Your SlideShare is downloading. ×
0
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Five good ideas anti spam law
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Five good ideas anti spam law

1,275

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,275
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. FIVE GOOD IDEAS REGARDING CANADA’S NEW ANTI-SPAM LAW March 21, 2014
  • 2. INTRODUCTION Document # 21888271. 2
  • 3. CASL Overview – 5 Key Points – Covers any electronic message that has a commercial purpose – You need to get express consent from a person to send such a message – You need to include an unsubscribe option in all such messages even if you have consent – Law comes into force July 1 2014 – Penalties are big Document # 21888271. 3
  • 4. 1) COMMERCIAL ELECTRONIC MESSAGE Document # 21888271. 4
  • 5. What is an Electronic Message – CEMs include emails, tweets, text messages, website interactions, other electronic communications (including voice) and include requests for consent – Currently, telephone communications (2-way voice, fax and automated calls) are exempted from CASL and are governed only by the Do Not Call rules Document # 21888271. 5
  • 6. CEM: Is the message being sent to an electronic address? – Included (private messaging): – Direct message (DM) tweets – Facebook chat, Facebook messages – Likely excluded (broadcast-style): – Updates to a subscribed RSS feed – Tweets posted to your own twitter stream – Posts to a Facebook wall Document # 21888271. 6
  • 7. What is a “Commercial” activity? – “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit.” Document # 21888271. 7
  • 8. 2) CONSENT Document # 21888271. 8
  • 9. Mandatory Consent Requirements – Consent from the recipient of the CEM must be express consent given on an opt-in basis – This means that consent cannot be implied or “read-in” and recipients must actively give consent Document # 21888271. 9
  • 10. CRTC Guidelines - Express Consent NO PRE-CHECKED BOXES “The Commission… considers that a default toggling state that assumes consent cannot be used as a means of obtaining express consent under the Act for the purposes of sending CEMs” CRTC Comment: pre-checked boxes not acceptable even if person must click icon to accept/submit 10 Document # 21888271.
  • 11. CRTC Guidelines – Express Consent – May be either oral or in writing. CRTC guidelines: – Example: oral consent OK if it can be verified by an independent third party or if an audio recording of consent is maintained – Example: written consent OK if record maintained of date, time, purposes, and manner of the consent, stored in a database 11 Document # 21888271.
  • 12. CRTC Guidelines – No Bundling – CRTC regulations: consent for each activity must be “sought separately” but guidelines clarify that it doesn’t mean for each instance (e.g., per email); rather, for each type of activity: o Sending CEMs / Altering transmission of data / Installing computer programs – No bundling: requests for consent contemplated above must not be subsumed in, or bundled with, requests for consent to the general terms and conditions of use or sale. Document # 21888271. 12
  • 13. CRTC Guidelines – No Bundling Document # 21888271. 13
  • 14. CRTC Guidelines – Express Consent – CRTC Comments: – Only need to obtain consent once and unless revoked, the consent remains valid – No need to provide receipt of consent (though it would be helpful as evidence that consent was received) – Requests for consent made prior to the CASL in-force date do not need to comply with the specific form and content requirements but would still need to represent “express consent” 14 Document # 21888271.
  • 15. Requests for Express Consent – Content and Form – The request must include: – Purpose(s) – Identify requester, any principal and relationship (e.g. client and email provider) – Any other business names that requestor might use – Contact information (street address and one of: telephone number, email address, web address) – That person can withdraw consent 15 Document # 21888271.
  • 16. Requests for Express Consent – Content and Form – The Act does allow you to seek consent on behalf of unnamed people (i.e. you may name a class of person such as “suppliers to McMillan”) – In that case you only need to provide the mandatory content information for the party requesting the consent – But there are special unsubscribe requirements 16 Document # 21888271.
  • 17. 3) CONTENT Document # 21888271. 17
  • 18. Mandatory Content Requirements All CEMs must include: – Sender’s identity and contact information – Readily-usable “unsubscribe” mechanism which must remain operative for 60 days from the date of the message Document # 21888271. 18
  • 19. CEM Content ─ Sender Contact Information – All CEMs must clearly and prominently disclose: – Identity of sender and, if applicable, sender’s principal (e.g. client) – Description of relationship between sender and principal (as applicable) – Any carrying-on-business names to be used in CEMs – Contact information for sender and principal (as applicable): – mailing address, and – one of: • telephone number with active response voicemail • email address • web address 19 Document # 21888271.
