NSDA ANTI-SPAM POLICY Overview On July 1, 2014, Canada s Anti-spam Legislation (CASL) took effect. Coupled with existing regulations, the new legislation sets specific restrictions on using electronic communications to try to promote, advertise or sell a commercial product or service, or a business, investment or gaming opportunity. The NSDA has developed this policy to ensure staff, volunteers and third-parties who are working on behalf of the NSDA are fully aware of their obligations under CASL. Guidelines This policy outlines and clarifies the obligations of the NSDA, staff, volunteers, and third-parties under CASL. It provides guidance to individuals who send electronic messages, on behalf of the NSDA or are authorized to communicate on NSDA social media sites, to ensure to do so in full compliance with the CASL. Non-compliance with this policy may expose the NSDA and/or its Directors and officers to liability under CASL, including monetary fines. Accordingly, failure to adhere to this policy could lead to disciplinary action for employees and volunteers of the NSDA. Details The following statutes, regulations, guidelines and statements form the basis of this policy: - CASL; - Electronic Commerce Protection Regulations, SOR/2013-221; - Electronic Commerce Protection Regulations (CRTC), SOR/2012-36; - Industry Canada, Regulatory Impact Analysis Statement, December 4; 2013, - Compliance and enforcement information Bulletin CRTC 2012-548; - Compliance and enforcement information Bulletin CRTC 2012-549; and - Compliance and Enforcement Information Bulletin CRTC 2014-326. Understanding Your Obligations The following background information and decision tree with assist staff, volunteers and third-parties with understanding the NSDA obligations under CASL. What is an Electronic Message? An electronic message means a message sent by any means of telecommunication, including a text, sound, voice or image message. 1
What is a Commercial Electronic Message? A commercial electronic message (CEM) is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that: (a) Offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or rights in land; (b) Offers to provide a business, investment or gaming opportunity; (c) Advertises or promotes anything referred to in paragraph (a) or (b); or (d) Promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so. What is Commercial Activity? Under CASL, a commercial activity is any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct of international affairs or the defence of Canada. When can a CEM be sent? Under CASL a CEM can only be sent if: the person to whom the message is sent has consented to receiving it, whether the consent is express or implied; and the message complies with the content requirements of CASL. In most cases, the NSDA management must determine which template electronic messages may be sent to members or non-members. Questions in this regard should be referred to the staff of the NSDA. Obtaining New Consents In the event that no direction has been provided from Management, or where there is uncertainty concerning whether or not an electronic message is a CEM, the employee, volunteer, or other thirdparty should refer to the Decision Tree attached to this policy as Schedule A. Any new express consent sought for the purposes of sending a CEM must not be hidden within or bundled with requests for general terms and conditions related to membership or other services provided by the NSDA. Any electronic message or other method the NSDA sends seeking consent to send a CEM must set out clearly, and simply state, that the purpose of the electronic message is to obtain consent to send a CEM and contains the prescribed information. 2
You cannot use opt-out, methods to obtain express consent. If you use a check box other similar method to obtain express consent, only an opt-in method of obtaining consent such as by using a checkbox or typing an email address into a field are acceptable. Requests to Unsubscribe The NSDA has an established reputation for providing excellent service to its members and the public. If an individual indicated to the NSDA that he/she no longer wishes to receive CEMs from the NSDA, you must act upon the unsubscribe request within ten (10) days. If you fail to follow up on such unsubscribe requests, it may impact the reputation of the NSDA. Employees, volunteers, or other third-parties who receive an unsubscribe request should as much as possible confirm to the Chief Privacy Officer that the request has been effected within the ten (10) day period. Where the NSDA Board of Directors designates an information system to keep tract consents to send individuals CEMs, the information system should be updated to reflect that the individual has unsubscribed. Records Retention The onus is on the NSDA to prove that it has consent to send a CEM. In this regard, it is important for all employees, volunteers, and third-parties who send electronic messages on behalf of the NSDA to verify that express consent is recorded in the manner designated by the Chief Privacy Officer from time to time. Notwithstanding anything else described in this policy, the following records shall be kept in a location determined by the Board of Directors to demonstrate compliance with CASL: - This policy as amended from time to time and all previous versions of this policy; - Records of unsubscribe requests and confirmation that they were actioned; and - Records of express consent. If the Board of Directors of the NSDA designate an information system to keep track of consent under CASL, including membership records or inquiries related to the services of the NSDA, the Chief Privacy Officer will verify that staff update this system on a reasonably regular basis. Social Media The NSDA uses social media profiles to better communicate with our members and the public. From time to time, employees and volunteers who are authorized to post messages or information on the social media profiles are subject to this policy. Those individuals may also be within the scope of the NSDA social media policy from time to time. The publication of posts or other publications through social media profiles does not fall within the intended scope of CASL. 3
However, where social media sites have direct messaging features that enable the NSDA to directly communicate with the recipient, the analysis concerning whether or not the electronic message is a CEM set out in the decision tree should be performed. Education All current and new staff to whom this policy applies will be made aware of this policy. The NSDA will ensure that new staff and volunteers are oriented concerning this policy. The NSDA, will provide training or a bi-annual, or more frequent basis, to all staff and volunteers, or as this policy is amended. Review and Audit This policy will be reviewed from time to time by the Chief Privacy Officer to ensure that the statues regulations, guidances, and statements forming the basis of this policy are up to date. As new regulations, guidances, or statements are released from time to time, or as CASL is interpreted by the courts, this policy will be reviewed by the Chief Privacy Officer to ensure the policy remains current. As well, compliance with this policy by the NSDA, employees, volunteers or third-parties will be reviewed on an annual or more regular basis as determined by the NSDA Board of Directors. The results of the review will be documented and provided to the Board of Directors of the NSDA in order to determine if procedures concerning the education of staff or maintenance of records need to be updated. From time to time, the NSDA may authorize a third-party to use an express consent obtained by the NSDA in accordance with this policy. In all such cases, the third-party shall include in any CEM they send that: - NSDA is identified as the person who obtained consent from the recipient; and - The third-party includes in the CEM an unsubscribed mechanism that allows the recipient to withdraw consent from the third party, from the NSDA, and from any other person who is authorized to use that express consent. Where the NSDA, on receipt of a notice by the authorized third-party that is has received a withdrawal of consent, the third-party must notice the NSDA that the consent has been withdrawn from: - The NSDA - The authorized third-party; or - Any other third-parties who have been authorized to use the express consent. All requests concerning the withdrawal of consent must be effected within ten (10) days. The NSDA will ensure that any third-party from whom their use of the NSDA express consent has been withdrawn also must give effect to the withdrawal within ten (10) days. A record that the withdrawn of consent, and 4
any notice necessary under CASL or the regulations, has been completed will be kept in accordance with the record keeping provisions of this policy. Complaints Complaints concerning the NSDA compliance with CASL and this policy should be referred to the Chief Privacy Officer. A record of the complaint and how the complaint was resolved shall be kept in accordance with the record keeping procedures set out in this policy. For further information If you have questions, comments or suggestions regarding this document, contact the NSDA. 902-420-0088 1559 Brunswick St. Ste 101 Halifax, NS B3J 2G1 5
Schedule A Decision Tree in Sending a CEM 1. Is the electronic message a CEM? - Does it encourage participation in a commercial activity? - Does it contain hyperlinks or contact information for an individual that would encourage participation in a commercial activity? - Does it include an offer to purchase or sell a product, good or service? - Does it include offers to provide a business, investment or gaming opportunity? - Does it advertise or promote a person who does any of the above? If no to all questions, the electronic message is not a CEM. If yes to any question go to 2. 