Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Comparing CASL to CAN-SPAM


Published on

In this presentation, Denton's Margot Patterson, gives a snapshot comparison of CASL vs. U.S. CAN-SPAM Act. With an in-depth look at the objectives of the new legislation, the scope of the legislation, consent, disclosure, violations and enforcement, as well as the next steps for businesses with Canadian operations.

  • I'd advise you to use this service: ⇒ ⇐ The price of your order will depend on the deadline and type of paper (e.g. bachelor, undergraduate etc). The more time you have before the deadline - the less price of the order you will have. Thus, this service offers high-quality essays at the optimal price.
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ❶❶❶ ❶❶❶
    Are you sure you want to  Yes  No
    Your message goes here
  • Sex in your area is here: ❶❶❶ ❶❶❶
    Are you sure you want to  Yes  No
    Your message goes here

Comparing CASL to CAN-SPAM

  1. 1. Comparing CASL to CAN-SPAM Canada’s Anti-Spam Law Raising the bar for online business communications in North America By Margot Patterson Updated December 2013 Dentons Canada LLP 1
  2. 2. Comparing CASL to CAN-SPAM Canada’s Anti-Spam Law Raising the bar for online business communications in North America By Margot Patterson Updated December 2013 Dentons Canada LLP 2
  3. 3. Canada’s Anti-Spam Law (CASL) • CASL was enacted in December 2010. The majority of its requirements will enter into force on July 1 2014 • CASL is intended to promote e-commerce by deterring spam, identity theft, phishing, spyware, viruses, botnets, and misleading commercial representations online • CASL creates new offences, enforcement mechanisms and penalties to address these online threats
  4. 4. Canada’s Anti-Spam Law (CASL) • Canada is the last of the G-8 countries to introduce an over-arching law to combat spam, which continues to represent about 80% of all global e- mail traffic • Canada has distinguished itself in making its legislation tough: • Higher consent standards • Detailed content requirements • significant penalties: “Canada’s $10 million anti-spam law”
  5. 5. Comparing CASL to U.S. CAN- SPAM Act: A Snapshot
  6. 6. Comparing CASL to CAN-SPAM Some Similarities – both CASL and CAN-SPAM: • Are aimed at unsolicited online communications, and unfair/deceptive online practices • Require consent to send commercial electronic messages • Directly impact business communications with customers, prospective clients, and subscribers
  7. 7. Comparing CASL to CAN-SPAM Key Differences – CASL has: • Reach outside Canada • Subject to certain regulatory exceptions, CASL expressly applies to messages “accessed from a computer system in Canada”: message can be sent from outside Canada • Higher standard for consent • Opt-in (CASL) versus Opt-out (CAN-SPAM) • Broader application • CASL also applies to installation of computer programs • Higher penalties • $10 million maximum penalty for CASL contravention
  8. 8. Comparing CASL to CAN-SPAM The Implications: • More online activities will be caught by CASL • More activities affecting Canadians will be caught by CASL, even if initiated outside Canada • More steps will be needed under CASL to communicate online • Greater exposure to liability under CASL
  9. 9. Comparing CASL to CAN-SPAM Let’s Take a Closer Look at: • Objective of the legislation • Scope: Who, What, Where • Consent • Disclosure (Message Content) • Violations and Enforcement and… • Next Steps for Businesses
  10. 10. The Objective
  11. 11. The Objective: U.S. CAN-SPAM Act, 2003 U.S. Senator Ron Wyden (D-Ore.), October 22, 2003: "Today, the Senate has sent the message that the government is going on the offensive against kingpin spammers. Americans are tired of just watching and fretting over in-boxes clogged with unwanted e-mail, and this legislation is an important step toward giving them more control."
  12. 12. The Objective: CASL, 2010 The Honourable Tony Clement, Minister of Industry, May 25, 2010: “The proposed (legislation) is intended to deter the most damaging and deceptive forms of spam, such as identity theft, phishing and spyware, from occurring in Canada and to help drive spammers out of Canada.”
  13. 13. Scope: Who, What and Where
  14. 14. Scope: Who (Reach) CASL • (For spam) senders of “commercial electronic messages” • Potential vicarious liability: • Expressly includes directors, officers, agents or mandataries of a corporation • Expressly includes employers of employees acting within scope of employment CAN-SPAM • (For spam) senders of “commercial electronic mail messages” • Directors, officers, employers not referenced
  15. 15. Scope: What (Activities) CASL • Spam • Malware, spyware, botnets • Network re-routing • False or misleading representations online • Installation of computer programs • Address harvesting CAN-SPAM • Spam • Purely malicious spam (i.e. not “primarily commercial”) not covered • False/misleading transmission information (addresses aspects of network re-routing) • Installation of computer programs not covered • Address harvesting
  16. 16. Scope: What (Messages) CASL A “commercial electronic message” is: • An electronic message • including text, sound, • voice, image • Sent to an electronic address • including e-mail, IM, phone • or “any similar account” CAN-SPAM A “commercial electronic mail message” is: • An electronic mail message • email only
