The next small business time bomb: Bill C-28

New rules surrounding how businesses interact electronically with their clients are coming and manufacturers that aren’t prepared will face a harsh new reality when the laws are implemented in 2012.

Failure to comply with the new rules could cost up to $10 million.

Bill C-28, dubbed the Fighting Internet and Wireless Spam Act, will govern just about every commercial electronic message, text or social media message a business sends to its clients or prospective clients.

“The biggest impact to small business is in their marketing efforts,” explains Alan K’necht, author of The Last Original Idea – a Cynic’s View of Internet Marketing and co-founder of Digital Always Media Inc., an Internet and social media marketing firm in Toronto. “If they have been doing any kind of online marketing or hiring agencies to help them, they must ensure the agencies comply with the new bill.”

The Act describes commercial electronic messages as anything that could reasonably be concluded to encourage participation in a commercial activity such as offers to purchase, sell, barter or lease anything; offers to engage in a business, investment or gaming opportunity; or to promote virtually any type of event.

The only way these messages can be legally sent is by obtaining explicit permission from the recipient first.

Commonly referred to as “opt-in” messages, this type of communication differs from current “opt-out” standards, which are generally unsolicited messages that include an option to be removed from the list.

To top it all off, Bill C-28 also forbids messages requesting permission to receive electronic marketing.

K’necht says most small businesses don’t have the budget or resources internally to run their own campaigns, so they hire third parties who may not use permission-based lists for direct email marketing. When the law is implemented, it’s the company, not the third-party marketing supplier, which will be held accountable.

And he says it’s the small businesses that will be most at risk.

“Most individual spammers have no assets and the bigger companies will likely get a slap on the wrist. When the government went after Google and Facebook for violations of the personal privacy act, they gave them an opportunity to amend their practices to comply with the legislation. You can bet they’re not going to be so nice with small and medium-sized businesses,” says K’necht.

Sending your messages through off-shore servers won’t help anyone skirt the law, either.

The Act will apply to all communications sent by Canadian companies, to Canadian companies or messages simply routed through Canadian servers. That means it will impact exporters, importers and how all Canadian businesses communicate with customers around the world.

“This new legislation will impact any American business that communicates with Canadian customers or transmits data through Canadian servers,” said Barbara McIsaac, a counsel in law firm Borden Ladner Gervais LLP’s Ottawa office, who specializes in privacy and access-to-information law. “Businesses, including directors and officers, are facing much greater risk.”

McIsaac recommends five ways to protect your firm and its directors before The Act is implemented:

• Conduct an internal audit to account for all external-facing electronic communications distributed by the organization. Consider relevant third parties such as distributors or marketing agencies, and the location of any external servers.

• Establish procedures to ensure that all customer or supplier-facing messages are accurate and comply with new requirements, including information disclosure language and an unsubscribe mechanism that is promptly implemented.

• Obtain and maintain an accurate and current list of recipients’ consent to receive messages. Instances of express and implied consent should be handled separately to ensure clarity and compliance.

• Revise contracts with any relevant third parties that distribute electronic messages on behalf of the organization to require compliance with The Act.

• Clearly communicate and educate relevant employees on policies that need to be implemented as a result of the act.

• Establish a “gate keeping” process to ensure that procedures for monitoring compliance are being followed.

• Obtain insurance to protect the business, corporate directors and officers from liability.

However, the question remains: how do companies engage in compliant electronic marketing campaigns when they aren’t even allowed to ask for permission to send commercial messages?

For new customers it’s easier, especially if you have an online commerce component—be sure to include a checkbox for customers buying on your website, or ask permission when taking the first order.

But according to K’necht, dealing with existing customers will be more difficult. “In this situation, you ask for permission in the reorder phase. Maybe use the billing statement. There will be opportunities for creative ways to reach out to your existing client base.

“My suggestion to all small businesses and my clients is now is the time to ask. Don’t wait until it becomes law, because just asking with be a violation of The Act.”

Guy Steeves, regional development director at Vancouver-based marketing firm Constant Contact, says education and awareness are keys to ensuring your organization is proactively evaluating contact list collection methods and practicing permission-based online marketing.

“With or without the legislation, there are many things that small businesses and organizations can do.”

Steeves recommends permission-based best practices that will help small businesses  become compliant:

• Ask for permission to communicate with your contacts. Some email marketers have operated for years with implicit consent to use an address obtained through relationships with customers or clients, but this will no longer be enough.

• Allow recipients to precisely select their areas of interest, such as newsletters, sale notifications, new product or service announcements or event invitations.

• Clearly state your privacy policy and include your address and phone number in all email communications. This adds credibility to your emails.

• Remind recipients why they are receiving an email from you. Whether they are a valued customer, a prospect, or a client you want to keep in touch with, the reminder will enhance recognition of your business and put your email into context, differentiating it from unwanted email.

• Be current—people change ISPs, jobs, and email addresses frequently and you’ll be the last to know. Ask for updated information and give subscribers an easy way to change their email address.

• Respect the privilege of communicating with your customers and prospects by taking care not to communicate too often. “Gratuitous emails are not met with gratitude,” says Steeves.

• Be diligent for subscribers that reply to an email to unsubscribe instead of using the automatic unsubscribe link. Monitor your inbox for unsubscribes and complaints and remove unsubscribe addresses right away and take action on any grievances.

• Beware of strangers bearing lists because permission is not transferable. If anyone claims you can “Blast your ad to over 1,000 safe addresses for a dollar,” or “Buy a CD with 10 million email addresses for only $99,” they are selling you spam lists.

Regardless of how much electronic marketing your firm conducts, making the effort now to implement new policy that complies with Bill-C-28 to avoiding a lot of unexpected hassle and the possibility of devastating financial consequences.