Canada s New Anti-Spam and Anti- Spyware Regime: Why You Need to Get Ready Now

Similar documents
Canada's New Anti-spam Law Are you prepared? Tricia Kuhl (Blakes) Dara Lambie (Blakes) Presented to ACC Ontario Chapter May 9, 2012

Canada s New Anti-Spam Law. David Fraser

Canada s Anti-Spam Legislation: What It Means to Hit Send

Canada s Anti-Spam Legislation It s Here and It s Not Just Spam. Susan Manwaring & Jennifer Babe Miller Thomson LLP

Preparing for Canada s Anti-Spam Legislation (CASL) Miyo Yamashita, Partner Sylvia Kingsmill, Senior Manager

Dentons Canada LLP. Understanding CASL. Presented to the Alberta Chambers of. Craig T. McDougall and Thomas A. Sides

CANADA S ANTI-SPAM LEGISLATION: Getting ready for July 1 st, 2014

Comparing CASL to CAN SPAM Canada s Anti Spam Law Raising the bar for online business communications in North America Margot Patterson, Counsel

Q: CANADA'S ANTI-SPAM LEGISLATION

Marketing Law in Canada Has Changed... Are You Ready?

CANADA S ANTI-SPAM LEGISLATION (CASL): WHAT YOUR CHARITY NEEDS TO DO BEFORE JULY 1ST

Canada s Anti-Spam Law ( CASL ): It s the Law on July 1, 2014 questions for directors to ask

Investment Industry Association of Canada. Canadian Anti-Spam Legislation Primer. Frequently Asked Questions

CANADA S ANTI-SPAM LEGISLATION: CHARITIES AND NOT-FOR-PROFITS

Canadian Anti Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS

Canada s New Anti-Spam Law

NSDA ANTI-SPAM POLICY

BARRIE PUBLIC LIBRARY ANTI-SPAM POLICY MOTION #17-35 Revised June 22, 2017

The Age of Consent: Canada s Opt-In Anti-Spam Law. International Legal Technology Association October 23, 2014 David Elder

Are You Sending Illegal s? Canada s Anti-Spam Legislation and How it Affects You

Canadian Anti-Spam Legislation (CASL)

CANADA S ANTI-SPAM LEGISLATION AND REGULATIONS

Canada s Anti-Spam Legislation (CASL) What it means for Advisors. Distributor Learning & Development

DAVIES. CASL FAQs. dwpv.com

Before You Hit Send: How Canada s New Anti-Spam Law Will Affect You

This policy has been developed to ensure compliance with Canada's Anti-Spam Legislation ("CASL").

CASL Canada s Anti-Spam Legislation. In force - 1 July 2014

Canadian Anti-Spam Legislation (CASL)

Canada s New Anti Spam Legislation. Maggie Cavallin Clark Wilson LLP T

Canada Anti-Spam Legislation: Review and Update

GET READY FOR ANTI-SPAM

Canadian Anti-Spam Legislation (CASL) Campaign and Database Compliance Checklist

Canadian Anti-Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS

CANADIAN ANTI-SPAM LEGISLATION WORKSHOP FOR CHARITIES AND NOT- FOR-PROFIT ORGANIZATIONS

Canadian Anti-Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS

David Young Law Compliance Bulletin April 2014

Canada s Anti-Spam Legislation (CASL) Compliance Primer & Checklist. April 2014

Canada's Anti-Spam Legislation

CASL. What you need to know about Canada s new Anti-Spam Legislation

Understanding and Preparing for Canada s Anti-Spam Legislation (CASL) Troy Baril, Associate

Review of the Canadian Anti-Spam Legislation

MailChimp Basics. A step by step guide to MailChimp Course developed by Virginia Ridley

Canada s Anti-Spam Legislation. Information Session 2014

Canadian Anti-Spam Legislation (CASL) Compliance Policy. 2. Adopt Canadian Anti-Spam Legislation (CASL) Compliance Policy.

Offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;

Privacy Law Doing Business In Canada

CANADA S NEW ANTI-SPAM LEGISLATION FIVE SUGGESTIONS FOR COMPLIANCE

THE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, December 29, 2003

How to Navigate International Privacy and Data Security Developments Beyond the US and the EU, Namely Canada January 30, 2019

Canada s Anti-Spam Legislation (CASL) for Canadian Registered Charities and Non-profit Organizations

Professional Engineers Ontario. canada s anti-spam. Guidelines for Chapters

Brief to the House of Commons Standing Committee on Industry, Science and Technology on the review of Canada s Anti-Spam Legislation.

Canada's Anti-Spam Legislation (CASL)

Guidance on CASL for REALTOR Members. Guidance on Canada s Anti-Spam Legislation (CASL) for REALTOR Members

Update on Canada s Anti-Spam Legislation (CASL) for Portfolio Management Association of Canada (PMAC)

Privacy Dimensions to Canada's Anti-Spam Legislation (CASL)

CASL Survey Report: Bridging the Gaps in Understanding and Compliance

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

Sarri Gilman Privacy Policy

ESPC Update on Review of Canada's Anti- Spam Legislation

Canadian Advertising Law Update and Canada's Anti-Spam Legislation (CASL)

Positioning Your Organization to Mitigate CASL Liability Through the Due Diligence Defence. Roadmap

SeelogicMail Terms and Conditions

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018)

Privacy Policy. What information do we collect automatically?

H. R To reduce unsolicited commercial electronic mail and to protect children from sexually oriented advertisements.

Shaw Privacy Policy. 1- Our commitment to you

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

A. New Canadian Anti Spam Legislation Impacts How Travel Agencies Communicate With Clients

We reserve the right to modify this Privacy Policy at any time without prior notice.

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

ELECTRIC APP - PRIVACY POLICY

A Marketer s Guide to Canada s Anti-Spam Law (CASL)

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

etouches, Inc. Privacy Policy

Finland. General I Data Protection Laws. Contributed by Hannes Snellman Attorneys Ltd. National Legislation. National Regulatory Authority

Spam Law: Recent Legislation and its Impact on Canadian Fundraisers and Charities

Privacy policy. Privacy Policy

Privacy Policy. We may collect information either directly from you, or from third parties when you:

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017

GENERAL PRIVACY POLICY

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

TERMS & CONDITIONS. Complied with GDPR rules and regulation CONDITIONS OF USE PROPRIETARY RIGHTS AND ACCEPTABLE USE OF CONTENT

What Information Do We Collect? How and Why We Collect Information

INNOVENT LEASING LIMITED. Privacy Notice

Frequently Asked Questions. About The Do Not Contact Rules

CANADIAN TIRE PRIVACY CHARTER

Acceptable Use Policy Document ID: SER-POL-001

register to use the Service, place an order, or provide contact information to an Independent Business Owner;

Compliance and Enforcement Decision CRTC

The Opt-Out Register for Fax and Telephone - Guidance for Marketers

Terms of Use. Changes. General Use.

Privacy Policy Effective May 25 th 2018

TERMS OF USE Effective Date: January 1, 2015 To review material modifications and their effective dates scroll to the bottom of the page. 1.Parties.

PRIVACY POLICY. Personal Information Our Company Collects and How It Is Used

Privacy Policy. Last updated: May 11, 2018

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

Voter Contact Registry

Transcription:

Canada s New Anti-Spam and Anti- Spyware Regime: Why You Need to Get Ready Now September 15, 2011 Presented by: y Michael Fekete Andraya Frith Nicole Kutlesa Patricia Wilson 1

2 Presenters Michael Fekete Andraya Frith Nicole Kutlesa Patricia Wilson 2

3 Overview Introduction and Overview History of legislation Breadth of anti-spam and anti-spyware rules Primary requirements Comparison to PIPEDA and CAN-SPAM Act Key issues affecting business practices Enforcement regime Tips on getting ready for CASL 3

