Any electronic commercial message sent without consent to be considered spam
When many people think of spam, they think of anonymous, untraceable emails that end up in their junk mail. But under new legislation, the government of Canada is extending the definition of spam to “any electronic commercial message sent without the express or implied consent of the recipient.”
“Even something as simple as an email to a potential customer saying, ‘Hello’ with a link to a website selling the company’s products, even if only part of the message has a commercial purpose, it can be caught by this,” said Donovan Plomp, a partner at McCarthy Tétrault in Vancouver. “Most people don’t think of that as spam.”
Bill C-28, Canada’s Anti-Spam Legislation (CASL), defines an electronic commercial message as any electronic message that could reasonably be concluded to encourage participation in a commercial activity, including a message that:
• offers to purchase, sell, barter or lease products, goods or services
• offers to provide a business, investment or gaming opportunity
• advertises or promotes products, goods, services or opportunities
• promotes a person who does anything referred to above.
CASL has been passed as law, and was originally supposed to come into force in September 2011, but it has been postponed due to many lobbies expressing concern about the legislation, said Charles Lupien, an associate at Fasken Martineau DuMoulin in Montreal. Now, it is expected to come into force in early 2012, he said.
The act defines an electronic message as any “message sent by any means of telecommunication, including a text, sound, voice or image message.” It would cover emails, text messages, instant messages, tweets and Facebook posts, said Plomp.
The only way these messages can be sent is through express or implied consent from a recipient. When requesting express consent, a business must set out simply and clearly: the purpose for which the consent is being sought; prescribed information that identifies the person seeking consent (such as name, contact information and address); and a method for the recipient to remove consent at any time, said Lupien.
“It really is a very different standard than what we’re used to in terms of email and anti-spam. It’s the exact opposite of what the U.S. laws require — that is, opt-out. Here’s it’s opt-in. We have to have consent of the person before sending an email,” he said. “It looks like a small difference but it really changes the whole spirit of sending unsolicited commercial electronic communications.”
Employers are encouraged to attain consent now because once the law is in force, simply sending an email asking for consent is deemed to be spam, said Lupien.
Organizations should also have a system in place to record consent.
“That can be anywhere from a small business having a simple spreadsheet tracking system to a large business with a fully integrated database… demonstrating where they have consent to send messages, where it is implied and when it expires,” said Plomp.
The database should have different fields that specifically outline what types of permission the organization has from all contacts and the date it was received, said Guy Steeves, regional development director at marketing firm Constant Contact in Vancouver. This will help employers decipher exactly which types of communication they can send to each contact.
Consent isimplied where a business relationship exists with a customer or client, according to the act. But within two years, organizations need to refresh consent with these existing clients, said Steeves.
Consent is also implied if the messages are relevant to a recipient’s business or role and the electronic address has been published without a statement the person does not wish to receive unsolicited messages. For example, emailing a lawyer who has published his email address on the firm’s website regarding a legal issue would be considered implied consent, said Lupien.
And there are also electronic commercial messages that are exempt from the act, including messages that:
• facilitate or confirm an existing commercial transaction
• deliver products, goods or services
• provide warranty information
• provide a quote or estimate
• provide information related to an ongoing subscription, membership, account or loan
• provide information related to an employment relationship.
To protect their organization, employers should implement a policy around Bill C-28 so employees can be in compliance.
“Even employees who are just administrative support and are not going to be sending out commercial messages, it’s still worthwhile making sure they’re aware of it so if there’s a sale or promotion going on, some well-meaning employee doesn’t send an email blast to a bunch of contacts saying, ‘Hey, look, our company’s doing this,’” said Plomp.
The policy could be included in the company’s existing policy on social media and Internet use, which is standard for most businesses, said Lupien.
Employers also need to properly train staff on the new legislation and those working in sales or marketing should receive a more intensive version, said Plomp.
“I would have in-person seminars to review the requirements of the act and make sure employees understand just how broad it is,” he said. “And (have) a designated contact person they can contact with questions because it is a very comprehensive piece of legislation and I think people are going to be unwittingly violating it.”
Businesses need to make sure employees understand the legislation as violators could face fines of up to $1 million for individuals and $10 million for organizations per violation, according to the act. It also allows for civil action against any violators.