Jeff Kahane of the Kahane Law Office will explain exactly what you need to know to comply with Canada's Anti-Spam Legislation. Is your marketing plan with permission and within the law? Post presentation, Jeff will answer audience questions in an interactive Q&A.
The Active Management Value Ratio: The New Science of Benchmarking Investment...
SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)
1. About Jeff Kahane
• Was a teacher prior to becoming a lawyer
• Practicing law for 13 years
• Legal department of Canadian Pacific Limited (the former parent
corporation of CP Rail, CP Hotels, Fording and CP Ships)
• Ernst & Young’s affiliate law firm Donahue, Ernst & Young
• Kahane Law opened February 2004
• Currently a full service law firm with 9 lawyers
Also looks
like this
2. About Kahane Law Office
• Full service law firm
• Experienced staff of lawyers provide legal assistance in the areas of:
• Real Estate Law
• Civil and Commercial Litigation
• Wills and Estates
• Employment/ Labour Law
• Powers of Attorney
• Corporate Services
• Family Law
• Immigration Law
3. Email Scams
• Nigeria 419 Scam
• Ever received an email from a Nigerian Prince, asking for your
support to help him ascend to the throne, for which you will be
rewarded with riches beyond your wildest imaginations?
• This scam leads to Australians being conned out of more than $36
million / year
• Inheritance of a close family member
• Viagra anyone…
4. Email Spam
• Clogging the Internet
• Approximately 250 to 300 Billion emails sent each day
• Spam accounts for 75% - 90% of all email traffic (according to
Industry Canada)
• In the time it takes to read this sentence 20,000,000 emails were sent
• Estimated that the average North American office worker spends 11.2
hours per week reading and answering emails
5. Email Threats
• Spam delivers other threats
• Spam-born viruses used to access large numbers of target
computers, allowing spammers to operate networks of zombie
computers (botnets) to send the spam without the computer owner’s
knowledge
• Spam is the main vehicle for delivering online threats (spyware,
malware, and phishing)
6. Email Scams - Impact
• These online threats:
• Encourage frauds and thefts
• Diminish confidence in the online marketplace
• Congest networks
• Interrupt commerce
• Reduce the stability of the internet and on-line services
• Threaten personal privacy
7. Anti-Spam Legislation Worldwide
• Most industrial nations have had anti-spam legislation for over a decade
• Japan (since 2002)
• USA (since 2003)
• UK (since 2003)
• China (since 2005)
8. Anti-Spam Legislation in Canada
• Canada has taken longer because the government has decided to create
anti-spam legislation much stronger than other industrial nations
• But did they go too far?
9. Anti-Spam Legislation in Canada
• Canada’s Anti-Spam Law (“CASL”) is actually titled:
• “An Act to promote the efficiency and adaptability of the Canadian
economy by regulating certain activities that discourage reliance on
electronic means of carrying out commercial activities, and to amend
the Canadian Radio-television and Telecommunications Commission
Act, the Competition Act, the Personal Information Protection and
Electronic Documents Act and the Telecommunications Act (S.C.
2010, c. 23)
• For our purposes, we’ll use the unofficial short title: “Canada’s Anti-Spam
Legislation”, or “CASL”
10. What Does CASL Regulate?
1. The sending of electronic messages without prior consent
2. Altering transmission data without express consent
3. The installation of a computer program on another person’s computer
system without express consent
4. The use of false or misleading representations and deceptive marketing
practices for on-line promotions
5. Collection of personal information through access to computer systems
6. Collection of personal information for identity theft
Today – only e-mails / e-messages
11. Will CASL be Effective?
• The goal of preventing spam and online threats has huge support, BUT
will it stop the spam???
• China supposedly has a death penalty for sending spam but it
doesn’t seem to stop spammers
• USA has had anti-spam legislation since 2003, yet is currently
considered the world’s worst spam-producing country, followed
closely by China
• Concern that CASL will only catch legitimate businesses unaware of the
legislation or that they are violating it
• Criminals and unethical individuals are unlikely to be deterred by
anti-spam laws
12. Why Take CASL Seriously
1. It regulates email, not spam
2. Three Federal agencies are enforcing it
3. Huge potential fines
4. Private prosecutions
13. CASL: Why Too Far?
• Description of a Commercial Electronic Message (“CEM”) is too broad;
• Regulates email and spam and blogs and tweets and electronic
newsletters (i.e., NOT just spam)
• Opt-in consent is too onerous;