4 A long and winding road 2004: GoC Task Force on Spam launched 2005: Task Force report 2009: Bill C-27 2010: Bill C-28 December 15, 2010: Royal Assent Informal name: Canada s Anti-spam Law (CASL) Fall 2011: Final regulations expected Late 2011 or early 2012: Expected coming into force date 4

Structure of CASL Standalone legislation covering spam spyware altering transmission data (to redirect or copy an electronic message) Amendments to: CRTC Act: enforcement regime Competition Act: false and misleading messages/sender information PIPEDA: address harvesting/accessing a computer to collect PI Telecommunications Act: potential repeal of national Do- Not-Call List CASL takes precedence in the event of conflict, but does not replace related provisions of PIPEDA 5 5

Breadth of anti-spam rules The new rules apply to: electronic messages (no minimum number), when sent: by telecommunication, to an electronic address (i.e., an email, instant messaging, telephone or similar account), for the purpose of encouraging participation in a commercial activity (no primary purpose standard), if a computer system located in Canada is used to send or access the message 6 6

7 Breadth of anti-spam rules (continued) Limited exemptions for: family or personal relationships (as defined by regulation) business inquiries (about recipient s commercial activity) interactive two-way voice communications between individuals fax messages sent to telephone account voice recordings sent to telephone account 7

Primary requirements regarding CEMs Express consent opt-in positive confirmation debate regarding opt-out A message requesting consent is deemed to be a commercial electronic message ( CEM ) CEM) Disclosure requirements for consent purpose prescribed requirements (draft regulations): consent request must be in writing consent must be sought separately for each act identity and contact information consent withdrawal statement 8 8

Primary requirements regarding CEMs (continued) Exceptions to express consent transactional messages sole purpose exhaustive list, subject to regulations implied (deemed) consent existing business relationship (EBR) and existing nonbusiness relationship (ENBR) exhaustive lists, subject to regulations conspicuous publication or disclosure of electronic address message must be relevant to recipient s business/professional role 9 9

10 Primary requirements regarding CEMs (continued) Form and content requirements unsubscribe mechanism draft regulations set maximum of 2 clicks identity and contact information Opt-outs must be operationalized without delay no later than 10 business days Sender s contact information must be valid for 60 days 10

11 Breadth of anti-spyware rules The new rules apply to a person who: installs a computer program (no malware threshold) on another person s computer system, OR causes an electronic message to be sent from a computer system on which the person installed a computer program, IF the computer system is located in Canada or the person is in Canada Exemption for complying with court order 11

Primary requirements regarding computer programs Express consent Disclosure requirements for consent general function and purpose of the computer program detailed function-specific information (to be disclosed separate and apart from licence agreement) if: enumerated higher risk function (e.g., collection of stored personal information; change to computer settings), AND knowledge and intent that computer will operate contrary to reasonable expectations of user or owner prescribed requirements (draft regulations): same as for CEMs, PLUS: acknowledgment of higher risk functions must be in writing 12 12

Primary requirements regarding computer programs Exceptions to Consent: where person s conduct makes it reasonable to believe consent has been given to installation of: a cookie HTML code Java script operating system program executable only through another program for which express consent to installation or use has been given update or upgrade, but only where qualifying express consent given to original i installation ti and update/upgrade program 13 13

14 Comparison to PIPEDA PIPEDA adopts a principles approach to privacy CASL is rules based ban all except that which is permitted PIPEDA allows for opt-out consent when using nonsensitive PI for marketing purposes CASL requires express consent, with limited exceptions PIPEDA relies on soft enforcement principles CASL introduces material penalties and reasonable prospect of class actions 14

15 Comparison to CAN-SPAM Act CAN-SPAM applies only to email messages CASL also applies to instant messages and text messages CAN-SPAM relies on opt-out consent CASL requires express consent, with narrow exceptions CAN-SPAM applies only if primary purpose is commercial CASL applies if any content is commercial 15

Examples of key issues Fresh consent Limited grandfathering time limits applicable to EBRs and ENBRs do not apply for three years, BUT only for those EBRs and ENBRs which included communications using CEMs Consent from minors Social media Writing requirements 16 16

