in a multi-tenant environment, you may not be able to negotiate terms. In that case, you need to determine whether you can live with what you get.
  • Dip your toe – To get comfortable with the cloud model, try a proof of concept with non-core functions. Mission-critical applications or applications involving highly sensitive data are probably not the best place to start.
  • Know your regulatory requirements – What statutes and regulations do you need to comply with? This will depend in part on where you operate your business and what type of data you collect. If you have personal information from your customers that will be hosted or processed in a country other than Canada, Canadian privacy law requires that you comply with some notification and other steps to move their data to a foreign country. And, in BC, the public sector is prohibited from transferring data to the US. (To read a more detailed analysis of cloud computing and privacy issues, see our related post on this topic). For financial institutions, there are additional requirements prescribed by OSFI.
  • Drill down on location – While the cloud is premised on taking geography out of the equation, geography is still an important issue for export controls and economic sanctions. You can trigger violations if your data passes through or is accessed in certain countries. Your cloud provider may not be able to tell you which data centre your data will reside in, but it might be able to let you know in which countries or regions you data will – or will not – be located. Further, if your data or software is controlled, permits will be required for any transfers from Canada. Careful screening of the locations and entities involved is required as failure to comply with export controls and economic sanctions can result in significant financial and reputational costs. 
  • Check for compliance – Check to see what certifications the provider has (e.g., ISO 27001) and whether it has passed audits by third-party assessors (e.g., SAS 70). Also, understand how the cloud provider is measuring compliance with their security obligations and whether their approach will meet your requirements.
  • Think short-term – George noted that there is expected to be a huge investment in cloud R&D over the next 12-24 months and Matthew predicted that terms will likely become more standardized over time. In the circumstances, now may not be the time to lock into a long-term contract.
  • Watch for carve-outs – Cloud providers will have obligations under the agreement for performing at certain service levels (like uptime), but those obligations are much less meaningful if there are numerous caveats attached. Likewise, it’s important to review the indemnification provisions around intellectual property to ensure they are appropriate.
  • Plan your exit – Review the termination, transition and business continuity provisions in the service agreement before you sign and create a plan for the termination of the cloud service (as George said: “contemplate the divorce before the marriage.”) Among the items that customers need to consider are:
    • How long will information uploaded into the cloud stay in the cloud after the agreement terminates? Is that enough time for you to successfully transition your data to another provider?
    • What are the termination charges and data ownership provisions and are they appropriate? 
    • What format will your data will be returned to you and will that work for your organization?

Cloud Computing and Privacy Issues: Implications for Businesses

By Roland Hung on Posted in Contracting/Outsourcing, Privacy, Regulatory Compliance

Due to cloud computing’s borderless and infinite storage potential, vast amount of information can be collected and stored. However, the accumulation of personal information in the cloud increases the risks and impact of unauthorized access to the information, whether through security or data breaches. This risk is compounded when the data is transferred outside of Canada where the information is subjected to the laws of the foreign country.

Storing or Transferring Data Outside of Canada

Where personal information is transferred to a foreign third party, that information is subject to the laws of the foreign country and no contract or contractual provision can override those laws. Of some concern has been the US Patriot Act, that would give the US government access to data stored in the US. For this reason, the Privacy Commissioner of Canada has issued the following guidelines:

  1. Canadian-based organizations are obliged to ensure a comparable level or protection when storing or transferring data outside of Canada. This means generally having a contract or contractual provision in place to protect to the extent possible the confidentiality and security of the personal information while in the hands of the foreign service provider;
  2. Depending on the sensitivity of the personal information, organizations should notify individuals, that their information may be stored or accessed outside of Canada and of the potential impact this may have on privacy rights; and
  3. Organizations should be transparent about their handling and security policies and practices involving personal information stored or transferred outside of Canada.

Alberta and British Columbia go beyond voluntary notification. In Alberta, it is mandatory for organizations to notify individuals before transferring personal information to a foreign service provider. And in British Columbia, if the organization is in the public sector, transferring personal information to a foreign service provider is prohibited. 

Security Breaches in the Cloud

Organizations should ensure that their service providers use reasonable safeguards to protect personal information from security breaches. Safeguards should be appropriate to the sensitivity of the information. In the unfortunate event that a breach does occur, it is important to ensure the service provider will cooperate with your organization to satisfy any regulatory requirements, such as any breach notification requirements.