  • 20. CRTC Guidelines ─ Sender Contact Information – Identification of sender – No need to include prescribed information for intermediaries if they act only as intermediary and have no role in the CEM content or choice of recipients – If a CEM is sent on behalf of multiple persons (e.g., multiple affiliates of a company), all such persons must be identified 20 Document # 21888271.
  • 21. CEM Content – Unsubscribe Mechanism 1. Must be set out clearly and prominently to enable recipient to request removal from CEM list, as sent by sender or its principal 2. Using same or, if that is not practical, other equivalent electronic media as the CEM 3. Must provide electronic address or a link to a web page, to which unsubscribe message may be sent 4. Address/web page must be valid for 60 days 5. Sender/principal must give effect to unsubscribe request within 10 business days 21 Document # 21888271.
  • 22. CRTC Guidelines ─ Unsubscribe Mechanism – Unsubscribe mechanism – CRTC guidance: – “readily performed” means “accessed without difficulty or delay, and should be simple, quick and easy for the consumer to use” – “an example of an unsubscribe mechanism that can be readily performed is a link in an email that takes the user to a web page where he or she can unsubscribe from receiving all or some types of CEMs from the sender.” 22 Document # 21888271.
  • 23. CRTC Guidelines ─ Unsubscribe Mechanism – Example of unsubscribe: 23 Document # 21888271.
  • 24. CRTC Guidelines ─ Unsubscribe Mechanism – CRTC Comment: – Not required to provide unsubscribe for ALL messages, only CEMs – Permitted to offer granularity to unsubscribe from all CEMs or some types of CEMs e.g. option to unsubscribe from all CEMs, product updates, weekly email newsletters 24 Document # 21888271.
  • 25. CRTC Guidelines ─ Unsubscribe Mechanism Document # 21888271. 25
  • 26. 4) EXEMPTIONS AND EXCEPTIONS Document # 21888271. 26
  • 27. A) Exemptions From All Content and Consent Requirements Document # 21888271. 27
  • 28. Exemptions from All CEM Requirements – Consent, content and unsubscribe requirements do not apply to CEMs: a) sent within family or personal relationships b) that make an inquiry or application sent to a business, or c) other categories as may be prescribed Document # 21888271. 28
  • 29. Personal Relationship Exemption – Family relationships are exempt – Defined as a relationship between two people related through a marriage, common-law partnership, or any legal parent-child relationship, who have had direct, voluntary two-way communications Document # 21888271. 29
  • 30. Personal Relationships – Friends are exempt – Defined as relationship between sender and recipient that involves direct, voluntary, two-way communications where it is reasonable to conclude that the relationship is personal Document # 21888271. 30
  • 31. Exemptions to All CEM Requirements – Consent, Content and Unsubscribe mechanisms do not apply to CEMs sent: a) Intra-Business: by an employee, representative, contractor or franchisee of the organization to another such person and that concern the activities of the organization b) Inter-Business: by an employee, representative, contractor or franchisee of the organization to an employee, representative, contractor or franchisee of another organization if the organizations have a relationship and the CEM concerns the activity of the organization to which the message is sent Document # 21888271. 31
  • 32. Exemptions to All CEM Requirements – Consent and Content requirements do not apply to CEMs that are: c) Requests, Inquiries or Complaints: in response to a request, inquiry or complaint or otherwise solicited by the person to whom the CEM is sent d) Legal rights: to satisfy a legal obligation or enforce or provide notice of existing or pending legal rights e) Sent and received using an electronic messaging service (e.g. social media platform) that meet certain requirements f) Sent within closed messaging systems which contain limited access, or secure and confidential accounts (e.g. secure portals, online banking messaging centre) Document # 21888271. 32
  • 33. Exemptions to All CEM Requirements – Consent and Content requirements do not apply to CEMs that are: g) Foreign jurisdictions: by a person who reasonably believes the CEM will be accessed in a foreign state where the CEM conforms to the foreign state’s law that addresses substantially similar conduct to that prohibited under CASL h) Registered charities: by or on behalf of a registered charity and the primary purpose of the CEM is to raise funds for the charity i) Political candidates or organizations: by or on behalf of a political party, organization, or candidate for publicly elected office and the message has as its primary purpose soliciting a contribution Document # 21888271. 33
  • 34. B) Exemptions to Consent Requirements Document # 21888271. 34
  • 35. Exceptions to the Consent Requirements – Consent is not required (BUT the Content requirements still apply) if a CEM solely: a) Provides a quote or estimate requested by the recipient b) Confirms a commercial transaction among the parties; c) Provides warranty, recall, safety or security information for product/service previously purchased; Document # 21888271. 35