  17. 17. Scope: What (Messages) CASL A “commercial electronic message”: • Has as its purpose or one of its purposes… • considering message content, hyperlinks, or contact info… • to encourage participation in a commercial activity: • transaction, act or conduct of a commercial character • whether or not in expectation of profit CAN-SPAM A “commercial electronic mail message”: • The primary purpose of which is • commercial advertisement or promotion of a commercial product or service • Including content on a website operated for a commercial purpose • Excludes “transactional or relationship” messages
  18. 18. Scope: Where (Jurisdiction) CASL • Activities outside Canada • Spam: computer system in Canada used to send or access message • Software installation: computer system receiving the program in Canada (or if installer is in Canada, or operating under direction of person in Canada) • Altering transmission data: computer system in Canada used to send/route or access message CAN-SPAM • Activities outside U.S. • Not expressly addressed in CAN- SPAM Act • Considered case-by-case pursuant to conflict of laws rules • See: Facebook, Inc. v. Guerbuez, 2008 U.S. Dist. LEXIS 108921 (N.D. Cal. 2008) [enforced by Quebec Superior Court in 2010]
  19. 19. Consent
  20. 20. Consent CASL • CEMs can be sent if: • The CEM is exempted under CASL or the Regulation • Consent is not required under CASL • You have the express (“opt-in”) or implied consent of the recipient CAN-SPAM • CEMs can be sent unless: • The recipient opts out of future commercial email
  21. 21. Consent 00 Month 2013 Dentons Canada LLP Document reference # 21 Exempted CEMs – part 1 • Messages between organizations in a relationship, and the message concerns the activities of the Recipient organization • Inquiry or application to a person engaged in a commercial activity, and response to that inquiry or application • Messages within organizations • Message between individuals with personal or family relationship • Legal notices See also Industry Canada (Governor in Council) Regulations and government’s Regulatory Impact Analysis Statement
  22. 22. Consent 00 Month 2013 Dentons Canada LLP Document reference # 22 Exempted CEMs – part 2 • Electronic messaging services exempted from identification and contact information, unsubscribe requirements • Limited-access accounts where the only sender is the account provider (e.g. bank) • Sent from Canada to foreign state (list includes US, UK, Australia etc.) and message complies with applicable foreign law • Charity fundraising • Political parties or candidates soliciting contributions See also Industry Canada (Governor in Council) Regulations and government’s Regulatory Impact Analysis Statement
  23. 23. Consent CASL • Exceptions to the consent requirement: • Quote or estimate, requested by recipient • Facilitating, completing or confirming a pre-existing transaction • Warranty, product recall or safety/security information • Factual information regarding subscription, membership, account, loan • Ongoing information about recipient’s employment or benefit plan • Delivering a product, good or service, including updates/upgrades, as part of a transaction the recipient already agreed to CAN-SPAM • “transactional or relationship messages” are not CEMs: • Facilitating or confirming transaction that the recipient already has agreed to; • Warranty, recall, safety, or security information about a product or service; • Information about a change in terms or features or account balance information regarding a membership, subscription, account, loan or other ongoing commercial relationship; • Information about an employment relationship or employee benefits; or • Delivering goods or services as part of a transaction the recipient already agreed to
  24. 24. Consent CASL • Implied consent: • “Existing business relationship” with the recipient base on: • Business, investment or gaming opportunity with recipient within the previous two years • Inquiry from the recipient in the previous six months about the above • Written contract with the recipient, still in effect or expired within previous two years • Recipient has conspicuously published his or her electronic address, and message is relevant to his or her business role or function • Recipient has disclosed electronic address, and the message is relevant to his or her business role or function CAN-SPAM • Implied consent generally available for unsolicited messages, where the recipient has not opted out of receiving them
  25. 25. Consent 00 Month 2013 Dentons Canada LLP Document reference # 25 Consent is not required for “Third-Party Referrals” • Where there is an existing relationship* between a person (such as an agent or business), and an individual (such as an existing client) • The existing client refers a prospective client to the agent or person by providing the prospective client's electronic address information. • The existing client making the referral must have an existing relationship* with the prospective client. • Agent or business may send a single message to prospective client, • Must provide full name of the individual who made the referral • Must include the identification and unsubscribe requirements * personal, family, business, or non-business
  26. 26. Consent CASL • Getting express consent: • Purpose for the consent • Name • Mailing address, and either phone number, e-mail or web address • Statement that the person can withdraw consent • See CRTC Guidelines CAN-SPAM • No corresponding requirement since consent is generally “opt out”
  27. 27. Disclosure (Message Content)