Currently, only the Alberta privacy legislation requires mandatory breach notification in the private (non-health) sector. However, the Federal government appears intent on following Alberta’s lead, recently introducing a bill to amend the federal private sector privacy legislation, Personal Information Protection and Electronic Documents Act (PIPEDA), to include a breach notification requirement. Thus, it is prudent to include provisions addressing notification in the event of a breach when negotiating a service agreement with a cloud provider.

Checklist for Negotiating with Cloud Service Providers on Privacy Issues

In selecting a cloud service provider, here are some questions you might wish to ask related to privacy issues:

  1. Under what circumstances can the service provider use your data?  Ensure that it is only for the purposes for which your organization’s obtained consent.
  2. Is your data to be held “in trust” for the customer?  Your data should be your data.
  3. In what circumstances is the service provider permitted to disclose information without your organization’s consent?  It should be only in very limited specified circumstances.
  4. What happens if the service provider discloses information without your consent – do you have a remedy? Consider including a liquidated damages provision for any disclosure without consent – it is often difficult to quantify the harm resulting from the disclosure of information.
  5. Is the service provider under a requirement to resist, to the extent lawful, an order to disclose information without your consent?
  6. Is the service provider under an obligation to cooperate with your organization in any regulators’ investigations (i.e., Privacy Commissioner) and to not deal with any regulators related to your information without your organization’s participation?
  7. What security safeguards does the service provider have in place?  Which standards does the provider meet?  How often is it audited and by whom? 
  8. Are the confidentiality, security and privacy undertakings suitable?  Those should be excluded from the general limit of liability  or if not completely excluded, at least breaches of those provisions should attract a higher liability limit from the supplier.
  9. Does the service provider have different classified data restrictions with corresponding safeguards?
  10. Where is your data going to reside? This is particularly important to understand if your business is in a regulated industry.
  11. What happens to your data on termination? What is the service provider’s obligations when the agreement terminates?  When the data is deleted, it is it really gone?  What is the transition out process?  Is the migration path workable, should you decide to change service providers?
  12. If your business receives a withdrawal of consent, how will the provider deal with that?
  13. Will you be able to provide an individual with access to their data on request?

Confidential Information Considerations

A final pearl of wisdom in addition to the above, is that PIPEDA and the other similar provincial statues speak only to information about personal information, that is information about an “identifiable individual.” These statutes have no application to non-personal business information such as trade secrets, business plans, financial reports, and other confidential information, and the way to protect the confidentiality of the non-personal business information is through provisions in the Service Agreement. However, many of the concepts addressed in PIPEDA, such as consent, security, and due diligence, would apply equally to non-personal confidential information.

Organizations will want to consider many of the issues raised in this post when entering into a service agreement with a cloud service provider whether the information provided is personal or non-personal information.

Tech Law Summit Recap – Hot Topics in Tech and Public Procurement

By James Gannon on Posted in Contracting/Outsourcing
The “Hot Topics in Tech and Public Procurement” panel at the McCarthy Tétrault Toronto Tech Law Summit featured Edward Smythe of Gartner Consulting and McCarthy Tétrault partners David Crane, George Takach and Brenda Swick. The panel was facilitated by Catherine Samuel.

Business Capabilities Sourcing

Edward Smythe opened the panel with an interesting discussion on the increasing integration of IT outsourcing (ITO) services and business process outsourcing (BPO), which have traditionally been distinct offerings. He explained that the combination of ITO and BPO would form into either:

  • a business capability outsourcing service, where the vendor is in charge of supporting both the technology components and the processes that comprise a particular business function, or
  • a platform-based service, where the vendor also provides the applications and infrastructure required to support the business function.

Sourcing process-focused IT solutions have many benefits beyond cost reductions (although these can be substantial), according to Ed. By measuring a vendor’s performance directly in terms of the business outcomes of the business function being sourced, the service levels can more closely tie the price and benefit of the service being performed to the benefit received by the client.

Rather than a traditional service-level model that usually links remedies in relation to the price of the services being provided, the “service levels” and remedies of an integrated business capability outsourcing service can be tied directly to the business impact of any service deficiencies, in addition to technical performance measures.

