draft electronic document regulations for financial institutions published

Last week (May 8 to be exact) the federal government published draft regulations relating to the use of electronic documents by federally regulated financial institutions. These regulations are part of a process that began in 2005 to harmonize and modernize legislation governing banks, insurance companies, trust companies and cooperatives.

The new regulations set out the general requirements that such institutions must meet in order to use electronic documents when dealing with stakeholders. You can find links to the draft regulations and a regulatory impact analysis at the end of this post.

Here’s the Coles Notes summary:

  • electronic documents related to securities transfers are excluded;
  • electronic documents must be in clear and simple language that is not misleading
  • a requirement to provide a document may be satisfied by making the document available through a generally accessible electronic source (such as a website) and giving notice (whether paper or electronic) to the person to whom the document must be provided, unless there’s a requirement under the legislation to deliver to a specific place, in which case the website mechanism won’t work;
  • consent to receive electronic documents can be obtained from addressees in writing (paper or electronic) or orally, but, unless it’s just a one time consent, they must be notified in writing (paper or electronic) regarding:
    • when their consent  is effective,
    • that they can revoke their consent,
    • that they are responsible for updating the address to which electronic documents are delivered, and
    • that the sender will only retain electronic documents for a specified period, following which it becomes the responsibility of the recipient to retain a copy
  • the notification or consent above, if in electronic form, must be provided in a form that can be retained by the recipient for future reference
  • consent must include address designated for receipt and a list of notices covered by the consent and, if consent is provided orally, the sender must confirm such information, as well as that in the original notice, in writing (paper or electronic)
  • consent can be revoked in writing (paper or electronic) or orally
  • revocation must be confirmed in writing and when it takes effect and, if provided in electronic form, must be accessible and capable of being retained for future reference
  • an electronic document is considered provided to someone when it:
    • leaves an information system in the control of the sender, or
    • when it is posted or made available through the secure website of the sender (no reference to a notice needing to be sent to them)
  • an electronic document is considered received by someone when it:
    • enters the information system designated by them
    • it is posted or made available through the secure website of the sender, or
    • the recipient receives the notice mentioned in the third bullet above (i.e. when posting to a website, the notice alerting the recipient that it’s available)
  • electronic signatures must consist of letters, characters, numbers or symbols in digital form incorporated, attached or associated with an electronic document

Not quite clear to me why the provision on sending doesn’t refer to the alert notice being sent. Nor is it clear to me what the reference to “secure” websites means. But apart from those nits, one of the good things about these new regulations is that they expressly provide for a mechanism that permits the delivery of electronic documents by posting to a website, combined with the delivery of a notice (which can of course be much shorter) that the electronic documents are available. In contrast, other acts, such as the Ontario Consumer Protection Act and its associated regulations do not expressly permit such a mechanism when it comes to delivery of “internet agreements” – for example, s. 33(3) of the regulations indicate that an internet agreement is considered delivered by:

1. Transmitting it in a manner that ensures that the consumer is able to retain, print and access it for future reference, such as sending it by e-mail to an e-mail address that the consumer has given the supplier for providing information related to the agreement.

2. Transmitting it by fax to the fax number that the consumer has given the supplier for providing information related to the agreement.

3. Mailing or delivering it to an address that the consumer has given the supplier for providing information related to the agreement.

4. Providing it to the consumer in any other manner that allows the supplier to prove that the consumer has received it.

Similarly, the equivalence rules in the Ontario Electronic Commerce Act specifically exclude the posting of information to a website as satisfying a legal requirement to provide information or a document in writing:

10. (1) For the purposes of sections 6, 7 and 8, electronic information or an electronic document is not provided to a person if it is merely made available for access by the person, for example on a website.

Same

(2) For greater certainty, the following are examples of actions that constitute providing electronic information or an electronic document to a person, if section 6, 7 or 8 is otherwise complied with:

1. Sending the electronic information or electronic document to the person by electronic mail.

2. Displaying it to the person in the course of a transaction that is being conducted electronically.

Though in both cases there is some room either to argue that a web-based posting could satisfy the requirements of either act (e.g. posting to a website plus sending a notice of availability would not be “merely” making the information available on a website), it’s certainly not as expressly permitted as in the new draft regulations.

Of course, the regulations should be read in connection with the corresponding provisions (Bank Act – scroll down to Part XVIII, Insurance Companies Act – scroll down to Part XX, Trust and Loan Companies Act – scroll down to Part XIV.1, Cooperative Credit Associations Act – scroll down to Part XVII.1) in each act relating to the use of electronic documents.

