Successfully reported this slideshow.

e-Marketing Policy-Building Workshop


Published on

Presentation from IAPP Canada 2011 Conference.

Presented by Shaun Brown - (, and Matthew Vernhout (

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

e-Marketing Policy-Building Workshop

  1. 1. e-Marketing Policy-Building Workshop Shaun Brown – nNovation LLP Matthew Vernhout – Transcontinental Interactive IAPP Canada Privacy Symposium May 4-6, 2011
  2. 2. Roadmap1. Why this matters2. Brief overview of requirements under CASL, Competition Act and PIPEDA3. Practical implementation issues4. Key considerations in developing e-marketing policies
  3. 3. Why e-marketing policy matters: legal• CASL applies to anyone who sends, causes, permits, aids, induces, or procures a CEM to be sent.• Vicarious liability for employees and agents• Liability for officers/directors of corporations• Significant penalties: – Administrative monetary penalties (AMPs) of up to $10 million per violation – Private right of action allows any person affected by a violation to sue for actual and statutory damages• Privacy legislation applies to use of electronic addresses
  4. 4. Why e-marketing policy matters: non-legal• Protecting your brand and relationship with customers• Delivering campaigns that are effective• Protecting your relationship with partners• Deliverability
  5. 5. Canada’s Anti-Spam Legislation (CASL)• Establishes permission-based regime for sending commercial electronic messages (CEM)• Applies to any message sent from or accessed by a computer located in Canada (applies to American senders!)• More than email: IM; SMS; social media; etc.• Voice, fax currently excluded (covered by DNCL)• Competition Act amendments: False and misleading information (content, sender info, locators)• PIPEDA amendments: address harvesting; dictionary attacks; collection of personal information through unauthorized access to a computer systems
  6. 6. Commercial Electronic Message• Broadly defined to include any message with any semblance of commercial activity – Product or service – Business opportunities – Promotes an individual who does any of the above• Message to request consent deemed to be CEM
  7. 7. Three primary rules1. Consent (express or implied)2. Identification3. Unsubscribe
  8. 8. 1. Consent: exemptions• Family or personal relationship (to be defined in regs)• Business inquiry
  9. 9. 1. Consent: no consent required• Quotes or estimates, if requested• Facilitates commercial transaction• Warranty or safety information• Information about ongoing subscription, membership, etc.• Information related to employment relationship or benefit plan• Delivers good or service *Other requirements still apply
  10. 10. 1. Consent: implied consent• Consent is deemed in four circumstances: 1. Existing business relationship 2. Existing non-business relationship 3. Conspicuous publication of electronic address 4. Recipient has disclosed electronic address to the sender• No implied consent for referrals• In most cases implied consent last for 2 years – window of opportunity to obtain express consent• Transitional period for implied consent – 3 years for existing bus and non-bus rel’ps at coming into force
  11. 11. 1. Consent: checklist1. Does section 6 apply (see exemptions)?2. If so, do I need consent (other requirements still apply)?3. If not, can I rely on implied consent?4. If not, how do I obtain express consent?
  12. 12. 2. Identification• Identify sender as well as person on whose behalf message is sent – Provide postal address• Contact information for either of above
  13. 13. 3. Unsubscribe mechanism• Must be functional for 60 days• No cost• Same means unless impracticable• Include either electronic address or link• Must process without delay (no messages sent after unsub sent)
  14. 14. Defining “sent”• Message is sent once transmission has been initiated• Does not matter whether – Message reaches destination – electronic address exists
  15. 15. EnforcementCombination of public and private enforcement:1. Regulatory enforcement – including administrative monetary penalties (AMPs) – Administrative as opposed of criminal2. Private Right of Action
  16. 16. Protection for ‘honest mistakes’1. Undertakings & Compliance (s.21) – At any time – Restricts other action (notice of violation and statutory damages under PRA)2. Due Diligence Defence and Common Law Principles (s.33) – Cannot be found liable – Justification or excuse consistent with the Act3. Factors to be Considered re: AMPs (s.20) – Nature and scope of violation – Financial benefit – Any relevant factor