Telecom Deals

David Crane shared his experience with the attendees on negotiating service agreements with telecommunication providers. David highlighted a few unique aspects of telecom deals including the critical nature of telecom services to most businesses and the rapidly evolving and changing nature of telecom-related technology.

Similar to how consumers are increasingly saving on telecom services through bundling, David also explained how contracting for enterprise telecom services on a consolidated basis – both across the entire customer corporate group and in the scope of services – can create additional negotiating leverage and cost savings. His then gave his top five best practices for telecom contracts:

  1. clearly define the scope of services
  2. set precise service levels and associated failed performance remedies
  3. draft specific flexibility mechanisms to allow clients to take advantage of technological advances
  4. include price protection provisions
  5. negotiate appropriate exit mechanisms

Security, Personnel Continuity and Multi-Vendor Environments

The next panel presenter was George Takach who spoke on three particularly hot issues in tech procurement:

  • Security issues – Recent high-profile cases of data breaches have brought the subject of IT security at the forefront of tech procurement discussions. George stressed the importance of appropriate background checks on vendor personnel and proper co-ordination between the IT security and corporate security departments.
  • Personnel continuity – Frequent staffing turnover is one of the leading causes of disputes that arise in large-scale outsourcing relationships. In order to mitigate negative impacts, outsourcing clients should consider establishing longer-term commitments from key personnel or building in robust training and job shadowing provisions for replacement staff.
  • Multi-vendor environments – Dual and multi-track negotiations are becoming more common on large scale procurement deals. Vendors should allow clients to be flexible in adopting multi-vendor solutions and clients should consider including a contractual commitment that requires collaboration between providers of different components of an overall technology solution.

Public Procurement and Anti-Corruption Risks

Brenda Swick closed off the panel with a discussion of trends in public procurement. She noted that recent treaties have opened up government procurement opportunities internationally for Canadian providers, however this also means greater competition is being faced at home. Brenda then provided an overview of procurement treaties and agreements that may impact domestic providers, both at the international level (NAFTA, WTO, AIT, CETA) and at the interprovincial level (TACOP, NWPTA).

From a government entity’s perspective, the challenge lies in knowing which agreements will have an impact on that entity’s procurement goals and adapting the bid review mechanism to ensure compliance with these new regimes. Providers also need to be aware which agreements apply to their prospective public clients and understand the obligations and recourses available under these regimes. A better understanding of how these multilateral agreements operate is essential for all involved in the bidding process to avoid potential corruption risks.

Tech Law Summit Recap – Trends in Tech M&A and Tips for Sellers from a Strategic Buyer

By Ryan Prescott on Posted in M&A/Finance

During the Tech M&A/Corporate Finance panel at McCarthy Tétrault’s second annual Toronto Technology Law Summit, Ian Palm shared the results of a study into trends and opportunities in the Canadian M&A market, including trends in deal volume, value, geographic origin, and sector. Four of the key takeaways from the study were:

  1. Canadian M&A activity in the technology sector, particularly in the mid-market, continues to be robust despite challenging economic times.
  2. The “nuclear winter” experienced in recent years by venture capital in Canada is showing signs that it is beginning to thaw.
  3. Cash rich tech companies are looking for ways to innovate through acquisition.
  4. US companies involved in a war for talent are looking to the talent pool in Canada in certain sectors.

Vanessa Grant followed Ian and reviewed current trends in M&A deal terms (including changes to earnouts, escrow periods, price adjustments, indemnifications and material adverse change provisions).

RIM’s Group Lead, Mergers & Acquisitions, Philip Kurtz, shared his take on tech M&A from the buyer’s perspective, responding to concerns frequently expressed by sellers. For sellers who want a fast closing, Phil recommended:

  • Bring experienced counsel to the table who know when to make a stand and when to keep the deal moving.
  • Tie your banker’s fee to a success measure, not a finder’s fee.
  • Have a plan and start populating the data room ASAP.
  • Review the rights of your investors early and in advance of the deal.
  • Bring the right people from within your organization to the negotiation table.

As to assertions that terms are not “market,” Phil observed that:

  • Each deal has its unique characteristics and sellers should consider the unique elements that are important to your particular strategic buyer.
  • Sellers can’t expect to renegotiate the letter of intent (so they should read it carefully and thoughtfully and consider all of its deal terms before moving forward).
  • Sellers should focus on liability baskets and caps instead of getting bogged down on qualifiers for each and every representation and warranty.

For sellers seeking closing certainty, Phil said sellers should keep in mind that:

  • Material adverse change clauses are rarely invoked.
  • Planning and expecting to deal with employee transition issues will often go a long way to satisfying closing conditions.
  • Buyers are also heavily invested in making sure closing conditions are met or overcome.

Lastly, Cheryl Slusarchuk discussed when working to complete transactions as part of a consortium. She shared wisdom and war stories based on her experience assisting RIM in their recent acquisition of Nortel Patents as part of the “Rockstar” consortium along with Apple, Microsoft, EMC, Ericson, Sony, and Oracle.

2012 should prove to be another interesting year in Canadian tech M&A and financing, and we’ll be watching these trends to see their impact in the coming year.

Tech Law Summit Recap – Outsourcing Challenges and Trends

By Rish Handa on Posted in Contracting/Outsourcing

The “Outsourcing Challenges and Trends” panel from the McCarthy Tétrault Tech Law Summit comprised a veritable who’s who of Canadian outsourcing experts with presentations by McCarthy Tétrault’s Barry Sookman, Matthew Peters, and Charles Morgan, as well as Everest Group’s Betty Breukelman. The session highlighted current market trends as well as trends in outsourcing agreements and negotiations.

Betty Breukelman noted that Asia continues to top the list of hot-spots for new service delivery centres, while places like Poland and Vietnam are emerging as low-cost alternatives for IT delivery. Also on the rise is China, which boasts a significant increase in the number of outsourcing centres since 2006. On the decline are Brazil, Chile, and Malaysia which are suffering from eroded arbitrage potential due to an appreciation in their respective currencies.

Matthew Peters highlighted a number of key developments in outsourcing negotiations:

  • Dual track negotiations (i.e., simultaneous negotiations with multiple vendors to encourage more competitive concessions) are becoming increasingly popular among customers
  • Sticking points in negotiations tend to be pricing, service level agreements (SLAs), limitation of liability, termination, benchmarking, and remedies.
  • Improvements to the negotiation process include the use of risk registers and better internal governance structures.

With regards to service levels, Matthew observed that component SLAs are still the most frequently used type, although end-to-end SLAs crop up from time to time. As well, service levels are predominantly SLAs, though discrete service level objective are still used in certain circumstances. But the key consideration is what will motivate the parties. For instance, in certain cases, decreases in volume commitments or the replacement of key personnel are better at addressing the root cause of a problem than a standard fault/compensation solution.

Charles Morgan focussed on the importance of thinking through the benchmarking process to anticipate issues which are sure to arise later. Benchmarking involves drawing regular comparisons to market standards in order to keep the negotiated price competitive over time. Charles recommended that the parties pre-approve a slate of benchmarkers.  Other issues to consider in benchmarking include:

  • What is the scope of the benchmark? (e.g., by service tower, the entire agreement, pricing only, SLAs, etc.?)
  • How are costs to be allocated? Benchmarking can be costly and should only come into play when the deal value is sufficient to warrant such provisions.
  • Is the benchmarking report final or should the parties be entitled to provide feedback? If so, what will be the impact of such feedback? Who has the last word?
  • What is the price adjustment mechanism: Deadband? Auto-adjust? Negotiation?
  • What will the escalation process and remedies be in the event that parties fail to agree?

In addition to benchmarking, Charles outlined a number of other price control mechanisms that parties might consider:

  • Declining price model (i.e., anticipating price evolution)
  • Structured price adjustment mechanism (e.g., break down service tower into its components (people, equipment, software), then weight the components for each tower, then apply a cost adjustment formula to each component)
  • Most-favoured nation (MFN) treatment (i.e., comparison to most-favoured clients)
  • Unit pricing
  • Gain sharing

Barry Sookman pointed out that, based on a recent survey of clients, most found negotiating limitation of liability provisions difficult even though such provisions are very rarely breached. For breaches of confidentiality and IP infringement, the majority of respondents had uncapped damages. With respect to resolving disputes, the vast majority of respondents preferred escalation over arbitration or litigation. And lastly, to promote performance, clients favoured the withholding of funds, volume reductions, and directing less future work to the other party, rather than terminating the agreement.

