• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Anti-Spam 101: Risks and Implications for Businesses - Complying with the new Anti-Spam Law

Anti-Spam 101: Risks and Implications for Businesses - Complying with the new Anti-Spam Law



Canada's New Anti-Spam legislation is intended to deter damaging and deceptive forms of spam, such as identity theft, phishing and spyware from occuring in Canada. In this presentation, FMC's Margot ...

Canada's New Anti-Spam legislation is intended to deter damaging and deceptive forms of spam, such as identity theft, phishing and spyware from occuring in Canada. In this presentation, FMC's Margot Patterson gives an in-depth look at the legislation including: risks and implications for business, the scope, reach and liability of the liability of the legislation, regulations, software installation, violations and enforcement as well as a look at where the legislation is headed and what that means for your business.



Total Views
Views on SlideShare
Embed Views



5 Embeds 99

http://www.fmc-law.com 64
http://staging-en.fmc-law.com 25
http://content.snrdenton.com 8
http://paper.li 1
http://twitter.com 1


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Anti-Spam 101: Risks and Implications for Businesses - Complying with the new Anti-Spam Law Anti-Spam 101: Risks and Implications for Businesses - Complying with the new Anti-Spam Law Presentation Transcript

    • Anti‐Spam 101: Risks and Implications for Businesses Complying with the new Canadian Anti‐Spam LawPresented by: Margot PattersonOctober 19, 2011 1
    • Minister of Industry, the Honourable Tony Clement, May 25, 2010: The proposed (legislation) is intended to deter the most  damaging and deceptive forms of spam, such as identity theft,  phishing and spyware, from occurring in Canada and to help  drive spammers out of Canada. 2
    • CASL:  Key Topics1. Risks and implications:  scope, reach, and liability2. Anti‐Spam3. Software Installation4. Violations and Enforcement5. Next steps 3
    • Risks and Implications 4
    • Risks and Implications:  Scope• Spam• Malware and botnets• Network re‐routing• False or misleading representations online• Address harvesting• Spyware 5
    • Risks and Implications:  Reach• Who: – Directors, officers, agents or mandataries of a corporation – Employees acting within scope of employment• Where: – Activities outside Canada • Spam:  computer system in Canada used to send/access message • Software installation:  computer system receiving the program in  Canada (or if installer is in Canada or operating under direction of  person in Canada) • Altering transmission data: computer system in Canada used to  send/route or access message 6
    • How CASL compares to U.S. Can‐Spam• Broader application• Greater territorial reach • Higher standard for consent• Higher penalties 7
    • Risks and Implications:  Liability• Administrative monetary penalties (AMPs) • Vicarious liability• Private right of action 8
    • Anti‐Spam 9
    • Anti‐Spam• A word on the regulations: – CRTC Regulations:  parameters for CEMs (plus functions of computer  programs) – Industry Canada Regulations:  personal and family relationships, memberships, conditions for use of consent 10
    • Anti‐Spam• What is a “commercial electronic message”? – Electronic message  •including text, sound, voice, image – Electronic address  •including e‐mail, IM, phone or “any similar account” – Encouraging participation in a commercial activity •Transaction, act or conduct of a commercial character – Whether or not in expectation of profit 11
    • Anti‐Spam• CEMs can be sent if: – You have the express or implied consent of the recipient,  or if consent is not required under CASL  and the message: – Identifies the sender (including “sent on behalf of”); – Includes the required contact information; and – Includes an unsubscribe mechanism 12
    • Anti‐Spam• Some exceptions to the consent requirement: – Message between individuals with personal or family relationship – An inquiry or application to a person engaged in a commercial activity  – Quote or estimate, requested by recipient – Facilitating, completing or confirming a pre‐existing transaction – Warranty, product recall or safety/security information  – Factual information regarding subscription, membership, account, loan – Ongoing information about recipient’s employment or benefit plan – Delivers a product, good or service, including updates/upgrades 13
    • Anti‐Spam• Implied consent: – Commercial transaction with the recipient OR – Business, investment or gaming opportunity with recipient within the previous two years – Inquiry from the recipient in the previous six months about the above – Written contract with the recipient, still in effect or expired within  previous two years – Recipient has conspicuously published his or her electronic address,  and message is relevant to his or her business role or function – Recipient has disclosed electronic address, and the message is relevant  to his or her business role or function 14