  • 36. Exceptions to the Consent Requirements – Consent is not required (BUT the Content requirements still apply) if a CEM solely: d) Notifies of factual information relating to the ongoing use or purchase of a product, good or service under an established relationship; e) Provides information relating to an ongoing employment relationship, including a benefit plan; f) Delivers a product, good or service including product updates/upgrades; or g) Is sent as a result of a third-party referral (one time exception) Document # 21888271. 36
  • 37. New Referral Exemption – Exception to the consent requirement only (content rules still apply) – For first CEM sent by an individual following a referral by another individual who has a relationship (business, non-business, personal, family) with the sender and with the recipient – Permits business persons/professionals to follow- up on referrals Document # 21888271. 37
  • 38. Implied Consent – Specifically defined (i.e. is not open-ended, content still required) – Exists only: – If sender and recipient have an existing business relationship or existing non-business relationship – If recipient has published conspicuously the email address to which a message may be sent, without including that it does not want to receive commercial emails – If a person has given you the email address with no restrictions Document # 21888271. 38
  • 39. Implied Consent – “Existing business relationship” and “existing non- business relationship” are defined terms – Essentially, any relationship not more than 2 years old, or a (business) inquiry within the last 6 months – The implied consent for the business card referral lasts until it is withdrawn Document # 21888271. 39
  • 40. Is there Valid Consent? – Can a conference organizer contact me to promote an upcoming event on privacy law? – Can a women’s rights organization contact me to speak about Leadership among Women? – Can a third party marketer contact me to sell security systems to McMillan? Document # 21888271. Sharon E. Groom Partner, d 416.865.7152 | f 416.865.7048 Email: sharon.groom@mcmillan.ca 40
  • 41. Transitional Provisions – Extend the time periods for implied consent for all existing business and non-business relationship to July 1, 2017 if on the date CASL comes into force there exists such a relationship, without regard to the time period otherwise applicable, and the relationship includes CEMs – This means that any relationship that includes CEMs and exists now or at any time in the past will qualify – however, onus is on the sender to prove it Document # 21888271. 41
  • 42. 5) PENALTIES AND LIABILITIES Document # 21888271. 42
  • 43. Penalties Administrative monetary penalties of up to $1,000,000 (individuals); $10,000,000 (companies/organizations) per violation Violations can be addressed via an undertaking Directors and officers liable for violations if they directed, authorized, assented to, acquiesced or participated Employers are responsible for acts of their employees Due diligence defence Document # 21888271. 43
  • 44. Private Right of Action – Comes into effect July 1, 2017 (Will the private right of action apply to pre-July 1, 2017 CASL violations?) – A person affected by a breach can seek compensation through the courts – Court can order compensation equal to the loss or damage suffered and expenses incurred plus up to $200 per violation to a maximum of $1,000,000 per day – Not available if an undertaking has been agreed to or notice of violation issued – Same factors taken into account as with violations – Due diligence defence Document # 21888271. 44
  • 45. 6) NEXT STEPS: COMPLIANCE CHECKLIST Document # 21888271. 45
  • 46. 1. Use internal survey to gather information from your employees on existing databases 2. Conduct an inventory of email contacts – categorized by:  Nature of e mails sent to that person  Existing customer/prospect/donor relationships  Express consent  Received contact information publically with no restrictions (i.e. Business cards) 3. Determine compliance strategy – whether to rely on exemptions/implied consents vs. express consent 4. If to rely on exemptions etc., upgrade databases by CASL categories Compliance Checklist Document # 21888271. 46
  • 47. 5. If will seek express consent, develop strategies for capturing (e.g. email response, website sign up, applications, agreements, email policies) and initiate email opt-in consent program immediately (i.e. prior to Act coming into force) 6. Develop consent request template 7. Develop CEM template 8. Develop CASL compliance procedures, policies, and controls including for third party service providers 9. Conduct training Compliance Checklist Document # 21888271. 47
  • 48. 7) SUMMARY Document # 21888271. 48
  • 49. Summary – New legislation comes into effect July 1, 2014 and it affects all commercial electronic messages – You need express consent to send any CEM – Need to provide mandated information in each CEM including an unsubscribe option – There are exceptions to express consent and mandatory content, but they are limited – Start thinking about your CASL compliance program now! Document # 21888271. 49
  • 50. For further Information please contact: Sharon E. Groom Direct: 416.865.7152 Sharon.groom@mcmillan.ca McMillan LLP Brookfield Place 181 Bay Street, Suite 4400 Toronto, Ontario M5J 2T3 Document # 21888271. 50

×