Tech Law Summit Recap – Key Developments in IP Law

By James Gannon and Keith Chung on Posted in Copyright, Intellectual Property, Patents, Trade-marks

The recent McCarthy Tétrault Technology Law Summit included a panel on “Key Developments in IP Law,” featuring James Skippen, Chairman and Chief Executive Officer, WiLAN Inc. and McCarthy Tétrault partners Beth MacDonald, David Gray and Barry Sookman. Paul Armitage, another McCarthy Tétrault partner, moderated the panel.

Patents

James Skippen commented on the growing awareness of the value of intellectual property, and patents, in particular. He observed that, instead of being a neglected asset class, patents are playing a more prominent role, and may even, in some circumstances, exceed the value of a company’s other assets. 

After describing WiLAN Inc.’s  history and current business, James provided his view of recent patent decisions from the Supreme Court of the United States, including eBay Inc. v. MercExchange, L.L.C., KSR Int’l Co. v. Teleflex, Inc., Quanta Computer, Inc. v. LG Electronics, Inc. and Microsoft Corp. v. i4i Limited Partnership. He also briefly touched on the recent Leahy-Smith America Invents Act. These developments have resulted in important changes to the judicial remedies available to a successful patentee and have had implications for the substantive validity of issued U.S. patents. They have also brought about procedural changes in patent litigation that affect the balance of power between patentees and potential infringers.

Trade-marks/Domain Names

Beth Macdonald spoke next about the recent developments in the area of trade-marks and domain names. She provided an overview of the 2011 Supreme Court of Canada trade-marks case Masterpiece Inc. v. Alavida Lifestyles Inc. and provided two key takeaways arising out of the decision:

  1. keep track of your organization’s trade-mark applications and registrations; and
  2. monitor the Canadian Trade-marks Journal to identify allowed applications for registration that should be opposed.

The Masterpiece ruling also appeared to discourage the use of expensive survey and linguistic experts, at least in the context of consumer goods, in favour of a judge addressing the issue of confusion without the assistance of expert witnesses. Beth also spent some time discussing the current issues in the area of keyword advertising.

Beth concluded her presentation with a discussion on the new global top level domain (gTLD) registrations. She noted that the application period for the new gTLDs is now open and runs until April 2012. This will be followed by an initial evaluation and opposition period, with a deadline to file last objections expected around December 2012.

IP/IT Litigation

David Gray, the next speaker, focussed on efforts that organizations should take to avoid costly litigation, and also on measures they can take to minimize the costs, risks and disruptions associated with significant legal proceedings.

David spent the remainder of his talk providing the audience with tips on proper business document retention strategies. He noted the importance of maintaining proper and accurate corporate records, but also recording any elements that could shed a positive light on the current events should facts come under dispute in the future. Oftentimes, rather than saying that “history is written by the victors”, according to David, when it comes to factual disputes, “the victors are those who wrote the history.”

Copyright

Barry Sookman closed out the panel with a discussion on key developments in copyright law in 2011. He began with an overview on the federal government’s Bill C-11, the Copyright Modernization Act, going over the important amendments that the Bill would make to the Copyright Act. After a review of the process and timing leading up to the Bill’s expected passage, Barry reviewed which areas of the Bill are being considered for potential amendment at the committee stage.

The next part of his presentation provided an overview of key 2011 copyright law decisions both in Canada and around the world. These cases included Crookes v. Newton (while not strictly a copyright case, Barry noted that it could influence the way copyright law would look at Internet hyperlinks), Lucasfilm Ltd & Ors v. Ainsworth & Anor, Robertson v. ProQuest Information and Learning LLC, and Temple Island Collections Ltd v. New English Teas Ltd & Anor. A show of hands from the audience illustrated that the results from that last case on the issue of infringement were quite unexpected.

Ten Tech Law Resolutions for 2012

By George S. Takach on Posted in Consumer Protection, Copyright, E-Commerce, Intellectual Property, Privacy

January is a great time to make some resolutions for the coming year. In addition to the personal ones you have made, here are 10 involving tech issues that are (or should be) important to your organization.

1. Closing the Loop on Open-Source

Open-source software code and other types of materials and technical artefacts that are subject to open-source licensing models are proliferating in your business.  Some of this material is made available under open-source license agreements that are fairly benign.  In some cases, however, the license agreement can be quite problematic, including requiring you to make available to the public for free work product that you thought was going to be proprietary to you.

