Canada’s Anti Spam Law (CASL) March 2014 Jason Beauchamp RBC Insurance 22 Additional Notes • Following our March, 2014 meetings, the following clarifications of the rules became available and were provided by RBC: • Express Consent: Express consent means that the recipient has received clear notice including a description of the purpose for the consent and prescribed information about the requestor. Express consent must be obtained from non-clients prior to sending a CEM. • Third Party Referrals Exemption: The first CEM that is sent by a person for the purpose of contacting the individual following a referral where the individual making the referral has a relationship with both the sender and the target of the referral and the message discloses the name the referrer and states that the message is sent as a result of the referral. 33 Canada’s Anti Spam Law (CASL) Timeline 2009 May, 2010 Dec 15, 2010 Summer, 2011 Bill C-27 - Electronic Commerce Protection Act (ECPA) Bill C-28 - Fighting Internet and Wireless Spam Act (FISA) Bill C-28 - Canada’s Anti Spam Legislation (CASL) Finalized Publication of CRTC Draft Regulations and Industry Canada Draft Regulations March 28, 2012 CRTC Final Regulations Published Oct 10, 2012 CRTC Guidelines Published Jan 5, 2013 Industry Canada Draft Regulations Published Dec 4, 2013 Industry Canada Final Regulations Published July 1, 2014 In force date for most sections of CASL, including CEMs Jan 15, 2015 In force date for s. 8 – Installation of Computer Programs July 1, 2017 In force date for Private Right of Action 44 Commercial Electronic Messages (CEM) Electronic communication sent to an electronic address • email, text, SMS, instant messages, messages sent to an electronic address associated with a social media site, etc. Applies to: - Personal and business/work electronic addresses - Messages sent to clients and prospects - Business to Business (subject to exemption in IC Regulations) - Employer to Employee (exemption has been requested) 55 Definitions “…a commercial electronic message is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that (a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land; (b) offers to provide a business, investment or gaming opportunity; (c) advertises or promotes anything referred to in paragraph (a) or (b); or (d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.” 66 Definitions “commercial activity” means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit … “electronic address” means an address used in connection with the transmission of an electronic message to (a) an electronic mail account; (b) an instant messaging account; (c) a telephone account; or (d) any similar account. “electronic message” means a message sent by any means of telecommunication, including a text, sound, voice or image message. 77 Commercial Electronic Message (CEM) Consent Requirements • Need express or implied consent from the recipient before sending a commercial electronic message • Express consent may be oral, written or electronic 88 Commercial Electronic Message (CEM) Form Requirements Identify sender / person on whose behalf message is sent • Sender name and the name under which it carries on business (if different) Contact information for sender / person on whose behalf message is sent • Sender mailing address, and either a telephone number, email or web address Unsubscribe mechanism • Must allow recipient to indicate the wish to no longer receive any CEMs, or any class of such messages, from the sender 99 Commercial Electronic Message (CEM) Unsubscribe Mechanism – – – – – Must be able to be "readily performed” Allow recipient to opt-out of any commercial electronic messages from the legal entity or any specified class of such messages Without cost to the recipient Sent by the recipient using the same electronic means by which the message was sent, or if not practicable, another electronic method (i.e. electronic address, or link to a page on the World Wide Web that can be accessed through a web browser) Must remain active for 60 days after the message is sent Must be respected within 10 business days 1010 Extraterritorial Reach of CASL Applies to: Commercial Electronic Messages from a sender located in Canada to a recipient located in Canada Commercial Electronic Messages from a sender located in Canada to a recipient in another country Commercial Electronic Messages from a sender located in another country to a recipient in Canada Does not apply to messages merely routed through Canada (as per Industry Canada Regulations Regulatory Impact Analysis) 1111 Commercial Electronic Message (CEM) – Implied Consent Existing Business Relationship between sender and recipient • Purchase or lease of a product, goods, service within 2 years immediately preceding sending of message • Acceptance of a business or investment opportunity within previous 2 years • Written contract in existence or expired within previous 2 years Publication or Disclosure of Electronic Address • The electronic address has been conspicuously published or disclosed, without a statement that the person does not wish to receive unsolicited commercial electronic messages, and • The message is relevant to the recipient’s business, role, functions or duties in a business or official capacity. 1212 Commercial Electronic Messages (CEM) that are Exempt Personal Relationship -Messages sent by or on behalf of one individual to another individual with whom they have a “personal relationship”, defined as “the relationship between an individual who sends a message and the individual to whom the message is sent, if those individuals have had direct, voluntary, two-way communications and it would be reasonable to conclude that they have a personal relationship, taking into consideration any relevant factors such as the sharing of interests, experiences, opinions and information evidenced in the communications, the frequency of communication, the length of time since the parties communicated or whether the parties have met in person.” 1313 Commercial Electronic Messages (CEM) that are Exempt Family Relationship -Messages sent by or on behalf of one individual to another individual with whom they have a "family relationship“ defined as “the relationship between an individual who sends a message and the individual to whom the message is sent if those individuals are related to one another through a marriage, common-law partnership or any legal parentchild relationship and those individuals have had direct, voluntary, two-way communication” 1414 Commercial Electronic Messages (CEM) that are Exempt Submitting an Inquiry or Application -Messages sent to a person who is engaged in a commercial activity and consists solely of an inquiry or application Responding to an Inquiry or Application -Messages that are solicited by the recipient or sent in response to complaints, inquiries, and requests 1515 Commercial Electronic Messages (CEM) Exemptions from Consent Business to Business Communications Sent by one employee to another in the same organization; or sent between organizations that already have a relationship, where the message concerns the activities of the organization to which the message is sent. Messages sent to satisfy a legal obligation or enforce a legal right Industry stakeholders raised concerns that the Act captures nontransactional business communications that are required by law or that are sent to enforce a legal right. For instance, in some circumstances, businesses are required to send messages that may be seen as commercial electronic messages, such as electronic bank statements. 1616 Commercial Electronic Messages (CEM) that are Exempt Platform Exemption Closed Messaging Systems Messages sent to recipients in Listed Foreign States Charities Political Parties Third Party Referrals 1717 Penalties Violation Penalty/Fine Private Right of Action In force July 1, 2017 Sending unsolicited commercial electronic messages to an electronic address Maximum per breach: $1,000,000 for individuals $10,000,000 for corporations $200 per day per breach, to a maximum of $1,000,000 per day Altering transmission data without express consent Maximum per breach: $1,000,000 for individuals $10,000,000 for corporations up to $1,000,000 per day Installing computer programs without express consent Maximum per breach: $1,000,000 for individuals $10,000,000 for corporations up to $1,000,000 per day 1818 Penalties • An officer, director, agent or mandatory of a corporation that commits a violation is liable for the violation if they directed, authorized, assented to, acquiesced in or participated in the commission of the violation, whether or not the corporation is proceeded against • Violations may be publicized • Proceeding must be commenced by CRTC within three years of CRTC becoming aware of violation 1919 Defences Due Diligence Defence • A person will not be found liable by CRTC if they exercised due diligence to prevent the commission of the offence Undertakings • Avoid a Notice of Violation and Private Right of Action if sender voluntarily reports contraventions to the CRTC • Undertaking may be publicized 2020 Next Steps – Things you should consider Commercial Electronic Messages • Identify electronic communications sent to clients, prospects and employees • Determine consent status for each type of electronic communication • Build databases to record consent / unsubscribe requests • Create compliant unsubscribe mechanism and templates for electronic communication 2121 Next Steps – Things you should consider • Consider obtaining express consent from prospects and even existing clients. • Review and Update Referral Process • Review practices for obtaining email marketing lists • For more detail about how CASL may affect Advisors, we encourage you to contact your respective associations such as Advocis and/or IFB. 2222