    • Anti‐Spam• Getting express consent: – Purpose for the consent – Name  – Address, phone number, e‐mail and web address  – Unsubscribe statement …subject to the CRTC regulations 15
    • Anti‐Spam• What disclosure is required? – Include in all CEMs • In message itself, or clear and prominent one‐click link – Sender – Contact information – Unsubscribe  16
    • Anti‐Spam• Sending messages “on behalf of” partners – When is a message “on behalf of” another? – Best practices – Requirements for partner CEMs 17
    • Software Installation  18
    • Software Installation• Rule of thumb: no installation without consent• A few exceptions:  – Cookie  – HTML code – Java Scripts – an operating system – update/upgrade to a program previously installed with express consent 19
    • Software Installation: Consent• “Minimum disclosure” – set out:  – the purpose for the consent, i.e. “to install [name of software]”; and – a notice containing: • name, address, customer service phone number, email address  and web address; and  • a statement that the user can withdraw consent by using the  above contact information; and – a general description of the program’s function and purpose 20
    • Software Installation: Consent • “Enhanced disclosure” where program does the following,  contrary to reasonable expectations: – Collects personal information;  – Interferes with controls;  – Changes/interferes with settings, preferences or commands; – Changes/interferes with data;  – Causes the computer system to communicate with another system  or device without the user’s permission; or – Installs a program activated by a third party 21
    • Software Installation: Consent… “Enhanced disclosure”:• Describe program’s material elements, foreseeable impact.   – User must agree in writing. • Caution:  repercussions for inaccurate description 22
    • Violations and Enforcement 23
    • Violations and Enforcement• CRTC:  primary enforcement agency, including AMPs – Maximum penalty is $10 million for an organization, per violation.  – Relevant factors:  • purpose of the penalty • nature and scope of the violation  • history of violations • financial benefit obtained from the violation • ability to pay 24
    • Violations and Enforcement• Directors and officers’ liability / Employers’ liability• Importance of the “due diligence” defence – No liability where due diligence taken to prevent the violation. 25
    • Violations and Enforcement• Private Right of Action – For an individual who has been affected by a contravention, to obtain  a court order for compensation – Acts or omissions (e.g. relating to spam)  – Remedies include compensation for loss or damage suffered or  expenses incurred, and a maximum penalty of:  • $200 per contravention of anti‐spam;  • max $1 million per day for spam, malware, spyware, message routing, PI  harvesting, misrepresentation; and • max $1 million per act of aiding, inducing, procuring breach of spam,  malware, spyware, message routing.  – Class Actions?  26
    • Next Steps 27
    • Next Steps:  for CASL• Regulations• Entry into force• New roles and responsibilities for:  – CRTC – Competition Bureau – Office of the Privacy Commissioner• Domestic and International Cooperation• Spam Reporting Centre• Bulletins / Interpretive Guidelines? 28
    • Next Steps:  for Businesses• Three‐Year Transition Period – For three years after entry into force of anti‐spam and computer  program update/upgrade provisions: • Implied consent where existing business or non‐business relationship – In all cases, recipient can still withdraw consent at any time – Businesses must obtain express consent during the three‐year  transition period, to continue afterwards. 29
    • Next steps – for Businesses• CASL Audit – Conduct an audit of online communications with clients, prospects,  and third parties, including: • processes for installation of software updates/upgrades; • bulk email, automated messages, periodic client newsletters and updates• CASL Checklist – Develop a CASL checklist applicable to activities (e‐mail, software  installation):  • consent, unsubscribe, and disclosure requirements  • available exceptions 30
    • Next steps – for Businesses• CASL Compliance Policy should: – Cover off forms and procedures that document consent; – Cover unsubscribe requirements and timeframes; – Set out required information for software update/upgrade installation; – Update existing customer service processes; – Include information/training for employees, management and Board of Directors;  – Address third‐party contract requirements (limitation of liability,  representations & warranties)• Consider Insurance  31
    • Thank You.  Questions?Margot Pattersonmargot.patterson@fmc‐law.com(613) 783‐9693
    • The preceding presentation contains examples of the kinds of issues companies dealing with anti-spam could face.If you are faced with one of these issues, please retain  professional assistance as each situation is unique.