Therefore, it’s extremely important to have your IT department  – and other business units in your organization that use open-source-type tools and content – identify all the instances where open-source items are used.  You then need to get a handle on all the relevant license agreements and understand them in detail relative to your organization’s business objectives.  We see so many clients surprised by open-source issues when they finally come to understand them – you don’t want to be among this group in 2012.

2. Privacy Law Review

When was the last time you updated your privacy policy?  Silence.  I thought so.  Well, you’re not alone.  Most organizations write it once, and then essentially leave it unchanged for years.  But legal apathy is not an option.

If you operate in Alberta, or at least have data from individuals in Alberta, at a minimum you’ll want to review your privacy policy from the perspective of reflecting the recent changes made to Alberta’s privacy law.  In addition, however, there is also the update exercise whereby you review all the activities going on on your website, and then you ask whether your privacy policy is appropriate to cover all these moving parts.  In an ideal world, by the way, this would be done quarterly, and not just once a year, given how dynamic your web presence is nowadays.

3. Using User-Generated Content

Speaking of reviewing websites, you should also keep in mind user-generated content (UGC).  Chances are over the last little while your marketing people have added to your website the ability to collect from users (young and old) content of various forms (written, photographic, voice, musical, just to name four).  This UGC is great in terms of making your web presence fresh and vital.  But it also presents a certain legal risk profile.

For example, if the UGC contains the image of the person posting it, then an IP and personality rights waiver is required from this individual.  This is the (relatively) easy part.   More challenging, is to deal with the picture of the friend in the image (if there are two or more subjects in the image).  Likely this “innocent” third party will have no inkling that the camera wielding friend has done this.  And if they chance upon it, can he or she ask that the court remove the image?  Ideally you want to deal with the situation proactively, before it ever gets to a complaint stage (let alone a proceeding before a court).

4. Cloudy Computing

Chances are someone in your organization is considering a cloud IT solution as you read this – but you haven’t been informed of this yet.  This is one tech development you shouldn’t wait to get the email for.  And of course IT will come to you on a Friday, expecting your legal review and sign off, by Monday.  Sounds familiar?  To avoid this scenario, you should actively go out to the business and find the one or two cloud pilot projects that are now being worked up by the IT group for implementation in 2012. 

The three-day legal review scenario (Friday to Monday) can work on something like a sign off on some advertising copy.  But cloud computing is way more complicated.  Just wrapping your head around how it works, and what the different features of the cloud infrastructure are that you’ll be using, is a big job but a completely necessary one.  And again, you can either wait to work out this issue (with all sorts of pressure to get it done yesterday), or you can conduct a review at your own leisure (well, maybe not “leisure,” but at least your own cadence).  This will then allow you the time it will take to review properly the security and contractual provisions from the cloud service producer.

5. Online Security Review

Security is a critical concern for your website, or your IT facility generally, or your cloud computing relationship.  Indeed, security is perhaps the single most important issue in tech right now.

Therefore, 2012 should be the year you get around to taking that course in “online security for non techies.”  And ideally it is focussed on ISO standards, as our federal Privacy Commissioner is quite keen on ISO security standards.  But even if you don’t take the course, this is the year you read up on security, and become much more conversant in online security, privacy and protection issues.  Your organization’s potential liability may depend on it!

6. Implementing the Anti-Spam Law

Later this year, the federal government’s new anti-spam law will likely come into effect.  Which means now is precisely the time to get going on the review process, so that you will have plenty of time to go through your organization’s electronic messaging practices in order to determine what you need to do to comply with the new law.

Some lead time here is truly in order.  From the early work we did last year with some clients in this area, I can tell you that complying with the anti-spam law is not a simple exercise.  There are lots of nooks and crannies in the new statute.  But most importantly – and most time consumingly – you will need to get to the bottom of how exactly your organization reaches out to customers and prospects electronically.  You will be surprised at what a multiplicity of channels and content you will discover – and how each one requires a slightly different anti-spam law response.

7. New Domain Names

An additional international domain name system will be establishing a range of new domain names this year.  All sorts of opportunities will be opened up to acquire names with possibly very significant marketing, economic and strategic value.

You may not initially see a pressing need for pursuing such a new domain name – why not “leave well enough alone,” etc.  But at a minimum you should research the new domain name horizon being opened up, and determine whether (or not) it impacts you, and in what ways.  An informed decision (one way or the other) now will let you sleep better as the year wears on and some high profile new domain name operators are announced.

