Spam Alert

 July 1 came and went with the introduction of Canada’s anti-spam legislation (CASL), touted by many as one of the toughest regulatory crackdowns on unsolicited e-mails. Although those who opened their inboxes July 2 likely did not find a reduction in the amount of spam, that was not the immediate intent of the legislation.

CASL, officially known as Bill C-28, governs the use of commercial electronic messages (CEM) sent to e-addresses. A CEM is defined as a message that encourages participation in a commercial activity, such as product promotion or advertising (this does not necessarily have to be for profit). As of July 1, companies cannot send a CEM without the receiver’s consent.

The line between implied and express consent is key, as it differentiates between an existing customer (i.e., renewing client of a brokerage) and a prospect. Today, firms cannot send a CEM to any e-address without at least implied consent. However, brokers and insurers can ask existing customers for express consent through a message that should include an opt-in/opt-out choice with clear “unsubscribe mechanism” for continuing electronic communication.

To allow businesses time to adjust, CASL provides a three-year transition related to consent requirements. There is a delay period of three years before “Right of Private Action” is allowed, meaning individual or class action lawsuits cannot be brought until 2017.

As the federal government notes on its anti-spam website: “No law will eliminate all spam, including that from overseas.” Instead, CASL governs spammers operating in Canada. It also puts enforcement into the hands of the Canadian Radio-television and Telecommunications Commission (CRTC).

The CRTC has a range of tools available to it, from warnings to penalties. Penalties can go as high as $1 million for individuals and $10 million for businesses. These fines, however, are reserved for the most serious violations of CASL.

In the days following July 1, the CRTC reported that it received hundreds of reports of spam violations submitted to fightspam@gc.ca, which have resulted in investigations. As of early August, no fines or penalties had been levied.

HOW TO GET READY

Getting ready for the new anti-spam measures has become a micro industry, with a spate of legal firms weighing in with advice and recommendations. These tips for business include formation of a compliance committee, development of guidelines and policy for staff, and investment in computer systems/database management to ensure adherence to the legislation.

In general, insurance organizations are aware of requirements related to CASL. Insurance Bureau of Canada (IBC), for example, has implemented an internal CASL compliance program, as well as training and ongoing monitoring of compliance, notes IBC’s senior counsel Mario Fiorino. The same is true of member companies. “IBC members are aware of CASL requirements and have implemented compliance programs as each insurer deems appropriate for their respective operations,” Fiorino says.

However, it is brokers, in their direct customer contact and marketing capacities, who will likely be on the front lines of CASL requirements. This is especially true for activities such as administration, prospecting and use of third-party marketers or customer list providers.

However, many brokers are tackling the anti-spam compliance challenges sooner rather than later.

“While this legislation is still fresh in everyone’s minds, our brokerage has taken an initiative to obtain expressed consent in order to continue sending valuable information,” says Debbie Thompson, vice president of business development for Whitby, Ontario-based Beyond Insurance Brokers Inc.

“We have made it part of our process on all new business, that is, asking explicitly for consent. We have also made available on our website a CASL toolkit for our business community, so they understand this important piece of legislation,” Thompson reports.

The Insurance Brokers Association of Ontario (IBAO) has provided member brokers with education and self-learning modules related to CASL, as well as supporting documentation and sample scripts for seeking consent.

“I think brokers were relatively prepared for the anti-spam legislation,” says Lola Thake, IBAO’s director of education. “People are getting their heads around the fact that this applies only to electronic messages with a commercial or sales focus. It doesn’t involve electronic servicing of accounts, for example,” Thake adds.

Kat Macaulay, a communications specialist with Calgary-based Rogers Insurance, says the nine member firms of the Canadian Broker Network (CBN, which includes Rogers) were aware of CASL and its impact on operations.

“Right across the board, we were all prepared for (CASL) and how it will affect all commercial electronic messages,” Macaulay notes. “But some brokers were more concerned than others, depending on how they use e-mail.”

No members of CBN use spam, reports Macaulay, but adds that some brokers still rely on e-mail for marketing and prospecting.

CLEARING HURDLES

Sources suggest that the main obstacle for brokerages in CASL compliance seems to involve administrative headaches – especially for smaller firms.

“The concern was more the amount of administrative work required,” Macaulay says. “If you are a smaller broker, for example, you don’t have resources or systems in place to set up and capture consent or opt-in/opt-out subscriber forms. It can be an expensive process for smaller companies to invest in these tools and people who, for example, can actively scrub lists,” she says.

“I think the main issue from a broker’s perspective is workflow and having to add this to their administrative processes to ensure compliance,” Thake suggests. “However, the three-year grace period definitely gives time to move from implied to express consent, so it is not all at once,” she adds.

Generating new business through e-mail may also pose a significant hurdle in the wake of CASL’s implementation.

“For our commercial producers, CASL has caused some friction when it comes to prospecting,” Macaulay reports. “The producer’s job is to make sure they are reaching out to prospects and driving new business. There is frustration that now there is an added layer of work in terms of compliance.”

Another potential issue is the use of third-party services, such as marketers and data/customer list providers.

“We have taken a closer look at our third-party relationships that provide ‘ready to buy’ lists as permission is not transferable, as well as third-party relationships that we use for e-mail marketing,” Thompson says. “It’s important to ensure that the third party will communicate immediately regarding opt-outs, as well as alert us if they are cited for violation of CASL,” she adds.

SOCIAL MEDIA GREY AREA

A grey area of CASL relates to social media. The federal government indicates on its anti-spam website that the legislation “applies to e-mails, texts and instant messages and any similar messages sent to electronic addresses… CASL does not apply to promotional information you post online in places like blogs or social media.”

But there is a fine line between an online conversation or interaction related to a business and a CEM.

“We were concerned about this because Rogers Insurance uses social media a lot to reach out to our communities and our customers,” says Macaulay. “Our understanding from our lawyers is that social media is excluded from CASL, in the sense that social media sites have their own agreements and terms.”

Macaulay uses the example of the networking site, LinkedIn, where members must agree to its terms before signing up. “It is a platform built outside of CASL,” she says.

“I believe (social media) is still an area that is unclear, as most consumers who use social media have taken th
e initiative to communicate that way with our business,” Thompson comments.

“The list of domains that constitute social networking sites is always growing and changing due to the nature of the Internet – this will be a challenge in itself to monitor,” she suggests.

CANADIAN CONTENT

The complexity of CASL compliance can sometimes blur the fact that the legislation focuses specifically on Canadian companies that regularly use spam. For some, it represents a fairly blunt instrument to address the unsolicited e-mail problem – a sledgehammer to swat pesky mosquitoes.

“It is important to remember that this legislation (CASL) was targeted at spammers, and my understanding is that only about 5% of Canadian companies actively use e-mail spam,” says Thake. “So this is a heck of a piece of legislation to target that 5%.”

For Macaulay, the effectiveness of CASL comes down to enforcement.

“The proof is in the pudding,” she suggests. “In three year’s time, it could be very similar to what happened with illegal downloads and the music industry. That was only taken seriously when the first fines were handed out, which involved hundreds of thousands of dollars to regular people.”

Thompson explains that when the Private Right of Action comes into force in 2017, individuals who feel they have been affected by a CASL violation can pursue their own legal remedies.

“This Private Right of Action will also open the door for anti-spam class action lawsuits, with maximum damages capped at $1 million per day,” she says. “Furthermore, under this provision, directors and officers can be held personally liable for violations of the law if they directed, authorized or consented to the violation of the law.”

Of CASL’s ongoing compliance requirements and the potential for penalties, Thompson argues that it is far better to be safe than sorry.

“My advice is: be prepared, take action and be compliant,” she says.