Canada’s new law restricts “spam haven”

Canada's New Law Restricts Spam Haven

As you may or may not know, Canada is the only G8 country that does NOT have anti-spam legislation. So you’re probably asking yourself “why do I need to get permission to email someone in that country?” Keep in mind Canada does have opt-in provisions within their privacy legislation called the Personal Information Protection and Electronic Documents Act (“PIPEDA” – pronounced pip’ee-da) that requires opt-in options. But while they do have this legislation in place, the repercussions aren’t nearly as strong as other countries, so spammers continue to fill Canadian’s inboxes with junk.

Some maintain that Canada is a spam haven and it’s considered to be the 9th largest producer of spam (Spamhaus). This is just one of the many reasons it’s important for the C-28 bill to pass. It will deter those who send the most damaging and deceptive marketing campaigns, unwanted commercial email, spyware and phishing campaigns.

As of June 17, 2010, the House of Commons broke for summer holiday and has left the Fighting Internet and Wireless Spam Act (C-28) on the shelf until the Fall. It’s been noted by many that last year’s bill (C-27) will be carried over and given a second reading once the House is back in Ottawa later this Fall.

What do you need to know?

  • C-28 essentially defines spam as a commercial message sent via email, IM, social, or phone
  • You cannot send email unless the recipient has consented
  • The email must contain certain things like identifying the sender and how to unsubscribe which needs to be done in no more than ten (10) days
  • The postal address of the sender must be included
  • Have a way for the receiver to contact the person responsible for the message for at least sixty (60) days
  • You cannot alter the transmission of the data
  • You cannot use false or misleading information like in the headers
  • You cannot perform address harvesting or dictionary attacks to collect data

Exemptions do apply

  • Family or personal email
  • Existing business relationship or if someone inquires to a business for information
    • Asking for a quote
    • Warranty or safety information
    • Information about ongoing subscriptions/membership
    • Anything related to employment relationships, like benefit plans

Monetary penalties are significant ($1 million for individuals, $10 million for businesses) but it unfortunately doesn’t apply to international senders who send to Canadian’s or “computer systems” located in Canada. However, for those who do make honest mistakes, there are protections in place.

In my eyes, this is not a bill to fear, but one to embrace. And keep in mind that most International laws already require adherence to guidelines called for by C-28.

Takeaway: Make sure your company talks to your Email Service Provider and that your marketing departments know about this. If you’re already doing business in Europe these requirements shouldn’t be anything new or tough to handle. Otherwise, plan for the changes now so that you are NOT caught off guard later.

Dennis Dayman

Dennis Dayman has more than 17 years of experience combating spam, security issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Eloqua’s Chief Privacy Officer, Dayman leverages his experience and industry connections to help Eloqua’s customer maximize their delivery rates and compliance. Previously, Dayman worked for StrongMail Systems as Director of Deliverability, Privacy, and Standards, served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as Director of Policy and Legal External Affairs for Southwestern Bell Global, now AT&T.

As a longstanding member of several boards within the messaging industry, including serving on the Board of Director’s and the Sender SIG for the Messaging Anti-Abuse Working Group (MAAWG), Secretary/Treasurer for Coalition Against Unsolicited Commercial Email (CAUCE), Certified Information Privacy Professional (CIPP) Advisory Board, Dayman is actively involved in creating current Internet and telephony regulations, privacy policies and anti-spam legislation laws for state and federal governments.

Meet the author:

Jeff Ginsberg

Jeff Ginsberg

20+ year email marketing veteran who wants to help NewBees BEEcome eMail Marketing Ninjas. Want to contribute to our blog? We are always looking for eMail Marketing Ninjas to come share their knowledge and help NewBees create and send better eMail messages.

Connect with: Jeff Ginsberg

Share this page:

Share on linkedin
LinkedIn
Share on facebook
Facebook
Share on twitter
Twitter
Share on email
Email

Connect with us:

To stay in the know and get the best eMail Marketing information that will teach you how to BEE an eMail Marketing Ninja.