8. It’s A Wrap

Last year the BC Supreme Court delivered a judgment that upheld a website’s “browse wrap” terms and conditions against a third party who had used the site in a manner contrary to such terms and conditions.  This was an important decision (and echoed an earlier decision from Quebec) because it means that in the online world “express click consent” is not required in all circumstances where you are looking to have users adhere to your website terms and conditions.

What this means is that now is a good time to review your website’s approach, or more likely approaches, to end user/customer consent.  And especially if to-date you have put your users through a fairly rigorous express click consent process, maybe you can dial that back to a browse wrap format, thereby making the user experience a simpler one.  Imagine, you get to visit marketing and tell them they can make the website less onerous from a legal design perspective – hey, watching the smile on their faces is reason enough to undertake this particular New Year’s resolution.

9. Looser Links

In a similar vein, last year the Supreme Court of Canada released a decision that now makes it far less likely that a link from your website to a problematic third party website will get you in trouble legally.

Therefore, as with the browse wrap issue noted immediately above, again you could visit marketing and give them the good news that they have more leeway now in determining who they want to link to on your organization’s website.  You should space this visit about two weeks after your visit to talk about the greater flexibility on browse wrap procedures, so that marketing begins to really get the sense that you are incredibly smart and helpful to them.

10. Just Do Them

Finally, don’t allow the above list of “to-do’s” to become 101-109 on your list of 100 things to do.  Just do them.  Now.

Suing for Snooping – Privacy Intrusion Actionable in Ontario

By Barry Sookman on Posted in Privacy

In Jones v. Tsige, the Court of Appeal for Ontario recently ruled that there is a tort of “intrusion upon seclusion” in this province and awarded $10,000 in damages to a woman whose banking records were surreptitiously accessed by a fellow employee.

Is there is a Tort of Inclusion upon Seclusion in Ontario? Adapting the Law to the Digital Age

In its reasons, the Court of Appeal reflected on technological change and its impact on privacy. In particular, it noted that Internet and digital technology have changed the way we capture, store and retrieve information – we are storing more sensitive information in readily accessible electronic form, which poses a threat to privacy. The court reasoned that recognition of a tort of intrusion upon seclusion “would amount to an incremental step that is consistent with the role of this court to develop the common law in a manner consistent with the changing needs of society.”

What is the Test for Intrusion upon Seclusion?

The court adopted the elements of the tort of intrusion upon seclusion from the Restatement (Second) of Torts:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

According to the court, the key features of this cause of action are:

  1. the defendant’s conduct must be intentional (or reckless)
  2. the defendant must have invaded the plaintiff’s private affairs or concerns, without lawful justification
  3. a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish

The court also ruled that, to succeed in a claim for damages for intrusion upon seclusion, the plaintiff need not establish any pecuniary loss. Also noteworthy is the fact that the cause of action:

  • is limited to claims for “deliberate and significant invasions of personal privacy”
  • only applies to “intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive”
  • will be balanced against any competing protections (e.g., freedom of the press and freedom of expression)

How Should Damages be Calculated?

The court stated that, where there is no proof of economic harm, damages should range up to $20,000. The court did not exclude the possibility of an award for aggravated or punitive damages.

The court then set out the following factors to consider in determining the size of the award:

  1. the nature, incidence and occasion of the defendant’s wrongful act
  2. the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position
  3. any relationship between the parties
  4. any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong
  5. the conduct of the parties, both before and after the wrong, including any apology or offer of amends made by the defendant

Applying those factors to the facts in this case, the court awarded the plaintiff damages in the amount of $10,000, based on the fact that the intrusion was deliberate and repeated which upset the plaintiff but which did not result in any public embarrassment.

(The decision includes two very helpful appendices setting out damage awards in previous privacy cases.)

What are the Implications of this Decision?

This decision will be of particular concern for companies in the banking, collections, credit reporting, and health care sectors, which deal in sensitive personal information.

The decision could result in an increase in privacy litigation and, in particular, privacy class actions (as proof of pecuniary damages is not a requirement of the tort).