  28. 28. Disclosure (Message Content) CASL The message must: • In message itself or via clear and prominent website link: • Identify the sender (including “sent on behalf of”); • Include mailing address, and either phone, email or web address; and • Include an unsubscribe mechanism • See CRTC Guidelines CAN-SPAM The message must: • Identify the sender (CAN-SPAM defines who designated “sender” is) • Include physical postal address • Include email address or other form of Internet-based communication to unsubscribe
  29. 29. Violations and Enforcement
  30. 30. Violations and Enforcement CASL • CRTC: primary enforcement agency, including administrative monetary penalties (AMPs) • Maximum penalty is $10 million for an organization, per violation • Relevant factors include purpose of penalty, nature & scope of violation, history, financial benefit, ability to pay • May enter into compliance undertaking with CRTC CAN-SPAM • FTC: primary enforcement agency, including administrative penalties • Each individual email in violation of CAN-SPAM is subject to penalties of up to $16,000
  31. 31. Violations and Enforcement CASL • Directors and officers’ liability / Employers’ liability • Importance of “due diligence”: • No liability where due diligence taken to prevent the violation CAN-SPAM • D&O and employers’ liability not expressly set out in legislation
  32. 32. Violations and Enforcement CASL • Private Right of Action (July 1, 2017) • For individual or organization affected by a contravention: can obtain court order for compensation • Acts or omissions (e.g. spam-related) • Remedies include compensation for loss or damage suffered or expenses incurred, and a maximum penalty of: • $200 per contravention of anti-spam; • max $1 million per day for spam, malware, spyware, message routing, PI harvesting, misrepresentation; and • max $1 million per act of aiding, inducing, procuring breach of spam, malware, spyware, message routing. • Class Actions? CAN-SPAM • Private Right of Action • No PRA for an individual • PRA available to a “provider of Internet access service”, “adversely affected by a violation” • Injunctive relief • Monetary damages for actual loss incurred • Statutory damages based on number of unlawful messages transmitted • PRA taken by ISPs, MySpace, FaceBook
  33. 33. Next Steps: for CASL
  34. 34. Next Steps: for CASL • Entry into force • Most provisions enter into force July 1, 2014 • Private right of action to enter into force July 1, 2017 • See “Next Steps for Doing Business in Canada” • Spam Reporting Centre • Will accept electronic messages, analyze trends in spam and other “threats to electronic commerce” • Education and Awareness Campaigns • To be conducted by CRTC, completed by July 1, 2014
  35. 35. Next Steps: for CASL New roles and responsibilities for three government agencies: • Canadian Radio-television and Telecommunications Commission (CRTC) • spam, malware, botnets, network re-routing • Competition Bureau • false/misleading representations online • Office of the Privacy Commissioner • address harvesting, dictionary attacks, spyware • (personal information)
  36. 36. Next Steps: for CASL • International Cooperation • CASL mandates the three agencies to share information and consult with their international equivalents, including FTC • Bulletins / Interpretive Guidelines • Many definitions and requirements remain broad and unclear in CASL and the regulations • CRTC has issued Information Bulletins on interpreting the Regulations, and on Opt-in Consent (“toggling”), although these are not legally binding • CRTC expected to issue Information Bulletins on other topics, including approach to enforcement
  37. 37. Next Steps: for Doing Business in Canada
  38. 38. Next Steps: for Businesses • Preparation Period – now to entry into force on July 1, 2014 • Three-year transition period where “existing business or non-business relationship” • implied consent where existing business or non-business relationship (and that relationship included CEMs) • In all cases, recipient can still withdraw consent at any time • Businesses must obtain express consent during the three-year transition period, to continue afterwards.
  39. 39. Next Steps: for Businesses • CASL Audit • Conduct an audit of online communications with clients, prospects, and third parties, including: • bulk email, automated messages, periodic client newsletters and updates • processes for installation of software updates/upgrades • CASL Checklist • Review above communications (e-mail, computer program installation) against CASL requirements: • available exceptions • consent, unsubscribe, and disclosure
  40. 40. Next Steps: for Businesses • CASL Policy should include: • Update your website and internal Privacy Policy • Update forms and procedures that document consent • Address unsubscribe requirements and timeframes • Update existing customer service processes • Include information/training for employees, management and Board of Directors • Address third-party contract requirements (limitation of liability, representations & warranties), including address rental • Consider insurance (traditional policies may not cover)
  41. 41. Next Steps: for Businesses • When operating in the North American market… meet both CASL and CAN-SPAM requirements
  42. 42. More Information 42 More Information on CASL: Questions? Margot Patterson (613) 783-9693
  43. 43. The preceding presentation contains examples of the kinds of issues companies dealing with Canada’s Anti-Spam Law (CASL) could face. If you are faced with one of these issues, please retain professional assistance as each situation is unique. Dentons Canada LLP 43