July 08, 2009 | By Spencer Kollas
Republishing of important article
Highlights of proposed Canadian spam legislation
By Karen J. Bannan
July 2, 2009
The Canadian House of Commons in April introduced a bill to create the Electronic Commerce Protection Act (ECPA) (ECPA)—Canada’s version of the U.S. CAN-SPAM legislation, with some significant differences. The bill seeks not only to cut down on spam but also addresses phishing, spyware and unsolicited text messages. It also lays out penalties for spamming, allowing businesses and consumers to take civil action of up to $1 million (Canadian) against individuals and $10 million against companies or groups that violate ECPA.
But what exactly does this mean for marketers that send e-mail to Canada? Matthew Vernhout, director of delivery and ISP relations at e-mail marketing company ThinData Inc., explained the most significant highlights of the bill.
1) In or out. One of the main differences between CAN-SPAM and the Canadian bill is consent. CAN-SPAM focuses on opting out; marketers can send e-mail to anyone as long as they have not opted out and their e-mail address was not harvested. The Canadian legislation will require marketers to have explicit or implied consent, said Vernhout, who recently discussed the bill before the Canadian government’s Standing Committee. “In Canada for 10 years we’ve had our privacy law that advocates consent-based communications,” he said. Companies can e-mail people when there is a business relationship or nonbusiness relationship. So, for example, marketers will be able to e-mail a customer who purchased something from them even if they didn’t officially opt in, but only for a period of 18 months. This is why he suggested companies start adding fields to their databases today that will log when names are added to a list—the specific date—as well as what kind of relationship a marketer actually has with those contacts.
2) Update in time. Today, CAN-SPAM requires companies to remove someone who has opted out within 10 business days. The Canadian regulation will require opt-outs to be handled within 10 calendar days. “This might be an issue for companies that use ‘multiple affiliates,’ ” Vernhout said. Making sure all opt-outs happen in what could be as little as a single business week may take some getting used to.
3) Show your face. CAN-SPAM requires U.S. marketers to provide a “from” address, a postal address and a Web-based opt-out. Under the Canadian rules, marketers will need to disclose the identity of the person sending the e-mail—and if it’s being sent on behalf of a company, both companies involved must disclose their information, including company name and contact information, including a physical address. An opt-out link is not required, although unsubscribe procedures must be listed in messaging.
4) Share and share alike. The Canadian government is promising to “share information and evidence with their counterparts in other countries who enforce similar laws internationally,” according to a press release. This means the Canadian Radio-Television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner would be able to share evidence with, for example, the U.S. Federal Communications Commission to ensure people in Canada who are spamming those in the U.S. could still be prosecuted.
5) A central spam center. Under the legislation, the Canadian government will also create a “Spam Reporting Centre,” which would act as a clearinghouse for all spam reports. The unit would disseminate evidence of spamming to “governing bodies.” “I don’t think it’s any different than what the FTC is doing [in the U.S.]. It’s building a history so they can look back and say, ‘Are we seeing a trend,’ and from there compiling the evidence against people so, when they go to court, they can bring a big document and slam it down,” Vernhout said.