New anti-spam legislation will have a signifigant impact on Canadian businesses
New rules surrounding how businesses interact electronically with their clients are coming and manufacturers that aren’t prepared will face a harsh new reality when the laws are implemented in 2012.
Failure to comply with the new rules could cost up to $10 million.
Bill C-28, dubbed the Fighting Internet and Wireless Spam Act, will govern just about every commercial electronic message, text or social media message a business sends to its clients or prospective clients.
“The biggest impact to small business is in their marketing efforts,” explains Alan K’necht, author of The Last Original Idea – a Cynic’s View of Internet Marketing and co-founder of Digital Always Media Inc., an Internet and social media marketing firm in Toronto. “If they have been doing any kind of online marketing or hiring agencies to help them, they must ensure the agencies comply with the new bill.”
The Act describes commercial electronic messages as anything that could reasonably be concluded to encourage participation in a commercial activity such as offers to purchase, sell, barter or lease anything; offers to engage in a business, investment or gaming opportunity; or to promote virtually any type of event.
The only way these messages can be legally sent is by obtaining explicit permission from the recipient first.
Commonly referred to as “opt-in” messages, this type of communication differs from current “opt-out” standards, which are generally unsolicited messages that include an option to be removed from the list.
To top it all off, Bill C-28 also forbids messages requesting permission to receive electronic marketing.
K’necht says most small businesses don’t have the budget or resources internally to run their own campaigns, so they hire third parties who may not use permission-based lists for direct email marketing. When the law is implemented, it’s the company, not the third-party marketing supplier, which will be held accountable.
And he says it’s the small businesses that will be most at risk.
“Most individual spammers have no assets and the bigger companies will likely get a slap on the wrist. When the government went after Google and Facebook for violations of the personal privacy act, they gave them an opportunity to amend their practices to comply with the legislation. You can bet they’re not going to be so nice with small and medium-sized businesses,” says K’necht.
Sending your messages through off-shore servers won’t help anyone skirt the law, either.
The Act will apply to all communications sent by Canadian companies, to Canadian companies or messages simply routed through Canadian servers. That means it will impact exporters, importers and how all Canadian businesses communicate with customers around the world.
“This new legislation will impact any American business that communicates with Canadian customers or transmits data through Canadian servers,” said Barbara McIsaac, a counsel in law firm Borden Ladner Gervais LLP’s Ottawa office, who specializes in privacy and access-to-information law. “Businesses, including directors and officers, are facing much greater risk.”
McIsaac recommends five ways to protect your firm and its directors before The Act is implemented:
- Conduct an internal audit to account for all external-facing electronic communications distributed by the organization. Consider relevant third parties such as distributors or marketing agencies, and the location of any external servers.
- Establish procedures to ensure that all customer or supplier-facing messages are accurate and comply with new requirements, including information disclosure language and an unsubscribe mechanism that is promptly implemented.
- Obtain and maintain an accurate and current list of recipients’ consent to receive messages. Instances of express and implied consent should be handled separately to ensure clarity and compliance.
- Revise contracts with any relevant third parties that distribute electronic messages on behalf of the organization to require compliance with The Act.
- Clearly communicate and educate relevant employees on policies that need to be implemented as a result of the act.
- Establish a “gate keeping” process to ensure that procedures for monitoring compliance are being followed.
- Obtain insurance to protect the business, corporate directors and officers from liability.
However, the question remains: how do companies engage in compliant electronic marketing campaigns when they aren’t even allowed to ask for permission to send commercial messages?
For new customers it’s easier, especially if you have an online commerce component—be sure to include a checkbox for customers buying on your website, or ask permission when taking the first order.