In a report released to the complainant on Dec.1, 2004, the federal Privacy Commissioner found that unsolicited commercial email sent to the complainant's business email address, both initially and again two weeks after he had asked to be taken off the sender's email list, constituted a breach of the PIPED Act requirement for individual consent to the collection and use of personal information. Notable in this report are two findings: that business e-mail addresses constitute "personal information" under the Act, and that even though e-mail addresses are posted in a publicly available directory (in this case, the University website), they cannot be collected and used for purposes other than those for which they are posted, without consent.