• Too short a time period to obtain consents
• December 4, 2013 to July 1, 2014
• Social media changes much faster than laws – CASL will create
unintended violations
14. CASL: Why Too Far?
• IT-dependent
• Smaller organizations can’t afford extensive IT solutions
• Potential for enforcement against ethical, law-abiding individuals and
organizations
• But won’t deter a criminal in a foreign unregulated country
• Three Federal agencies enforcing
• Broad enforcement and risk of overlap between agencies
• Private right of action
• An extraordinary remedy
15. CASL Timeline
• Royal Assent – December 2010
• Regulations publicly presented – December 4, 2013
• Majority of CASL comes into force on July 1, 2014
• Window of opportunity to become compliant is very short
• Provisions related to computer programs come into force – January 15, 2015
• Private right of action comes into force – July 1, 2017
• Implied consent expires – July 1, 2017
16. Does CASL Apply to You?
• Anti-spam provisions are very broad
• CASL has the potential to impact any individual or organization in Canada
that sends electronic messages to an electronic address (i.e., business,
consumer, individual)
• *Threshold Issue: Is it a Commercial Electronic Message (“CEM”)
18. What Are
Commercial Electronic Messages
• A CEM is an electronic message that, considering:
• the message’s hyperlinks to a website,
• the message content, and
• the sender’s contact information in the message,
• it would be reasonable to conclude the CEM has, as one of its purposes,
to encourage participation in a commercial activity, including marketing,
advertising, or promotions. (S. 1(2))
19. Commercial Electronic Messages
• CASL focuses on the message, NOT on the sender
• Threshold issue is whether it is “commercial”
• Commercial activity includes any conduct of a commercial character
whether or not it is “in the expectation of profit”
20. All CEMs Must Have 3 Main Things
1. Consent Requirements
2. Information Requirements
3. Unsubscribe Mechanism
21. Requirement 1: Consent
• Sender MUST have recipient’s express or implied consent
• Onus is on the sender to prove consent was obtained (for both written
and oral consent)
• CASL does NOT allow opt-out consents (includes pre-selected toggles)
• CRTC requires a positive or explicit indication of consent (i.e.,
providing an email address or checking a toggle box)
• Previous consents will NOT satisfy CASL
22. Requirement 1: Consent
• Sender must have express consent for each act contemplated under
CASL
• Consent cannot be hidden within the “fine print” (i.e., in the terms and
conditions of use or other types of consent such as privacy) – it MUST be
distinct and “conspicuously published”
23. Requirement 1: Consent
• As per the CRTC Regulations:
• May request express consent orally OR in writing, or a combination of
both
• Oral consent must be verified by an independent 3rd party
• Or a complete, unedited recording must be retained
• Both paper and electronic forms allowed for written consent
• Electronic forms must record date, time, purpose, and manner of the
consent
24. Requirement 2: Information
• Must clearly identify the purpose of the consent
• Sender must clearly identify her/himself and any party the message is sent
on behalf of
• Sender must include contact information (name, company, mailing
address, phone number, and email)
• Recipient must be clearly informed of the right to unsubscribe from
receiving future messages
25. Requirement 3: Unsubscribe
• Must set out an electronic unsubscribe process or address, or link to an
“unsubscribe” page
• Must be given effect within 10 days following receipt
• Must be effective for 60 days
• Must be at no cost to recipient
• Must allow recipient to advise sender to stop sending electronic messages
• Must be clearly and prominently set out in message
26. Transitional Period for Existing
Relationships
• CASL allows implied consent for a 3 year transitional period for parties
already in an existing business or existing non-business relationship
• Implied consent is only okay until July 1, 2017 for these existing
relationships After this date you will require express consent from these
individuals/ organizations
27. Implied vs. Express Consent
• Implied Consent: Is inferred from signs, actions, or facts
• Express Consent: Is communicated either orally or in writing
28. Implied Consent:
Existing Business Relationships
• An “Existing Business Relationship” is deemed to exist if in the two
years prior to sending the CEM, the recipient had a business relationship
with the sender arising from:
• The bartering of anything in the previous 2 years
• Acceptance of a business, investment, or gaming opportunity offered
by the sender
• A written contract between sender and recipient of the CEM was in
existence any time in the previous 2 years prior to sending the CEM
• The purchase or lease of a product, goods, a service, land, or an
interest or right in land from the sender
29. Implied Consent: Existing
Non-Business Relationships
• There is implied consent to send a CEM where there is an “existing non-
business relationship” where:
• Sender is a registered charity, political party, or candidate for office,
and recipient made a donation or performed volunteer work in the
preceding two years
• Sender is a club, association, or voluntary association, and recipient
has been a member in the preceding two years
30. Exceptions (to Consent, Information and
Unsubscribe Requirements)
• Law enforcement, public safety, conduct of international affairs, or
protection of Canada
• Person to person if existing “family relationship” or “personal relationship”
• Messages sent to a person engaged in a commercial activity containing
an inquiry or application regarding that activity
• Internal messages within an organization where the messages concern
the activities of the organization
31. Exceptions (to Consent, Information and
Unsubscribe Requirements)
• Messages sent from one organization to another where there is a
relationship and the message concerns the activities of the organization
• Messages sent in response to a request, inquiry, or complaint, or
otherwise solicited by the recipient
• Messages sent in regard to legal or judicial orders, rights, or obligations
