Working with CAN-SPAM and the Canadian Privacy Act

The CAN-SPAM Act in the US was created over eight years ago in response to the increasing amount of email spam that people were receiving in their inboxes. However, in spite of the efforts of the government and lawmakers to make it easily understood for everyone, there still is confusion over what exactly does the CAN-SPAM Act does or doesn’t do. 

The US CAN-SPAM Act was created to stem the flow of unsolicited bulk email or spam as a form of commercial advertising, thereby trying to prevent the abuse of email addresses by shady online marketers.  Congress passed the law in 2003 after much debate, becoming effective on January 1, 2004.

In creating the law, Congress has set out basic guidelines for email marketers to follow:

1.       Email marketers should not mislead recipients as to the source or content an email

2.       People should be allowed to decline or unsubscribe from any email message from any source.

However, the CAN-SPAM Act does not restrict any business from sending an unsolicited email to another company for business purposes. However, it does mention that if a person wants to opt-out of receiving emails from a particular company, the business must comply.  Other guidelines are:

·         Any unsolicited messages must not have misleading subject headings.

·         All emails must have an unsubscribe or opt-out link that is valid for 30 days after the email is sent. If the receiver wants to opt-out, you have 10 days to comply with that demand.

·         All ads must be identified as commercial advertisements in the email.

·         Every advertising email that you send out, must have a physical mailing address clearly marked in the email.

·         You cannot sell or share email addresses of people who have unsubscribed from your list.

In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs email marketing practices in the country.  Enacted in 2004, the PIPEDA is different from the CAN-SPAM act in that it governs how personal information is distributed and managed online.  In brief, it states that:

·         Emails marketers must obtain permission from the recipient when collecting their personal information and must be kept secure once collected. 

·         Any data collected cannot be shared or sold to another party without express permission of the recipient.

·         A double-opt in signup method is required for Canadian residents. 

·         You are liable for any data collected and stored. If there is a data breach, you will be at risk for any damages occurred. 

·         Like the CAN-SPAM act, you must have an unsubscribe link in your email clearly indicated. 

For the typical B2B marketer, these regulations were not meant to be present a challenge. The purpose of both the CAN-SPAM and PIPEDA was to protect the consumer from any scams or phishing attacks that are commonly found in B2C campaigns.  As long as marketers observe the regulations set out by both countries, there should be no problem in sending out emails.

Canada’s New Anti-Spam Legislation – How does it affect your business?

Bill C-28, Canada’s anti-spam legislation, was recently passed and will come into effect later this year. While its intended target is deceptive forms of spam, Canadian small and medium sized businesses should be aware of the Act in order to ensure their compliance when contacting leads, networking and developing marketing campaigns. Here are highlights of the important aspects of Bill C-28 that you and your employees need to know:

Definition of Spam

Generally spam is considered to be mass, unsolicited email from unknown or unwarranted senders. However, the new legislation applies to the sending of “commercial electronic messages”, which can encompass email, instant or text messaging and social media messages and other forms that we may not consider to be spam. Many times information that is sent may not be considered to be spam by the sender, but can be viewed as spam by the recipient. It’s important to think of how the message will be received on the other end before sending.  Hopefully, the yet to be released regulations will provide some added details or thresholds to more readily define the scope of this term.

Expressed and Implied Consent

Electronic messages are not considered spam if the recipient consented to receive the message so it is important that you first determine whether or not you have approval from the recipient to send the message. Consent comes in two forms – express and implied.

Expressed consent, as defined in the Act, is what is known as “opt-in” consent, whereby the person or corporation expressly agrees to be contacted before any communication is sent. Usually this would come in the form of a newsletter subscription sign up, adding an email address to a written or electronic list, or checking a box to receive more information. This is a more viable option for business owners because it is less likely that an issue will be raised from those who have clearly indicated interest.