17 Key issues (continued) EBR definition iti free products and services gaming opportunity written contract Refer a friend programs Inclusion of unsubscribe mechanism in transactional messages Potential impact on online behavioural tracking 17

Enforcement provisions - Outline Administrative i ti Monetary Penalties ( AMPS ) Private Right of Action Compliance Undertakings Complaints and Court Reviews Under PIPEDA Offences and Reviewable Conduct Hearings under Competition Act Interplay of enforcement measures important; will drive mitigation strategies for those experiencing a CASL contravention 18 18

19 Enforcement provisions -AMPS Administered i d by the CRTC Applies to contraventions of sections 6 9 (Unsolicited CEMs; Altering transmission data, Installation of computer programs; Aiding, inducing, procuring, causing same) Maximum penalty of $10,000,000 per violation for businesses; $1,000,000 for individuals (i.e. per message, installation, alteration) 19

20 Enforcement provisions -AMPS AMPS Procedure: Three (3) year limitation period for issuing a notice of violation CRTC decides whether violation committed on balance of probabilities CRTC can order person to cease contraventions Appeal to Federal Court of Appeal 20

21 Enforcement provisions -AMPS Director and officers: AMPS may be levied against directors, officers, agents, mandataries of corporations Corporations: Vicariously liable for employees/ agents acting within the scope of employment/ duties Due diligence: No violation if establish due diligence to prevent commission of a violation; Common law defences: Apply to extent consistent with CASL 21

CASL Enforcement Private Right of Action Persons allegedly affected by contraventions of sections 6 9, PIPEDA, Competition Act provisions can apply for a court remedy Three year limitation period, subject to extension by court Class action potential for CASL statutory damages claims is high Cannot apply for a court remedy if undertaking entered into, notice of violation served Undertakings may not be entered into, notice of violation may not be served if CASL court application has been commenced Strategic considerations necessary where early settlement of a class action under CASL will prevent AMPs 22 22

CASL Enforcement Private Right of Action (continued) Court may order: Loss, damages suffered or expenses incurred Statutory damages to a maximum of $200 per contravention of section 6 (unsolicited CEMs), to a maximum of $1 million for each day contravention ti occurred / $1 million per contravention of CASL, Competition Act, PIPEDA, as applicable 23 23

CASL Enforcement Penalty, Damages Factors Purpose of AMPS and statutory damages is to promote compliance, not to punish CRTC and Court must consider following in determining AMP amounts and statutory damages: Purpose of the order Nature and scope of contravention History of contraventions/ violations History of undertakings to comply Financial benefit from contravention Ability to pay Whether applicants/ affected persons have received voluntary compensation 24 24

25 Preparatory work Scrubbing existing databases or re-qualifying customer and contact lists with fresh, express consent This should be done before CASL comes into force Taking steps to trigger grandfathering provision Modifying procedures for obtaining and documenting consent Meeting content requirements for express consent Building into database fields that can be used to pull data that meets applicable criteria and testing such systems Dates when contract entered into, product purchase, inquiry made, etc. (to track EBR) Monitoring expired business relationships 25

26 Preparatory work (continued) Modifying procedures for meeting CEM content, unsubscribe and withdrawal of consent obligations Updating relevant documents, including: third party service agreements address compliance ce with CASL (incl. address harvesting provisions) ensure appropriate reps, warranties and indemnities internal privacy and email marketing policies and procedures (both for compliance and due diligence purposes) p ensure training of employees and documenting same published privacy policies/statements 26

27 Preparatory work (continued) Modifying procedures for meeting consent and disclosure rules applicable to computer programs Address other compliance challenges created by CASL false and misleading messages/sender information address harvesting accessing a computer to collect PI 27

28 Questions? Michael Fekete (416)862-6792 mfekete@osler.com Nicole Kutlesa (416) 862-6417 nkutlesa@osler.com Andraya Frith (416) 862-4718 afrith@osler.com Patricia Wilson (613) 787-1009 pwilson@osler.com 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback