Internet Child Pornography Reporting Regulations
P.C. 2011-1526 2011-12-06
His Excellency the Governor General in Council, on the recommendation of the Minister of Justice, pursuant to section 12 of An Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet serviceFootnote a, hereby makes the annexed Internet Child Pornography Reporting Regulations.
Return to footnote aS.C. 2011, c. 4
1 The following definitions apply in these Regulations.
- designated organization
designated organization means the organization named in section 2. (organisme désigné)
- Internet address
Internet address means an Internet Protocol address or a Uniform Resource Locator. (adresse Internet)
- service provider
service provider means a person who provides an Internet service to the public. (fournisseur de services)
Marginal note:Designation of organization
2 For the purpose of section 2 of the Act, the designated organization is the Canadian Centre for Child Protection.
Role, Functions and Activities of Designated Organization
Marginal note:Online Internet address reporting system
3 The designated organization must, for the purpose of receiving reports of Internet addresses under section 2 of the Act, maintain a secure online system that
(a) assigns each service provider a unique identifier for the purpose of making reports;
(b) allows a service provider to report only Internet addresses; and
(c) issues to a service provider, for each report they make, a receipt that indicates the incident number assigned to the report, the service provider’s name and unique identifier and the date and time of the report.
Marginal note:Analysis and communication of findings
4 As soon as feasible after receiving a report under section 2 of the Act, the designated organization must determine whether any material found at the reported Internet address appears to constitute child pornography and, if so,
(a) determine, if possible, the geographic location of the server that the reported Internet address points to and the geographic location of the server hosting the material that appears to constitute child pornography; and
(b) make available to every appropriate Canadian law enforcement agency by secure means
(i) the reported Internet address,
(ii) a description of any geographic location that the designated organization was able to determine under paragraph (a), and
(iii) any other information in the designated organization’s possession that might assist the agency’s investigation.
- SOR/2018-254, s. 3(F)
Marginal note:Retention of records
5 For each report received in accordance with section 2 of the Act, the designated organization must retain the reported Internet address and a copy of the receipt issued under paragraph 3(c) for two years after the day on which the report is received.
Marginal note:Security measures
6 The designated organization must take measures to
(a) ensure its continued ability to discharge its role, functions and activities under the Act, including measures relating to the protection of its physical facilities and technical infrastructure, risk prevention and mitigation, emergency management and service resumption;
(b) protect from unauthorized access any information obtained or generated by the designated organization in the course of discharging its role, functions or activities under the Act; and
(c) ensure that its personnel are capable of fulfilling their duties in the discharge of the designated organization’s role, functions and activities under the Act, including measures relating to their selection and training.
- SOR/2018-254, s. 4
Marginal note:Incident: notification of Ministers
7 The designated organization must notify the Minister of Justice and the Minister of Public Safety and Emergency Preparedness within 24 hours of becoming aware of any incident that jeopardizes the designated organization’s ability to discharge its role, functions or activities under the Act.
Marginal note:Conflict of interest
8 The designated organization must take any measures necessary to avoid a conflict of interest in respect of its role, functions and activities under the Act, and must address any such conflict that does arise.
Marginal note:Annual report
9 The designated organization must, not later than June 30 of each year, submit to the Minister of Justice and the Minister of Public Safety and Emergency Preparedness a report on the discharge of its role, functions and activities under the Act for the 12-month period beginning on April 1 of the preceding year. The report must include
(a) the number of reports received under section 2 of the Act and, of those, the number that led the designated organization to make information available to a law enforcement agency under paragraph 4(b);
(b) a description of the measures that the designated organization had in place in accordance with section 6;
(c) a description of any incident referred to in section 7 that occurred and the steps taken in response to the incident;
(d) a description of the measures that the designated organization had in place in accordance with section 8, any conflict of interest that arose and the steps taken to address it; and
(e) any other information that may affect the designated organization’s current or future ability to discharge its role, functions or activities under the Act.
Obligations of Service Providers
Marginal note:Method of reporting
10 For the purpose of section 2 of the Act, an Internet address must be reported by a service provider using the online system referred to in section 3.
Marginal note:Form and content of notification
11 For the purpose of section 3 of the Act, a notification from a service provider must be in writing and must include the following information:
(a) the child pornography offence that the service provider has reasonable grounds to believe is being or has been committed using their Internet service;
(b) a description of the material that appears to constitute child pornography, including its format;
(c) the circumstances under which the service provider discovered the alleged offence, including the date and time of discovery;
(d) a description of any other evidence relating to the alleged offence in the possession or control of the service provider; and
(e) contact information of the service provider’s representative for the purpose of investigating the matter.
Marginal note:Security measures for preserved data
12 A service provider that is required to preserve computer data under section 4 of the Act must retain a copy of that data in a secure offline location.
Coming into Force
Marginal note:S.C. 2011, c. 4
Footnote *13 These Regulations come into force on the day on which An Act respecting the mandatory reporting of Internet child pornography by persons who provide an Internet service comes into force, but if they are registered after that day, they come into force on the day on which they are registered.
Return to footnote *[Note: Regulations in force December 8, 2011, see SI/2011-110.]
- Date modified: