HPAC Magazine


June 2, 2014 | By MARK EVANS

Canada's anti-spam legislation and what it means to you

Coupled with globalization, technological innovation and evolution has been a catalyst for change on political, social and economic fronts. One such change relevant to business has been the emergence of the need for a common language or “lingua franca” on several fronts. The internet as a central element in the globalization of communications has given rise to English becoming a lingua franca for web development and e-commerce. North America has been the largest e-commerce market in the world, with the U.S. comprising 33.5 per cent of a market that topped one trillion dollars in value for the first time in 2012.1
It is no wonder then that the dominance of the North American market also extends to the “dark side” of the internet.

On May 11, 2004, Industry Canada tabled its “Anti-Spam Action Plan for Canada” and cited that “In the year 2000, e-mail traffic reports indicated that spam amounted to about 10 per cent of the total volume of electronic mail. By 2002, the percentage had climbed to 30 per cent. In early 2003, tracking services recorded a dubious milestone: the amount of electronic unsolicited commercial e-mail had surpassed that of legitimate communications. Further, they estimated that “By the end of 2004, it is predicted that spam will constitute as much as 70 per cent of global email.”2

At that time the Minister of Industry established a Special Task Force on Spam “to oversee the implementation of a comprehensive action plan to reduce the volume of unsolicited commercial e-mail.” According to Kaspersky Lab, an IT security vendor, the volume of spam e-mail as a percentage of total e-mail has indeed risen to the levels predicted by the Minister of Industry in 2004.3 Aggregate increases in the total of legitimate e-mail communications, the awareness of consumers, and the effectiveness of anti-spam software stand among the reasons it has not risen beyond these percentages.

The Task Force completed its mandate on May 17, 2005 and tabled its findings in a report entitled Stopping Spam: Creating a Stronger, Safer Internet. This report resulted in intense industry lobbying from stakeholders opposed to many of the recommendations. After much further consultation, on May 25, 2010 then Industry Minister Tony Clement introduced Bill C-28, which received Royal Assent from Parliament on December 15, 2010. Further lobbying delayed implementation, but on December 4, 2013 (almost a decade after the need to address e-mail spam was first recognized) Industry Minister James Moore announced the final regulations under Canada’s Anti-Spam Law (CASL) and the timelines for enforcement.

The first milestone is July 1, 2014. As of this date, the express consent of the recipient will be required to send commercial messages by e-mail or text, whether through direct means or social media. Safeguards related to the installation of software take effect on January 15, 2015 and the final date phase of implementation July 1, 2017 when the Private Right of Action (the ability to sue and seek damages from offenders) takes effect.

The impact of the CASL is detailed in the Regulatory Impact Analysis Statement (RAIS) as issued to accompany the pre-publication of the Electronic Commerce Protection Regulations legislation on January 5, 2013.4 In the RAIS, Point 7 references the Small Business Lens, with the explanation that “The small business lens does not apply to this proposal as the Regulations would not increase administrative or compliance burden on small business. The regulations provide exclusions to the compliance requirements of the CASL.” What is the Small Business Lens? Announced in Budget 2011 and based on the Recommendations Report: Cutting Red Tape…Freeing Business to Grow, the Small Business Lens requires regulators to be sensitive to the need of small business and requires that they consider the impact that regulations have on small business to ensure that they do not have unintended consequences (see sidebar).5

So are businesses really informed and prepared for what lies ahead? The importance of e-mail and electronic communication as a conduit between companies and consumers cannot be overstated. As noted in the 14th Report of its Subscribers, Fans and Followers Report series published in 2012 by ExactTarget.com (a Salesforce.com company),
e-mail is the method preferred by most customers for both personal written communications (45 per cent) and permission based promotional messages (77 per cent versus the nine per cent for direct mail).

In 2013, Deloitte LLP surveyed 100 financial business services leaders and published a paper entitled Managing the Message.6 The paper notes that “Only 13 per cent of organizations understand CASL requirements and have begun applying them to their business” and goes on to state that “71 percent of organizations expect that it will take a medium to high effort for their compliance and marketing teams to comply with CASL.” Also of note in the Deloitte paper are the substantial penalties for non-compliance, up to $1 million dollars for individuals and up to $10 million dollars for companies.

There are a number of resources intended to help companies understand what constitutes a Commercial Electronic Message (CEM) as regulated by CASL, including the FightSpam website hosted by the Government of Canada and a site showing Frequently Asked Questions hosted by the Canadian Radio-television and Telecommunications Commission (CRTC).7 If you are a CEM sender, here are a few points to consider:

• You have until July 1, 2014 to gain majority compliance with your existing customer base.

• Your CEM must contain prescribed information including: the identity of the sender; the sender’s contact information including mailing address; an unsubscribe mechanism which remains active for a minimum of 60 days post message and which must be acted on with 10 days of receipt; and the message must present itself as “opt-in” rather than “opt-out.”

• There are limited exclusions (check the Regulatory Impact Analysis Statement).

• If your lists were compliant under the Personal Information and Electronic Documents Act, you will probably find that your lists will no longer be compliant and will need to be re-qualified.

• There are what could be called fresh dates or sunset dates on lists. The maintenance obligations of CEM senders increase. Names will have to be removed from lists based on inquiry dates and/or transaction dates, with two years being the outer limit.

There are three government agencies responsible for enforcement of the law. When the new law is in force, it will allow:

• The CRTC to issue administrative monetary penalties for violations of the new anti-spam law.

• The Competition Bureau to seek administrative monetary penalties or criminal sanctions under the Competition Act.

• The Office of the Privacy Commissioner to exercise new powers under an amended Personal Information Protection and Electronic Documents Act.

As you begin your compliance review, take the time to also take stock of your use of e-mail. This is an opportunity to determine if your existing communications are effective and achieve the results you seek. <>

During the course of his career in the mechanic
al industry Mark Evans has worked in the wholesaler and manufacturer sectors in sales and marketing positions. Contact him at mark@markevans.net or visit www.markevans.net.


1 eMarketer

2 Industry Canada http://www.ic.gc.ca/eic/site/030.nsf/eng/home

3 Kaspersky Lab

4 Regulatory Impact Analysis Statement

5 Treasury Board of Canada Secretariat- Red Tape Reduction Action Plan (Small Business Lens)

6 Deloitte survey

7 Canadian Radio-television and Telecommunications Commission- Frequently Asked Questions

What Does It Mean?

Question: Is the Minister’s analysis correct in that the CASL will not be a burden to small business?

Answer: NO. In a future article I will discuss what is now being referred to as “The Internet of Things,” the fact that internet connectivity is pervasive. It connects the operating systems of cars, appliances, even things as mundane as the thermostat, to the internet so these systems can facilitate two-way communications and be automatically updated.

Why should this matter to our industry? On January 13, 2014, Google purchased Nest Labs, makers of the Nest Learning Thermostat and the Protect smoke detector for $3.2 billion in cash. Consider that Honeywell Automation and Control Solutions Division reported worldwide sales of $15.9 billion dollars in sales in 2012, generated through the sale of its 723 000 SKU’s by its 75 000 employees in 100 countries. Compare that to Nest Labs whose 130 employees (as of 2012) were responsible for presenting only 2 SKU’s which are only available in the US and Canada (as of November 2013, the Nest Protect is now available in the US, Canada and the UK). Comparing the numbers, you can bet that Google is counting very heavily on the Internet of Everything and Nest products being a gateway to harvest information that is a commodity with value in and of itself.

In a January 2014 interview with Forbes Magazine columnist Parmy Olson, Nest founder and CEO Tony Fadell said “that his company had struck deals with close to 20 utility companies, who paid Nest $30 to $50 per thermostat annually, to manage the energy usage of Nest customers who had opted into their utility’s demand-response program.”

The Nest thermostat has an iPhone app that provides an interface through which Nest can communicate with the owner to obtain permission to install operating system updates. Not all similar products have the same kind of user interface, if they have any at all. In a case where the device would simply be updated by transmission to the unit’s IP address, a grey area exists. Under the auspices of the CASL, the owner’s consent is required prior to the update.

If the product carries a contractor-based installation and/or service warranty, especially in a sale where the contractor derives monthly income from the monitoring of a home comfort or home automation system, the contractor potentially would be responsible for seeking this consent and communicating it to the manufacturer before the system update was to take place.



Stories continue below