• Messages sent to a secure, confidential, limited-access account such as a
message sent by your bank to your electronic bank account
32. Exceptions (to Consent, Information and
Unsubscribe Requirements)
• Messages sent to a foreign state so long as you comply with that state’s
anti-spam law
• Canadian registered charities will have a limited exemption where they
send an electronic message primarily for fundraising purposes, BUT NOT
for other purposes
• Messages sent by political parties or politicians to solicit political
contributions
33. Consent Exceptions
• A message that responds to a requested quote or estimate
• A message that facilitates, completes, or confirms a commercial
transaction previously agreed to
• A message that provides warranty information, product recall information,
or safety information about goods or services purchased
34. Consent Exceptions
• Factual information about an ongoing purchase of goods or service
offered under a subscription, loan, membership, or similar relationship
• Information directly related to an employment relationship or benefit plan
• A message about product, good, or service upgrades or updates
35. Exceptions to Consent (BUT Information
and Unsubscribe Requirements Remain)
• A message to a recipient who conspicuously published their electronic
address (e.g., business card, website, etc.) and the message is relevant to
their business
• A message to a recipient who disclosed their electronic address (e.g., in a
conversation or letter) and the message is relevant to their business
• A message sent to a referral from a common contact but only the first
CEM
36. Social Media Exemption
• A CEM that is sent and received on an electronic messaging service IF
the information and unsubscribe mechanism are conspicuously published
and readily available on the user interface, and the person to whom the
message is sent consents to receive it either expressly or by implication
37. The Scary Part If You Do Not
Comply
• Complaints to Anti-Spam Reporting Centre
• Private Actions
• Class Actions
• Cost, effort, and potential embarrassment defending a prosecution
• Reputation/PR risk
• Extended liability to officers, directors, and others
38. Non-Compliance Penalties
• Penalties focus on economic disincentives
• Fines (what CASL calls “Administrative Monetary Penalties” (“AMPS”)
• For individuals: Up to $1 million / violation
• For corporations and others: Up to $10 million / violation
• Private right of action (i.e., Class Actions) as of July 1, 2017
• Including the right to statutory damages to a maximum of $1,000,000
($200 for each message sent) PER DAY
39. Extended Liability
• Extends to any person who “acts, induces, or procures a prohibited act”
• Extends to officers and directors if they “directed, authorized, acquiesced
to, or participated in the offending conduct”
• Employers are liable for acts of their employees acting within the scope of
their authority
40. Defences
• DUE DILIGENCE DEFENCE
• Must be able to demonstrate that your organization has taken proactive
steps to establish policies and procedures to ensure CASL compliance
and properly monitor and enforce those policies
41. Due Diligence Is Critical
• “A person must not be found to be liable for a violation if they establish
that they exercised due diligence to prevent the commission of the
violation” (s. 33(1))
• “A person must not be found to have committed a contravention … [of
CASL] … if they establish that they exercised due diligence to prevent the
contravention or conduct …” (s. 54)
42. 5 Steps To Prepare For July 1, 2014
1. Conduct a CASL Audit
• First, identify what electronic messages your organization sends
(emails, Christmas cards, marketing materials, Twitter and Facebook
accounts, etc.) and to whom (i.e., suppliers, customers, contacts,
potential clients or customers, etc.)
• Then, once you’ve completed all of your CASL compliance steps, go
back and double check that nothing has slipped through the cracks
43. 5 Steps To Prepare For July 1, 2014
2. Develop CASL Compliance Policies
• Develop an internal policy
• Conduct in-house training for staff
• Develop a website CASL compliance statement
• Update your privacy policies
• Note: These steps are critical – remember the “due diligence”
defence: A person must not be found liable for a violation or
contravention if they establish that they exercised due diligence
to prevent the commission of the violation or contravention.
44. 5 Steps To Prepare For July 1, 2014
3. Obtain consents
• Send an email to all of your current contacts requesting consent to
send CEMs
• Address “Consent, Information, & Unsubscribe” requirements with
any 3rd party who sends out CEMs on your behalf
• Prepare consent forms to use for new contacts and customers and
then use them for each new contact/customer
• Insert consent requests into all relevant documentation (contracts,
marketing materials, responses to quotes, on-line forms, etc.)
• Create a record keeping system to record consents and unsubscribes
45. 5 Steps To Prepare For July 1, 2014
4. Provide the Required Information
• Include your name and contact information and the information of any
party the CEM is sent on behalf of in every email and electronic
message
• Include an “unsubscribe statement” in every email and electronic
message
• Include an “unsubscribe mechanism” in every email and electronic
message (even if it is just a statement saying they can unsubscribe by
replying and typing “unsubscribe” on the subject line)
46. 5 Steps To Prepare For July 1, 2014
5. Unsubscribe Mechanism
• Create systems or IT solutions to ensure unsubscribe requests
actually take effect within 10 days of receipt
• Keep records of unsubscribes
47. Keep In Mind…
• Now is the time to prepare to obtain consent electronically
• After July 1, 2014 it will be an offence to send an email to get consent
• Remember that many of the requirements are IT dependent
48. Additional Resources
• Government of Canada CASL website
• www.fightspam.gc.ca
• CRTC website on Canada’s new Anti-spam Legislation
• http://www.crtc.gc.ca/eng/casl-lcap.htm
49. Jeffrey V. Kahane
Kahane Law Office
7309 Flint Road S.E.
Calgary, AB T2H 1G3
(E) jkahane@kahanelaw.com
(P) 403.225.8810
LinkedIn: http://www.linkedin.com/in/jeffkahane