Electronic communication has been around for awhile, but Canada recently became the last of the G8 countries to introduce laws to curb spam and spyware when Parliament passed the Fighting Internet and Wireless Spam Act (FISA) last December.
The Law: Objectives
- To prevent spam, particularly when used for identity theft, phishing and spyware
- To end the flood of unsolicited emails
Applies to all forms of electronic messaging, including:
- text and instant messaging
- blog, video and social networking postings
- for individuals, up to $1 million
- for organizations, up to $10 million
Directors and officers of corporations are not shielded from personal liability and can be penalized if they authorized the offending conduct. The law also allows a person to sue FISA violators to recover actual damages and additional amounts of up to $1 million per day.
What’s prohibited: Sending an electronic commercial message to an electronic address unless the recipient has consented.
When it applies: To all messages with a commercial purpose (regardless if the sender is a for-profit or non-profit organization), not personal messages. The content, hyperlinks and contact information within the message will be used to determine whether the message is commercial or personal.
The law also applies to parties retained by the sender. So if a dealer hires a marketing company to conduct online advertising, the dealer has an obligation to ensure that company complies with FISA. The dealer may be found liable even if it doesn’t know the marketing company has breached the Act.
Types of consent
Explicit – The recipient gives direct permission to receive the communication.
Implied – Acceptable in a few circumstances. The sender and recipient must have an existing business or non-business relationship (the recipient is a client, or a member of the same registered club) prior to a commercial message being sent. A recipient can also imply consent if he posts his e-mail address online without indicating he doesn’t wish to receive unsolicited messages.
The sender and parties acting for the sender must identify themselves, provide contact information and include an unsubscribe mechanism.
What’s prohibited: Installing computer programs without the express consent of the user. When the program prompts for consent to install, the message must clearly describe the program.
When it applies: To all electronic devices with sending/receiving capabilities. Program updates and upgrades are exempted if the user consented to the initial installation.
Your disclosure obligation begins when the program:
- collects personal information stored on the user’s system.
- changes the system’s settings or preferences.
- interferes with the user’s control of the system.
What you can do
Review and modify online business practices before FISA comes into force; likely later this year.
Update electronic communication policies and documentation to ensure consents are obtained from all recipients and all required information is included in outgoing communications.