It sounds like a silly question: Is it safe to send email to businesses and friends in Canada? You may have a friend or a business colleague and communicating one to one with that friend is no problem at all. But if you are sending bulk emails to Canadian contacts, list serves, clients and prospective clients you need to be aware that Canada passed a law that could result in large fines for your business. You may still want to inform your clients of new services or products that your business offers and you may still want to send emails to prospective clients, but now you need to beware that it needs to be done right you you may be fined.
Did Canada really pass a law that impacts businesses who send email to Canadian citizens and businesses? The answer is yes, Canada did pass a law, commonly referred to as the Canadian Anti-Spam Law (the title of the law would take up more than 5 lines of text, so we will refer to it as the “Law”) that creates a risk of a fine for any business or individual that sends an email to a Canadian email address without consent. The stated purpose of the Law is to reduce spam, spyware, and identity theft. The stated purpose of the Law does not seem to seek to ensnare normal business email marketing, but the Law as written does seem to apply to virtually any email sent from a business or individual to a Canadian email address. Therefore, it is completely uncertain how the authorities in Canada will treat even a minor violation.
You might ask, can I send an email to request the necessary consent to send additional emails? The answer is, maybe. If you don’t have express or implied consent, as defined in the Law, you would be in violation of Law for asking for consent. Moreover, almost anything sent via telecommunication could fall under the Law, including email, text, instant messaging, and possibly telephone calls.
How large could the fine for violating the Law be? The maximum penalty for a violation of the Law is $10 million for a business and $1 million for an individual. There are transitional provisions that will be in effect for the first three years of the Law that could help soften the blow, but it’s unclear how the transitional provisions will be applied and there is no grace period during which the penalties do not apply.
What can I do to comply with the Law? There are three steps to comply with the Law. First, you’ll need either express or implied consent to send the email. Second, you must identify yourself in the email. Third, you’ll need to include an unsubscribe mechanism in each email you send.
There are a handful of exceptions where consent is not required to send an email. For instance, there are exceptions for warranty and product recall emails and for emails that supply a quote which was requested by a customer. The email still must include the identification, contact information, and the unsubscribe option.
What are a few steps to take to reduce the risk associated with the Law? The first step is to start a database documenting any consent, express or implied, from clients and prospective clients with Canadian email addresses. If you have any implied consents you may want to send a message requesting express consent because express consent is valid until revoked while implied consent is only valid for two years.
As the sender of emails, you will have the burden to show that you had consent to send the email. Because the burden to prove consent rests with you we’d suggest keeping detailed records of express consents in writing, if possible, but an unedited audio recording of the express consent would suffice. We would also suggest documenting the source of all implied consents.
Does the United States have a Similar Law? Yes and No. In 2003, President George Bush signed into law the CAN-SPAM Act of 2003. It applies to more than just email and the FTC website provides the following guidance on compliance with the law:
“Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law.
Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $16,000, so non-compliance can be costly. But following the law isn’t complicated. Here’s a rundown of CAN-SPAM’s main requirements:
- Don’t use false or misleading header information. Your “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
- Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.
- Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
- Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.
- Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Craft the notice in a way that’s easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.
- Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your message. You must honor a recipient’s opt-out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN-SPAM Act.
- Monitor what others are doing on your behalf. The law makes clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.” [http://www.business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business]
The Walk Law Firm is available to help businesses understand laws which apply to them when marketing their business, including the Canadian Anti-Spam Act and the US CAN SPAM Act of 2003.
The Walk Law Firm, PA and its attorneys are licensed in the States of Florida and Ohio only. We do not provide advice on the laws of Canada and this article is not intended as legal advice; rather, it was written for general information purposes only.