As business professionals operating in Canada, you and your business will soon be subject to Canada’s new “Anti-Spam Act”, expected to come into force later this year or early 2013. The new legislation will greatly impact how you and your businesses treat the sending of electronic messages that encourage participation in a commercial activity (“commercial electronic messages”) as well as other electronic threats to commerce.
In today’s increasingly technological society, it’s important for everyone to review this legislation and start evaluating your existing activities in order to prepare for compliance.
What are the main prohibitions?
The Anti-Spam Act (“the Act”) prohibits more than just spam. It regulates certain activities that discourage reliance on electronic means of carrying out commercial activities.
Under the Act, you are prohibited from:
- sending commercial electronic messages without the recipient’s consent (this includes email, social networking accounts, and text messages);
- altering transmission data in an electronic message, resulting in the message being delivered to a different destination without express consent;
- installing computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee;
- using false or misleading representations online in the promotion of products or services;
- collecting personal information through accessing a computer system in violation of federal law ; and,
- collecting electronic addresses by the use of computer programs or the use of such addresses, without permission (address harvesting).
The consent requirement
The most important thing to keep in mind is the consent requirement, and remember there is a “reverse onus” obligation included in the Act. If investigated, you must be able to prove you obtained consent, express or implied.
Consent is implied under the Act in some circumstances where there is an existing business or non-business relationship between the sender and recipient or the recipient has published or disclosed an electronic address without stating the wish to not receive unsolicited messages. However, once the Act comes into force, there is a 3-year transitional period where implied consent with respect to these pre-existing relationships will only remain for 3-years if the recipient does not give notice that they retract consent.
All commercial electronic messages are also required to identify the sender, provide his or her contact information, and include an unsubscribe mechanism that can be readily performed by the recipient to indicate the wish to no longer receive any further commercial electronic messages.
Steps to protect your business
Don’t be caught unaware. This is an Act you want to take seriously.
You could be fined up to $1 million per violation as an individual, or up to $10 million per violation as a business entity.
Below are some tips to help you prepare:
- Determine which of your electronic communications would fall under “commercial electronic messages” and be caught by the Act.
- With respect to communications caught by the Act, review your database of contacts in order to determine whether consent will be required for future communications.
- Establish procedures for obtaining recipients’ express consent to receive electronic communications.
- Establish procedures to maintain lists of recipients who have given an implied consent, including removing recipients when implied consent expires (usually after two years, but subject to the transitional provisions).
- Prepare forms of communications to comply with the Anti-Spam Act so that they include all of the requisite information and the unsubscribe mechanism.
For more information on the Anti-Spam Act, visit www.fightspam.gc.ca.