CANADA S ANTI-SPAM LEGISLATION: Getting ready for July 1 st, 2014 Investment Industry Association of Canada Adam Kardash Partner, Privacy and Data Management Osler, Hoskin & Harcourt LLP akardash@osler.com; 416.862.4703 Drew Brown Associate Vice President, TD Wealth Drew.Brown@td.com; 416.308.5814 February 27, 2014
CASL Overview Federal legislation imposing strict consent, notice and content requirements for commercial electronic messages. Applies to a broad range of messages (marketing, B2B, customer service, referrals, job applications, etc.) Will impact organizations in all sectors. Potentially severe penalties for contravention of the statute. Applies to messages sent from or accessed by a computer system in Canada. 2
Status of CASL Enacted in December 2010 but not yet in force. Commercial Electronic Message provisions in force July 1, 2014 Computer programming provisions in force January 15, 2015 Private right of action in force July 1, 2017 Details of CASL set out in 2 regulations: CRTC Regulations finalized in March 2012. Industry Canada Regulations finalized in December 2013. CRTC Guidelines released in October 2012 Guidelines on the Interpretation of the Electronic Commerce Protection Regulations (CRTC) Guidelines on the use of Toggling as a means of Obtaining Express Consent under CASL CRTC FAQs released in December 2013 More FAQs, compliance guidelines expected 3
Penalties for Non-Compliance Administrative Monetary Penalties Up to $1 million per violation for individuals and $10 million for businesses. Private Right of Action Statutory damages up to $200 for each violation of the prohibition against unsolicited commercial electronic messages up to $1 million for each day on which the violation occurred. A single email or text message is contravention of CASL = violation. 4
Application of CASL Applies to any Commercial Electronic Message Any means of telecommunication, including text, sound, voice or image messages. Reasonable to conclude that, among its purposes, the message is aimed at encouraging participation in a commercial activity. Examples of commercial electronic messages: emails text messages refer-a-friend emerging forms of messaging an email or text message that hyperlinks to content aimed at encouraging participation in a commercial activity 5
General Requirements Prohibited to send, or cause or permit to be sent, a commercial electronic message (CEM) to an electronic address unless the recipient has provided express or implied consent. Most CEMs must also meet certain specified content requirements, including an unsubscribe mechanism. 6
CASL Exceptions Certain CEMs are not subject to the consent and content/unsubscribe requirements B2B Exemption: Messages sent between organizations or within organizations concerning the activities of the organization. Messages to those with whom there is a personal or family relationship. Defined in Industry Canada Regulations Personal Relationship: Sender and recipient have had direct, voluntary, two-way communication, and it would be reasonable to conclude that they have a personal relationship Messages that are sent to an individual engaged in commercial activity and consists solely of an inquiry or application related to that activity. Messages sent in response to a request, inquiry complaint or is otherwise solicited. Messages sent to satisfy legal obligations. Messages sent pursuant to IIROC or CSA rules may meet this requirement. 7
CASL Exceptions (cont d) Certain CEMs are not subject to the consent and content/unsubscribe requirements (Cont d.) Platforms: Messages sent or received on electronic messaging service. Information and unsubscribe mechanism required under the Act must be conspicuously published and readily available through the user interface Person consents to receive it either expressly or by implication Closed Messaging Systems: Messages sent to a limited-access secure and confidential account to which messages can only be sent by the person who provides the account. Messages sent or caused or permitted to be sent by a person who reasonable believes the message will be accessed in a set of listed foreign states and the message conforms to the law of the foreign state that addresses spam. 116 countries listed in the Industry Canada Regulations 8
Express Consent Requirements Generally express consent is required to send a CEM Express consent may be obtained orally or in writing Positive or explicit indication of consent required (i.e. no pre-checked boxes) Requests for express consent must include notice about the following: The purpose for which consent is sought. The name of the person seeking consent. Certain prescribed contact information including the mailing address, and either a telephone number, email address or web address of the sender. A statement indicating that the person whose consent is sought can withdraw their consent. 9
Express Consent Requirements (cont d) Additional requirements when obtaining consent on behalf of named and unnamed third-parties (e.g. marketing partners or affiliates) E.g. [ ] Check here if you would like to receive offers and promotions from our marketing partners. Unnamed third party (e.g. marketing partner) must identify person who obtained consent in CEM Recipients must be able to unsubscribe from all lists Centralized management of consents across unaffiliated marketing partners required 10
Express Consent Requirements (cont d) Express consent is not required under the Act in certain circumstances, such as where there is deemed to be implied consent. 11
Implied Consent Example: Existing Business Relationships There is implied consent where the sender and recipient have an existing business relationship based on, for example: Purchase or lease of a product, goods, service A written contract An inquiry or application Implied consent is time-limited: may only be relied upon for 2 years after a purchase, 2 years after the expiration of the contract or 6 months after an inquiry or application. 12
Implied Consent (cont d) Example 2: Business-to-Business There is implied consent where the recipient has: conspicuously posted their electronic address, and the publication is not accompanied by an indication that he or she does not wish to receive unsolicited messages, and the message is relevant to the recipient s business, role, functions or duties in a business or official capacity. or where the recipient has: disclosed their electronic address to the sender without indicating a wish not to receive unsolicited messages, and the message is relevant to their business, role, functions or duties in a business or official capacity. 13
Transactional Messages Certain CEMs are not required to comply with consent requirement For example, CEMs that solely: Provide a quote or estimate Facilitate, complete or confirm a commercial transaction Provide warranty information, product recall information or safety or security information Provide notification of factual information Deliver a product, goods or service Messages sent in response to referrals Applies to first message only Referrer must: Have relationship with sender and recipient Be named in message sent to recipient Messages still must comply with content/unsubscribe requirements 14
Referrals There is also an exception to the consent requirement for referral-based communications. A commercial electronic message may be sent the purpose of contacting the recipient following a referral by any individual who has an existing business relationship, an existing nonbusiness relationship, a family relationship or a personal relationship with the sender and recipient. The message must disclose the full name of the referral source and state that the message is sent as a result of the referral. Only applies to the first message sent. Messages still must comply with content/unsubscribe requirements 15
Complying with CASL Getting Ready for July 1, 2014 Key Compliance Steps, Practical Challenges and Risk Mitigation A Q&A with Drew Brown, Associate Vice President, TD Wealth 16