Spam emails—everyone receives them, no one particularly likes them. Some of  us delete them. Some of us simply ignore them. But, are they such a problem that  requires all Canadian businesses, big or small, to overhaul how they communicate  with their customers and potential customers?—You be the judge.

In December 2010, the Canadian government enacted An Act to promote  the efficiency and adaptability of the Canadian economy by regulating certain  activities that discourage reliance on electronic means of carrying out  commercial activities, and to amend the Canadian Radio-television and  Telecommunications Commission Act, the Competition Act, the Personal Information  Protection and Electronic Documents Act and the Telecommunications Act.  Quite a mouthful (try saying it out loud…). It is more commonly referred to as  the “Anti-Spam Legislation”, although I would argue that name  is misleading. That is because the Act targets all electronic communications  that are unsolicited. That is why I rather refer to it as the “Anti-Solicited  Communications Act”.

The Act has not yet come into force. Although there is no set date, it is  anticipated to come into force sometime in 2014. It is therefore important that  all Canadian businesses become familiar with the Act and begin preparing for it  now.

Commercial electronic messages

The Act prohibits anyone from sending a “Commercial Electronic Message” (“CEM”), unless the receiver of the CMN had given his or her consent to  receiving it. The CEM is any form of electronic message (including email, text  and voicemessage) sent for the purpose of encouraging participation in a  commercial activity.

Unlike in the U.S. and other countries, where anti-spam legislation creates  an “Opt out” requirement, the Canadian Act creates an “Opt in” requirement. This  means that you cannot send a CEM, unless the person to whom the CEM is sent had  previously given his or her consent to receiving CEMs from you. But here is the  catch—sending an email requesting someone’s consent to receive CEMs is  considered a CEM, and is therefore prohibited!

In addition to seeking consent, the sender must also include very specific  identifying information in each and every CEM, including: the sender’s name and  business name, mailing address and telephone numbers, email or web address. The  CEM must also include an “unsubscribe” mechanism—allowing the receivers of the  CEM to indicate that they do not wish to receive any further CEMs from the  sender.

The Act provides limited circumstances when consent can be implied. Consent  is implied when the sender and receiver have an “existing business  relationship”, which is narrowly construed. For example, in the case of a  business to customer CEM, consent is implied when that customer had purchased a  product or service from the business in the 2 years preceding the sending of the  CEM. So, for example, if a customer buys a product from your business, your  business cannot continue to send CEMs to that customer 2 years after the sale,  unless it has received express consent to do so.

There are limited exceptions to the requirement to obtain consent. Those  include messages sent to someone with whom the sender has an existing personal  or family relationship and messages sent from a computer outside of Canada. The  latter exception may be jurisdictionally justified (i.e., the Canadian Act  cannot regulate someone outside of Canada), but it means that the problem the  Act is meant to address (i.e., annoying spam) is likely not to be resolved, as a  significant portion of spam originates outside of Canada.

Liability for violations of the Act – be afraid… be very  afraid

The liability imposed for sending a CEM without consent is significant. An  individual who violates the Act’s prohibition against CEMs can face a fine of up  to $1,000,000 and a corporation can face up to $10,000,000, for each CEM sent.  There are also potential fines for directors and officers of a corporation that  violates the Act.

In addition, the Act allows a person who receives a CEM in breach of the Act  to bring a civil action against the sender, creating the possibility for a whole  new slew of class actions.

Compliance with the Act

So what is a Canadian business to do if it wishes to send out CEMs to its  customers or potential customers? It should send out consent requests before the  Act comes into force (now!), or, at the latest, during the 3 year transition  period after the Act comes into force.

It should also put into place policies and procedures for complying with the  Act and educate its employees and management on those policies. Those policies  and procedures would defer from company to company, depending on the line of  business they are in, their marketing strategies and the form in which they  communicate with customers and potential customers. I recommend that you consult  with a lawyer specializing in the area when preparing those compliance  policies.

The most full-proof way of avoiding violating the Act is by reverting back to  sending correspondence and marketing materials through that antiquated system we  call regular mail (what?!). If anything, this Act is bound to boost Canada  Post’s revenues significantly.

That being said, if I had to choose between receiving email spam or mail spam  (i.e, those flyers that regularly fill my recycling bin), I choose the former.  At least no trees were harmed in their making. But, that’s just me.

To be continued…

The Act does not only prohibit spam. It also regulates other computer related  activities, such as hacking, the installation of viruses and malware, and the  violation of online privacy.