2. Is there an exemption to all or part of CASL? - Is the CEM being sent to someone with whom the sender has a personal or family relationship? - Is the CEM being sent to a person who is engaged in a commercial activity and consists solely of an inquiry or application related to that activity? - Exemptions to consent requirements under CASL? Is the CEM providing a quote or estimate for the supply of a product, goods, a service, land or an interest or right in land, if the quote or estimate was requested by the person to whom the message is sent?, Does the CEM facilitate, complete or confirm a commercial transaction that the person to whom the message is sent previously agreed to enter into with the NSDA? Does the CEM provide warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased from the NSDA? Does the CEM provide notification of factual information about: the ongoing use or ongoing purchase by the person to whom the message is sent of a product, goods or a service offered under a subscription, membership, account, loan or similar relationship by the NSDA; or the ongoing subscription, membership, account, loan or similar relationship of the person to whom the message is sent? Does the CEM provide information directly related to an employment relationship or related benefit plan in which the person to whom the message is sent is currently involved, is currently participating or is currently enrolled with the NSDA?; Does the CEM deliver a product, goods or a service, including product updates or upgrades that the person to whom the message is sent is entitled to receive under the terms of a transaction that they have previously entered into with the NSDA? If yes, go to 4. 6
- Exemptions to CASL Is the CEM sent by an employee, representative, consultant or franchisee of the NSDA to another employee, representative, consultant or franchisee of the NSDA and the message concerns the activities of the NSDA; or to an employee, representative, consultant or franchisee of another organization if the NSDA has a relationship with that organization and the message concerns the activities of the organization to which the message is sent? Is the CEM sent in response to request, inquiry or complaint or is otherwise solicited by the person to whom the message is sent? Is the CEM sent and received on an electronic messaging service if the information and unsubscribe mechanism that are required under subsection 6(2) of CASL are conspicuously published and readily available on the user interface through which the message is accessed, and the person to whom the message is sent consents to receive it either expressly or by implication; Is the CEM sent to a limited-access secure and confidential account to which messages can only be sent by the person who provides the account to the person who received the message? If yes, the electronic message is not a CEM. 3. Does the NSDA have consent to send the CEM? - Has the NSDA received express consent from the receiver to send him/her a CEM? Was the consent obtained orally or in writing? Does the NSDA have a complete and unedited audio recording of the consent is retained by the person seeking consent or a client of the person seeking consent? Does the NSDA have a paper or electronic record of the consent being given? If yes, the NSDA has express consent, go to 4. - Does the NSDA have implied consent from the receiver to send him/her a CEM? Has the person to whom the CEM is being sent conspicuously published, or has caused to be conspicuously published, the electronic address to which the message is sent, and the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person s business, role, functions or duties in a business or official capacity? Has the person to whom the message is sent disclosed to the NSDA the electronic address to which the message is sent without indicating a wish not to receive unsolicited commercial electronic messages at the electronic address, and the message is relevant to the person s business, role, functions or duties in a business or official capacity? Is the recipient a member of the NSDA? Was the recipient a member within the two-year period immediately before the day on which the message is sent? Did the receiver purchase a product, good, or service from the NSDA within the two-year period immediately before the day on which the message is sent? 7
Has a written contract been entered into between the NSDA and the receiver for the purchase a product, good, or service from the NSDA or an investment or gaming opportunity within the twoyear period immediately before the day on which the message is sent? Has the receiver made an inquiry or application within the six-month period immediately before the day on which the message is sent? If yes, the NSDA has implied consent. If the NSDA has consent, or if consent is not required, then go to 4. 4. Does the CEM contain the prescribed information? Does the CEM set out the name of the NSDA? Does the CEM include the mailing address of the NSDA and either. - A telephone number providing access to an agent or a voice messaging system; or - An email address or a web address of the NSDA? Does the CEM include an unsubscribe mechanism? - Is it set out clearly and prominently? - Is the unsubscribe mechanism able to be readily performed, Is the above information set out clearly and prominently? If the prescribed information and unsubscribe mechanism are set out in a link on the World Wide Web, the link must be active for at least 60 days. If yes to all, the NSDA may send the CEM. If no, the message is spam and cannot be sent. 8