Share this page:

Share on linkedin
Share on facebook
Share on twitter
Share on email

SUBSCRIBE
to download our
FREE GUIDE
“27 Free Tools Every
eMail Marketer Needs
in Their Toolbox”

 

Your privacy is our privilege!
We will never rent, sell or share your data. 
You can unsubscribe at any time, but you won’t want to 😃

  • Jim Ducharme
    August 17, 2010 at 9:13 am

    Thanks for making this painless Dennis! What about implied consent? As I recall the marketers could send to anyone they had a business relationship with in the past 16 months or something along those lines — getting them to then opt in. I’ll be asking about that one on today’s eMail Radio show.

    http://www.theemailguide.com/emailradio

    Regards,
    jim

    • Dennis Dayman
      August 23, 2010 at 10:29 am

      No true implied consent

      Consent is deemed in a number of circumstances:
      1) Existing business relationship
      2) Existing non-business relationship
      3) Conspicuous publication of electronic address
      4) Recipient has provided electronic address to the sender

      No implied consent for referrals
      In most cases implied consent last for 2 years – so a window of opportunity to obtain express consent exists.

      No consent needed for:

      1) Quotes or estimates, if requested
      2) Facilitates commercial transaction
      3) Warranty or safety information
      4) Information about ongoing subscription, membership, etc.
      5) Information related to employment relationship or benefit plan
      6) Delivers good or service

  • Jim Ducharme
    August 17, 2010 at 9:13 am

    Thanks for making this painless Dennis! What about implied consent? As I recall the marketers could send to anyone they had a business relationship with in the past 16 months or something along those lines — getting them to then opt in. I’ll be asking about that one on today’s eMail Radio show.

    http://www.theemailguide.com/emailradio

    Regards,
    jim

    • Dennis Dayman
      August 23, 2010 at 10:29 am

      No true implied consent

      Consent is deemed in a number of circumstances:
      1) Existing business relationship
      2) Existing non-business relationship
      3) Conspicuous publication of electronic address
      4) Recipient has provided electronic address to the sender

      No implied consent for referrals
      In most cases implied consent last for 2 years – so a window of opportunity to obtain express consent exists.

      No consent needed for:

      1) Quotes or estimates, if requested
      2) Facilitates commercial transaction
      3) Warranty or safety information
      4) Information about ongoing subscription, membership, etc.
      5) Information related to employment relationship or benefit plan
      6) Delivers good or service

  • Greg
    August 18, 2010 at 11:07 am

    So it’s basically the Can-Spam Act, but with an opt-in provision instead of opt-out?

    • Dennis Dayman
      August 23, 2010 at 10:26 am

      Sorry for late reply. I was on vacation last week.

      FISA vs. CAN-SPAM: Similarities
      1) Requirement to accurately identify sender
      2) Prohibition false and misleading transmission data/subject lines
      3) Requirement for unsubscribe mechanism
      4) Liability for brands who knowingly allow spam to be sent on their behalf

      FISA vs. CAN-SPAM: Key Differences

      FISA
      1) Addresses broad range of Internet issues (spam, spyware, pharming, etc.)
      2) Applies to all forms of electronic messaging (email, SMS, IM, etc.)
      3) Primarily opt-in; permission based
      4) PRA available to anyone (individuals, businesses, etc.)

      Can-Spam
      1) Addresses spam only
      2) Applies only to email
      3) Opt-out; you can technically mail any person at least once
      4) PRA available only to ISPs

      • Nancy
        December 17, 2010 at 9:26 am

        Fantastic summary, Dennis. One more key difference to note is CAN-SPAM requires an unsubscribe to remain active for 30 days after an email is sent. C-28 extends this to to 60 days for an unsubscribe mechanism or contact mechanism to remain active.

  • Greg
    August 18, 2010 at 11:07 am

    So it’s basically the Can-Spam Act, but with an opt-in provision instead of opt-out?

    • Dennis Dayman
      August 23, 2010 at 10:26 am

      Sorry for late reply. I was on vacation last week.

      FISA vs. CAN-SPAM: Similarities
      1) Requirement to accurately identify sender
      2) Prohibition false and misleading transmission data/subject lines
      3) Requirement for unsubscribe mechanism
      4) Liability for brands who knowingly allow spam to be sent on their behalf

      FISA vs. CAN-SPAM: Key Differences

      FISA
      1) Addresses broad range of Internet issues (spam, spyware, pharming, etc.)
      2) Applies to all forms of electronic messaging (email, SMS, IM, etc.)
      3) Primarily opt-in; permission based
      4) PRA available to anyone (individuals, businesses, etc.)

      Can-Spam
      1) Addresses spam only
      2) Applies only to email
      3) Opt-out; you can technically mail any person at least once
      4) PRA available only to ISPs

      • Nancy
        December 17, 2010 at 9:26 am

        Fantastic summary, Dennis. One more key difference to note is CAN-SPAM requires an unsubscribe to remain active for 30 days after an email is sent. C-28 extends this to to 60 days for an unsubscribe mechanism or contact mechanism to remain active.

  • Jason
    November 2, 2010 at 9:12 pm

    How about opt out in Canada? If I email someone back and ask to be removed from their email list … don’t they have to comply?

    • Jim Ducharme
      November 2, 2010 at 9:31 pm

      Jason,

      Can you tell me where the email originated?

      Responsible email marketers who follow best practices use the current US legislation known as CAN-SPAM as the foundation for their best practices. CAN-SPAM stipulates that you must provide an unsubscribe link or address which works and remove someone at their request within in ten business days. You must also provide a physical address and contact information. Canada’s FISA bill will hopefully be law soon and has the same basic stipulations. Reputable email marketers operate under strict self imposed guidelines of best practices to ensure that only those who have given their permission to be emailed are.

      I should also add that as a rule of thumb I never reply to spam email – email which I have not specifically opted in to receive. This is because replying to the sender address or even clicking the unsub link (which might even be a link to a malicious page) tells the spammer that the address is active and may just result in more spam. In my case, I simply add the sender to my junkmail list. You can also use the “spam” button — that option depends on what email software you are using. Can you tell me what client and version you use for email?

      If you need help with this I would be happy to. Just let me know and I’ll drop you an email.

      jim

  • Jason
    November 2, 2010 at 9:12 pm

    How about opt out in Canada? If I email someone back and ask to be removed from their email list … don’t they have to comply?

    • Jim Ducharme
      November 2, 2010 at 9:31 pm

      Jason,

      Can you tell me where the email originated?

      Responsible email marketers who follow best practices use the current US legislation known as CAN-SPAM as the foundation for their best practices. CAN-SPAM stipulates that you must provide an unsubscribe link or address which works and remove someone at their request within in ten business days. You must also provide a physical address and contact information. Canada’s FISA bill will hopefully be law soon and has the same basic stipulations. Reputable email marketers operate under strict self imposed guidelines of best practices to ensure that only those who have given their permission to be emailed are.

      I should also add that as a rule of thumb I never reply to spam email – email which I have not specifically opted in to receive. This is because replying to the sender address or even clicking the unsub link (which might even be a link to a malicious page) tells the spammer that the address is active and may just result in more spam. In my case, I simply add the sender to my junkmail list. You can also use the “spam” button — that option depends on what email software you are using. Can you tell me what client and version you use for email?

      If you need help with this I would be happy to. Just let me know and I’ll drop you an email.

      jim

  • Ed Lam
    September 2, 2011 at 11:37 am

    Does it apply to situations where Canadians are sending marketing emails from Canada to businesses in the USA? I ask because by going over the legislation, it doesn’t seem to allow that. Any insight is appreciated!

  • Ed Lam
    September 2, 2011 at 11:37 am

    Does it apply to situations where Canadians are sending marketing emails from Canada to businesses in the USA? I ask because by going over the legislation, it doesn’t seem to allow that. Any insight is appreciated!

Add a comment

SUBSCRIBE to our newsletter
to download our FREE GUIDE
“27 Free Tools Every
eMail Marketer Needs in Their Toolbox”

Download our free guide 27 Free Tools Every eMail Marketer Needs in Their Toolbox

Download our FREE GUIDE

Your privacy is our privilege!
We will never rent, sell or share your data. 
You can unsubscribe at any time, but you won’t want to 😃

This website uses cookies to ensure you get the best experience on our website.