As you may or may not know, Canada is the only G8 country that does NOT have anti-spam legislation. So you’re probably asking yourself “why do I need to get permission to email someone in that country?” Keep in mind Canada does have opt-in provisions within their privacy legislation called the Personal Information Protection and Electronic Documents Act (“PIPEDA” – pronounced pip’ee-da) that requires opt-in options. But while they do have this legislation in place, the repercussions aren’t nearly as strong as other countries, so spammers continue to fill Canadian’s inboxes with junk.
Some maintain that Canada is a ‘spam haven’ and it’s considered to be the 9th largest producer of spam (Spamhaus). This is just one of the many reasons it’s important for the C-28 bill to pass. It will deter those who send the most damaging and deceptive marketing campaigns, unwanted commercial email, spyware and phishing campaigns.
As of June 17, 2010, the House of Commons broke for summer holiday and has left the Fighting Internet and Wireless Spam Act (C-28) on the shelf until the Fall. It’s been noted by many that last year’s bill (C-27) will be carried over and given a second reading once the House is back in Ottawa later this Fall.
What do you need to know?
- C-28 essentially defines spam as a commercial message sent via email, IM, social, or phone
- You cannot send email unless the recipient has consented
- The email must contain certain things like identifying the sender and how to unsubscribe which needs to be done in no more than ten (10) days
- The postal address of the sender must be included
- Have a way for the receiver to contact the person responsible for the message for at least sixty (60) days
- You cannot alter the transmission of the data
- You cannot use false or misleading information like in the headers
- You cannot perform address harvesting or dictionary attacks to collect data
Exemptions do apply
- Family or personal email
- Existing business relationship or if someone inquires to a business for information
- Asking for a quote
- Warranty or safety information
- Information about ongoing subscriptions/membership
- Anything related to employment relationships, like benefit plans
Monetary penalties are significant ($1 million for individuals, $10 million for businesses) but it unfortunately doesn’t apply to international senders who send to Canadian’s or “computer systems” located in Canada. However, for those who do make honest mistakes, there are protections in place.
In my eyes, this is not a bill to fear, but one to embrace. And keep in mind that most International laws already require adherence to guidelines called for by C-28.
Takeaway: Make sure your company talks to your Email Service Provider and that your marketing departments know about this. If you’re already doing business in Europe these requirements shouldn’t be anything new or tough to handle. Otherwise, plan for the changes now so that you are NOT caught off guard later.
Dennis Dayman has more than 17 years of experience combating spam, security issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Eloqua’s Chief Privacy Officer, Dayman leverages his experience and industry connections to help Eloqua’s customer maximize their delivery rates and compliance. Previously, Dayman worked for StrongMail Systems as Director of Deliverability, Privacy, and Standards, served in the Internet Security and Legal compliance division for Verizon Online, as a senior consultant at Mail Abuse Prevention Systems (MAPS), and started his career as Director of Policy and Legal External Affairs for Southwestern Bell Global, now AT&T.
As a longstanding member of several boards within the messaging industry, including serving on the Board of Director’s and the Sender SIG for the Messaging Anti-Abuse Working Group (MAAWG), Secretary/Treasurer for Coalition Against Unsolicited Commercial Email (CAUCE), Certified Information Privacy Professional (CIPP) Advisory Board, Dayman is actively involved in creating current Internet and telephony regulations, privacy policies and anti-spam legislation laws for state and federal governments.