Canada Sets a New Standard in the Fight Against Spam

Splogs and spammy links are the scourge of legitimate search marketers. The search marketing sector might be better-served if it took a cue from Canada in its fight against spam. As of April 20, 2011, Canada trails only six other countries in The Spamhaus Project’s list of “The 10 Worst Spam Countries,” with 224 live spam issues. The United States leads the way with almost 2,300 live spam issues, followed by China, Russian Federation, United Kingdom, Brazil, and Japan rounding out the top six. On December 15, 2010, the Government of Canada took an aggressive step in its fight against spam when it passed powerful anti-spam legislation.

Officially entitled Bill C-28, Canada’s anti-spam legislation is known by the acronym FISA, which is based on its previous title, the “Fighting Internet and Wireless Spam Act.” Although the exact date of when it will go into effect has not been fixed by order of the Governor in Counsel, as of early April 2011, it is expected that FISA will come into force by September 2011.

FISA is designed “to deter the most damaging and deceptive forms of spam from occurring in Canada, creating a more secure online environment” (according to Industry Canada). Analysis of the bill suggests that Canada has succeeded in developing a broad set of consumer-protection rules. One of the most significant components of FISA is the creation of additional consumer consent requirements. FISA is powerful, going further than many other anti-spam regulations, including the United States counterpart, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or CAN-SPAM, which took effect in 2004. FISA is viewed as setting a new standard for anti-spam legislation. (Both Canada and the U.S. have other laws and systems in place to protect consumers from unwanted marketing communications, including the U.S. Junk Fax Prevention Act of 2005 and Canada’s Personal Information Protection and Electronic Documents Act, Competition Act, and Telecommunications Act (Canada), each of which FISA amends to varying extents.)

The American anti-spam law had a simple purpose – to protect consumers against unsolicited email. At the time, it was considered broad in scope, proscribing several compliance requirements and prohibitions. CAN-SPAM essentially allows the transmittal of commercial emails, but requires the sender to include simple opt-out procedures that are honored within 10 days. It also requires that the emails include a physical address of the publisher or advertiser and restricts the content of the from and subject lines to ensure that they are accurate and relevant.

Under FISA’s more stringent requirements, companies and individuals who send commercial electronic messages to, through, or from Canada will need to be prepared for significant additional regulations. To be compliant, you need to understand its provisions and develop a detailed compliance policy that is communicated to all relevant personnel who are also educated on the company’s policy and FISA’s provisions.

The first step in understanding how FISA’s provisions will affect your existing and future marketing efforts and compliance programs is understanding the general provisions of FISA and how it differs from CAN-SPAM.

For example, in addition to spam, FISA’s regulations apply to a range of electronic activities such as spyware, phishing, and malware, when used in connection with commercial activities. FISA also does not distinguish among the particular means of electronic transmission that are used to engage in offending activities, applying to all forms of commercial electronic messages, such as text messages or instant messages.

Perhaps the most dramatic and important distinction between CAN-SPAM and FISA, and the provision that is likely to require the most change at the company level, concerns FISA’s treatment of consent in the communications process.

Unlike CAN-SPAM, FISA shifts the consent system from an opt-out system to an opt-in system, requiring consent prior to sending commercial messages. Although this seems daunting at first, it is important to note that it is not a true opt-in system, however, because express consent is not required. A consumer can be deemed to have provided implied consent.

Most frequently, implied consent will be found when there is an existing business relationship between the sender and recipient of the messages. An existing business relationship will exist when a company has done business with a consumer within two years of the message or if a consumer makes certain inquiries to a company within six months of the message. Implied consent can also be found when the electronic address of the recipient is conspicuously published or disclosed, without a statement that the person does not wish to receive unsolicited commercial electronic messages, as long as the message is relevant to their business, role, function, or duties.

As with CAN-SPAM, best FISA practices call for each message to also contain a simple and effective opt-out mechanism, even if the consumer has consented.

Finally, FISA provides private citizens with broader remedies than CAN-SPAM, permitting any person to bring a lawsuit for FISA violations. CAN-SPAM’s private rights of action, on the other hand, are limited to Internet service providers. Penalties for violation of FISA are also significant and can range up to a fine of C$10 million for companies and C$1 million for individuals. Individual officers, directors, and agents can also be held personally liable under FISA.

In summary, although many of FISA’s provisions are addressed by other international anti-spam regulations, FISA’s specific requirements differ significantly from many others in ways that may have a dramatic effect on how your company engages in sending commercial electronic messages in its marketing efforts. Taking the time to review FISA’s requirements and your existing policies, and revise them if necessary, before it goes into effect is essential to ensure compliance and avoid liability from lawsuits by government and private citizens.

BIO: Nick Pavlidis is an attorney in the New York City office of Arent Fox LLP in its complex commercial litigation group, concentrating his practice on corporate and intellectual property litigation. In addition, Nick advises corporations and individuals in a variety of transactional and litigation matters including Internet law and social media, labor and employment law, commercial bribery, and the Foreign Corrupt Practices Act.

This column was originally published in SES Magazine, May 2011.

Related reading

Website landing page vector graphic