Links to draft regulations: Regulatory Impact Analysis; Bank Regulations; Insurance Company Regulations; Trust and Loan Companies Regulations; Cooperative Credit Associations Regulations

anti-spam law – about time

There have been bits and pieces floating around on this for a while but apparently the official announcement has now been made that the feds will (finally) be introducing an anti-spam law (hat tip to Barb McIsaac for forwarding the link). The nub:

This bill proposes a private right of action, modelled on U.S. legislation, which would allow businesses and consumers to take civil action against anyone who violates the ECPA. The proposed ECPA’s technology-neutral approach allows all forms of commercial electronic messages to be treated the same way. This means that the proposed bill would also address unsolicited text messages, or “cellphone spam,” as a form of “unsolicited commercial electronic message.”

The bill would establish a clear regulatory enforcement regime consistent with international best practices and a multi-faceted approach to enforcement that protects consumers and empowers the private sector to take action against spammers.

An important component of the proposed ECPA is the enforcement regime whereby the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner would be given the authority to share information and evidence with their counterparts who enforce similar laws internationally, in order to pursue violators beyond our borders.

The proposed ECPA would enable the CRTC to impose administrative monetary penalties (AMPS) of up to $1 million for individuals and $10 million in all other cases. The Competition Bureau would use a similar AMPS regime already provided for in the Competition Act,and the Office of the Privacy Commissioner would use its existing tools and enforcement framework to enforce the provisions of this legislation. The bill also proposes that the Privacy Commissioner’s powers to cooperate and exchange information with her counterparts be expanded, in respect of the Personal Information Protection and Electronic Documents Act.

via Industry Canada Site – Government of Canada Protects Canadians with the Electronic Commerce Protection Act.

More on this when I actually get some time to read the thing.

wired survey on iphone 3g speeds worldwide (including canada)

As the title suggests, Wired has published an article on iPhone 3G speeds worldwide. Us Canucks seemed to have fared relatively well:

# Canadian carriers Rogers and Fido tied for second fastest with an average download speed of about 1,330 Kbps on average.

That’s second worldwide by carrier. T-Mobile in Europe won the prize with average speed of 1,822 Kbps while AT&T in the US averaged a somewhat sad 990.

That being said, even the slow, slow bandwidth in ths US is a wee bit faster than the turtle-like (comparatively speaking) max 120 Kbps that Rogers’ EDGE provides.

Time to go get an iphone. Or maybe a Bold.

canadian export controls now apply to quantum cryptography

Well. Not like this is going to affect a huge number of companies in Canada, but one of my colleagues brought to my attention at an internal meeting the fact that the Canadian government has updated its export control list – i.e. the list of things that you can’t ship out of Canada without a permit. A brief release from the gov’t summarizes the additions, which now include quantum cryptography goods and technologies. D-Wave might want to be pay attention to this, though they’re not in the area of quantum cryptography per se. That being said, I’m a bit surprised that its only quantum cryptography that’s on the list. Given the potential impact that quantum computing technology may have on standard cryptographic protections (i.e. being able to render it more or less useless, assuming the predictions on its horsepower come to pass) I would have thought quantum computing would have also been added on in some form.

canadians – as bad as the chinese (almost)

Well, this story certainly has got a lot of coverage. I was quite surprised to read in Wired that quite of bit of IP is stolen in Canada. To wit:

But — surprise, surprise — IIPA also wants Canada added to the list of the most egregious violators. That’s right. Canada. According to the IIPA, Canada was responsible for $551 million in lost revenue in 2006, all of it in the business software sector (numbers from other industries were not available). That makes Canada the fourth-worst offender. See the chart here.

I was also at a very interesting speech that Graham Henderson of CRIA gave on the proliferation of counterfeit goods in Canada. Again, though I knew of some counterfeiting of goods going on here, I was a bit surprised at the numbers that were presented and also the types of counterfeiting – everything from extension cords to batteries to pharmaceuticals.

Of course that’s one side of it. And like everything else there are always two side to a story. Michael Geist is quoted in the story as asserting that the IIPA is out of touch with the rest of the world by criticizing countries who have less stringent measures in place than US legislation, which he asserts to be the world’s toughest.

Its interesting to compare this with the MPAA’s position on proposals in the use on fair use, which I mentioned a bit earlier. Perhaps best described like this:

Geist on IP infringement issues in Canada: “Problem? What problem?”

The MPAA on fair use issues in the US: “Problem? What problem?”

And so it goes. <sigh>