Implied consent has a broader use, which can actually be beneficial to marketers and small business owners, but could also pose to be harder to prove if any issue arises. According to the new Act, implied consent occurs when “[t]he person who sends the message, the person who causes it to be sent or the person who permits it to be sent has an existing business relationship or an existing non-business relationship with the person to whom it is sent;" (Bill C-28 Sec. 9a).

If a customer has purchased wares or services from your business with the past two years, there is considered to be an existing business relationship between you and your customer, which would be implied consent. There is no time limit on the relationship status if the customer has provided expressed consent for future contact. In terms of expressed and implied consent, it’s best to err on the side of caution and try to gain expressed consent for all users when possible.

Identification

Messages must clearly express to the recipient who the message is coming from, remaining consistent with the branding used when the recipient made initial contact with the company. There must not be any misleading information in the subject line that misrepresents the message or the sender.  All messages are required to include the active contact information and postal address of the sender.

Unsubscribe Option

Businesses who have an email newsletter must have an unsubscribe option clearly stated on each message so that users can easily halt future correspondence at any time. Some users may not know to use the unsubscribe link, so including contact information for your business is important to ensure that recipients are able to contact you in another form in order to be removed from the mailing list. If a client does contact you via other means to be removed from the list, unsubscribe the user manually and notify them of the removal immediately.

Tips for Small Businesses

If you have a newsletter sign up area on your website, make sure your database saves important information such as name and date of sign up – not just the email address - so that you are able to prove consent if a problem arises. Always give your customers your contact information in any messages sent as well as the option to “opt-out” or “unsubscribe” at any time. Customers should not be automatically placed in an email database, they must be able to choose whether or not they would like to receive information from you. Don’t bombard your customers with messages, it can easily frustrate your clients if their inbox is getting constantly filled with messages from you.  Setting up an account with email marketing software can ensure that your messages are compliant with the government rules. Senders who don’t comply with the new regulations can face serious fines, so make sure your messages are useful or informative to the user in some way, this will make customers look forward to your correspondence and make your database grow.

There will be more to come on this important topic when the regulations are released.

Overview of the Canada Not-For-Profit Corporations Act

Recently, a new law called the Canada Not-For-Profit Corporations Act ("CNPCA") came into effect aimed at eliminating unnecessary regulation and providing flexibility to the not-for-profit sector. The new legislation modernizes the corporate governance of not-for-profit corporations by promoting accountability, transparency and efficiency.

The Act in its entirety is lengthy and detailed so not-for-profits will have up to 3 years to transition into compliance. Below is a list of some of the Act’s more important provisions that may affect you and your not-for-profit.

Incorporation:

The process of incorporation has become more streamlined under the new Act making it faster and more efficient. Instead of submitting the letters patent and by-laws for review, incorporations now occur “as of right” upon submission of the signed articles of incorporation.

By-laws:

Before the Act was implemented Industry Canada required incorporating not-for-profits to prepare and submit by-laws governing corporate matters to be reviewed and approved at the time of incorporation.  Under the new legislation it is no longer necessary to draft and submit by-laws with the application for articles of incorporation. The new Act requires by-laws that deal with member issues only. 

Members:

Members’ rights are enhanced under the new Act. The new rights include: the right to submit a notice of proposal to request said proposal to be discussed during a members meeting; the right to request a meeting at any time; the right for non-voting members to vote separately from voting members on matters that impact membership rights; and the right to access corporate records to monitor board compliance.

Directors:

A director’s liability and standard of care are protected by the “due diligence” defence as understood in the common law duty of acting in honest and good faith. In this legislation specific liabilities are given to directors concerning payment and distribution to members, debt obligations, and wages payable to employees. However, directors who meet the standard of care are protected from liabilities through the “due diligence” defence under the new Act.

Financial Accountability:

The Act divides not-for-profit corporations into soliciting and non-soliciting corporations, which are subject to different regulations depending on which category your not-for-profit falls under. Your gross revenues are also dependent upon the rules and requirements for reporting under the new legislation.  

To facilitate the change, Industry Canada will not charge initial filing fees related to transitioning from the CCA to the NFP Act. To view the Act in its entirety, please click here.