Electronic communication has been around for awhile, but Canada recently became the last of the G8 countries to introduce laws to curb spam and spyware when Parliament passed the Fighting Internet and Wireless Spam Act (FISA) in December 2010.

The Law: Objectives

  • To prevent spam, particularly when used for identity theft, phishing and spyware
  • To end the flood of unsolicited emails

Applies to all forms of electronic messaging, including:

  • e-mails
  • text and instant messaging
  • blog, video and social networking postings


  • for individuals, up to $1 million
  • for organizations, up to $10 million


  • Canadian Radio-Television and Telecommunications Commission (CRTC)Directors and officers of corporations are not shielded from personal liability and can be penalized if they authorized the offending conduct. The law also allows a person to sue FISA violators to recover actual damages and additional amounts of up to $1 million per day.

    Read: What’s in your inbox?

    Anti-Spam Provisions

    What’s prohibited: Sending an electronic commercial message to an electronic address unless the recipient has consented.

    When it applies: To all messages with a commercial purpose (regardless if the sender is a for-profit or non-profit organization), not personal messages. The content, hyperlinks and contact information within the message will be used to determine whether the message is commercial or personal.

    The law also applies to parties retained by the sender. So if a dealer hires a marketing company to conduct online advertising, the dealer has an obligation to ensure that company complies with FISA. The dealer may be found liable even if it doesn’t know the marketing company has breached the Act.

    Read: Next gen clients are online

    Types of consent

    Explicit – The recipient gives direct permission to receive the communication.

    Implied – Acceptable in a few circumstances. The sender and recipient must have an existing business or non-business relationship (the recipient is a client, or a member of the same registered club) prior to a commercial message being sent. A recipient can also imply consent if he posts his e-mail address online without indicating he doesn’t wish to receive unsolicited messages.

    The sender and parties acting for the sender must identify themselves, provide contact information and include an unsubscribe mechanism.

    Anti-Spyware Provisions

    What’s prohibited: Installing computer programs without the express consent of the user. When the program prompts for consent to install, the message must clearly describe the program.

    When it applies: To all electronic devices with sending/receiving capabilities. Program updates and upgrades are exempted if the user consented to the initial installation.

    Read: ‘Online bandits’ targeting social media

    Your disclosure obligation begins when the program:

    • collects personal information stored on the user’s system.
    • changes the system’s settings or preferences.
    • interferes with the user’s control of the system.

    What you can do

    Review and modify online business practices before FISA comes into force.

    Update electronic communication policies and documentation to ensure consents are obtained from all recipients and all required information is included in outgoing communications.

    Read: Safer financial websites coming

  • Educate your representatives on FISA to minimize the risk of their breaching the Act.
  • Ensure all agreements with third parties sending electronic communications on your behalf have language requiring their compliance with FISA and enforceable indemnity provisions.
  • Originally published in Advisor's Edge

    Add a comment

    Have your say on this topic! Comments are moderated and may be edited or removed by
    site admin as per our Comment Policy. Thanks!