Further Reading

For more detailed analysis from our lawyers on this significant privacy decision, read:

Le Baromètre AQT : les résultats d’une enquête sur les conditions du marché et la force du secteur des TIC au Québec

By Charles Morgan on Posted in Intellectual Property, M&A/Finance

Une récente enquête menée auprès des entreprises du secteur des technologies de l’information et des communications (« TIC ») du Québec a révélé des résultats encourageants et a décelé certains obstacles à la croissance et à l’investissement. SOM, pour le compte de l’Association québécoise des technologies (« AQT »), a mené une enquête auprès de 650 entreprises en TIC du Québec comptant entre 4 et 500 employés et a analysé les données recueillies auprès de 495 de ces entreprises. L’enquête était parrainée par Développement économique Canada et McCarthy Tétrault.

Voici un résumé de quelques-uns des résultats clés tirés de l’enquête.

  1. La plupart des entreprises en TIC au Québec sont en pleine croissance. Parmi les entreprises ayant répondu à l’enquête, 67 % ont indiqué que leurs revenus avaient augmenté au cours du dernier exercice financier comparativement à l’année précédente, et 86 % des entreprises prévoyaient que leurs revenus augmenteront pendant l’exercice financier en cours.
  2. Les exportations constituent une importante source de revenus pour bon nombre d’entreprises en TIC situées au Québec. Seulement 27 % des entreprises en TIC vendent exclusivement leurs produits et services au Québec, alors que 29 % des entreprises en TIC du Québec effectuent des ventes en Europe et 41 % effectuent des ventes aux États-Unis.
  3. Les postes en R&D sont plus nombreux que ceux en vente et en commercialisation. L’enquête a examiné la répartition des employés selon les postes qu’ils occupent, car la répartition des employés peut avoir une incidence sur la croissance de l’entreprise. Selon les résultats de l’enquête, 33 % des employés des entreprises en TIC au Québec travaillent en R&D, alors que 18 % des employés sont affectés à des tâches de vente et de commercialisation. Ces résultats semblent corroborer l’idée reçue selon laquelle les entreprises en TIC au Québec excellent en innovation, mais souvent ne parviennent pas à exploiter le potentiel commercial de leurs créations.
  4. La gestion de la qualité est devenue une pratique courante. Une grande majorité des entreprises vendant des solutions technologiques ont mis en œuvre un processus officiel afin de structurer l’élaboration de nouveaux produits et services. Vingt-quatre pour cent de ces entreprises ont recours à une méthode de gestion de la qualité fondée sur des normes internationales (ISO, ITIL, etc.), alors que plus de la moitié d’entre elles ont recours à une méthode élaborée par l’entreprise elle-même.
  5. Une pénurie de main-d’œuvre qualifiée constitue un obstacle à la croissance. La pénurie de main-d’œuvre qualifiée constituait l’une des trois principales contraintes pouvant avoir une incidence sur la croissance de ces entreprises. Toutefois, l’immigration pourrait être une solution. Un tiers des répondants disposant d’un plan stratégique envisage de procéder à des embauches en ayant recours à l’immigration.
  6. Les entreprises en TIC au Québec pourraient améliorer leurs mesures de protection liées à leur propriété intellectuelle. Huit pour cent des entreprises ne protègent pas leur propriété intellectuelle du tout et 32 % protègent leur propriété intellectuelle en innovant constamment, de sorte qu’elles devancent toujours leurs concurrents. Cela signifie que 41 % des entreprises en TIC n’ont recours à aucun mécanisme afin de protéger leur propriété intellectuelle, que ce soit au moyen d’un contrat ou en enregistrant leurs droits de propriété intellectuelle.

Dans le rapport de l’AQT sur les résultats de l’enquête, McCarthy Tétrault a commenté les meilleures pratiques qu’une entreprise en TIC devrait adopter afin de mieux protéger ses actifs de propriété intellectuelle. Afin de regrouper ses actifs de propriété intellectuelle et de confirmer la propriété de ses droits de propriété intellectuelle, une entreprise devrait obtenir des cessions de droits écrites auprès de ses employés, pigistes, entrepreneurs et consultants. En outre, les employés devraient recevoir une formation portant sur la nature et l’importance de chaque type de propriété intellectuelle pour l’entreprise. En bref, les entreprises en TIC ne devraient pas hésiter à demander conseil à des experts en propriété intellectuelle sur la façon de protéger et d’utiliser leurs droits de propriété intellectuelle afin d’exploiter leur plein potentiel de marché.