  17. 17. Interaction with PIPEDA• E-marketing already captured by PIPEDA; CASL creates more specific rules• PIPEDA additionally applies to: – Sale and purchase of personal information (e.g., email addresses) – Failure to properly secure personal information (think about recent ESP data breaches) – Collection of personal information for purposes of targeting
  18. 18. Express consent: requirements• Must clearly explain purposes – E.g., “I would like to receive emails about offers from [company]”.• Sender must identify themselves when obtaining consent (and other(s) where applicable)
  19. 19. Express consent: considerations• What is “express” consent? – Opt-in vs. Opt-out; single opt-in, notified opt-in, double opt-in• Best practice: double opt-in• Also, think about reminding recipients why they are receiving your messages
  20. 20. Building your list: risky ideas• Purchasing• Email append• Rental without assurance that lists are in compliance• If it sounds too good to be true....
  21. 21. Leveraging your (others) list• Renting not necessarily a violation, but potentially risky• There are proper ways to send third party offers to your (others) subscribers• Considerations – Relevance – Ensuring subscribers know who is sending – Consent allows for third party offers; e.g. “I would like to hear about offers from [company] and its partners.”
  22. 22. Organic growth is key• Organic growth allows you to control your lists to be sure they are compliant• 3 common ways to gain subscribers: – Online registration/sale – Inbound call centers – In-store points of sale• Take advantage of interactions with your brand• Implied consent provisions can be useful, but obtain express consent up front
  23. 23. Other tactics• Sweepstakes• Print/television/radio• Forwarding (FTAF, SWYN)
  24. 24. Forwarding (FTAF, SWYN)• Offering incentives to forward could result in liability – Section 9: is prohibited to aid, induce, procure or cause to be procured the doing of any act contrary to section 6• Impose limits on forwards (how many, to whom) – Exemption under 6(5): CASL does not apply to messages sent between people with personal or family rel’p• Share to social – does CASL apply? – CASL only applies to CEM sent to an electronic address
  25. 25. B2B considerations• No general exemption for B2B• Implied consent: – Conspicuous publication – Recipient discloses electronic address to sender• Relevance will be a key issue• Electronic addresses from web must be collected manually (address harvesting prohibited)
  26. 26. What about existing subscribers?• Good time to consider quality of existing lists• Do you have evidence of express consent?• If express consent is required, get creative – Response to reconfirmation messages low – Offer incentives, new campaign features, etc.
  27. 27. Unsubscribe - considerations• Applies once the unsub is sent, not received• Must be implemented without delay, i.e., no messages can be sent after an unsubscribe is sent• Pros and cons of allowing people to reply directly to message as well as link to unsub – Will have to ‘eat’ spam – Miss out on opportunity to ask why
  28. 28. ePrivacy Policies• Key considerations – Length of and complexity of your policy – Consider the language used based on your audience• Include vendor and third parties that you work with and the types of data shared
  29. 29. Analytics• List your current analytics program – Google Analytics, AWStats, etc…• List what you track – Pages, time on site, What brought you to the site, etc…• List what you don’t track – IP address, etc…
  30. 30. Other considerations• Responsibility for the actions of marketing dep’t• Upper mgmt should be involved in developing policies• Be clear about what marketing dep’t is authorized to do• Incentives for marketing dep’t
  31. 31. E-marketing policies: summary• Agreements with 3rd parties – Affiliates – Email service providers• Focus on more than just the rules – Best practices – Provide value –make subscribers look forward to your announcements• Ensure that PI is collected in compliance with PIPEDA• Policies and procedures for ‘honest mistakes’ (e.g., contact CRTC, notify subscribers)
  32. 32. Questions? Shaun Brown, Counsel nNovation LLP Matthew Vernhout, Director, Delivery & ISP Relations Transcontinental Interactive
  33. 33. References• Canada’s Anti-Spam Legislation: Parl=40&Ses=3&Mode=1&Pub=Bill&Doc=C-28_4• Personal Information Protection and Electronic Documents Act: 5.html• Brown & Klein, A Complete Guide to e-Marketing Under Canada’s Anti- Spam Legislation, (Toronto: Carswell, 2011)•