ANTI-SPAM LEGISLATION
Anti-Spam Legislation
and Franchise Systems
– The Insurance
Perspective
BY J E N N I F E R T Y RW H I T T G O RY
In an ever changing world, computers and the way we communicate and
retain information with our vendors, potential customers and partners is
becoming more and more mainstream. It seems at times that legislation
seems to put more barriers and costs in front of the business owner rather
than assist with our growth and entrepreneurial spirit.
Anti-Spam, Privacy and You
The anti-spam legislation will be one of the many new things you
must be aware of as a business owner. This new legislation will
affect almost every business in Canada. Although at the writing
of this article the insurance industry and companies have not
specifically designed an insurance policy directly around this
new legislation, there are several ways you can protect yourself
and your assets. As business owners, you are expected, like
all workflows and implementing new programs, to familiarize
yourself with the requirements and make a plan for compliance
around this new legislation. Business owners must also obtain
express or implied consent from those to whom it wishes to interact with electronically, which is not unlike the Privacy Act
Legislation (PIPEDA) which rolled out several years ago to Ontario, and other provinces.
As seen in TheFranchiseVoice | Winter 2014 | www.cfa.ca
Directors & Officers Liability
Does your franchise system have a Directors & Officers Liability
policy? If not, you should strongly consider purchasing one. Violations of the new legislation may leave your corporation’s directors
and/or officers personally liable for the company’s violations and
Canadian privacy laws provide for potential fines and director and
officer liability following a privacy breach. There is also a separate
right for affected individuals to bring a claim for compensatory
damages arising from the violation, and businesses should take
into account the risk of regulatory scrutiny, fines and penalties,
as well as possible lawsuits. It is important to note that there are
indeed insurance policy solutions that you can purchase as part
of the risk management of your company. Many provinces’ legislation provides that every person who collects, holds, communicates to third persons or uses personal information other than
© 2014, Canadian Franchise Association. All rights reserved. The contents of this publication may not
be reproduced by any means, in whole or in part, without the prior written consent of the publisher.
ANTI-SPAM LEGISLATION
in accordance with this law is liable to fines, and any administrator, director, or representative of the legal person who ordered or
authorized the illegal act or omission is liable to the prescribed
penalty. Purchasing a D&O Liability policy is a good first step,
which will not only defend you for allegations of violating the AntiSpam legislation, but a D&O policy also defends the Directors and
Officers of “wrongful acts.” Be sure to work with your insurance
provider to understand your policy and what it covers, as there
is no one D&O policy wording used across the board by all Insurance Companies. Exclusions also affect what is covered.
Cyber-Risk Liability and Privacy Breach
Could this happen to your franchise system?
A hacker successfully obtains sensitive personal information
from your computer system. As a result, a number of customers
bring a claim against you for allowing access to their personal
information. A Cyber Risk policy would respond for damage and
defence costs for covered lawsuits.
You receive an e-mail that appeared to be from your bank,
but was not. One of your employees opened the email which
activated a computer virus called a Trojan horse that read key
strokes from one of your computers. The perpetrator uses this to
obtain banking and password information and initiates a fraudulent electronic wire transfer from your bank account. The Cyber
Risk policy would respond by indemnifying you for the funds that
were fraudulently transferred from your bank account, subject to
terms, coverage, and wordings of the policy.
“Violations of the new legislation
may leave your corporation’s
directors and/or officers
personally liable.”
“A Cyber Risk policy would
respond for damage and defence
costs for covered lawsuits.”
In evaluating the risks triggered by a privacy breach, business owners and your brokers also have to determine what type
of damages may be awarded to individuals following a privacy
breach. Obtaining a full review of your liability insurance requirements from a seasoned commercial insurance broker does not
cost you fees upfront. It is important to work with an independent
insurance broker who is competent in commercial insurance and
who is also familiar with franchise systems, franchise legislation
and this new Anti-Spam legislation.
• ABOUT THE AUTHOR •
Over the last 10 to 11 years, Cyber-Risk Liability and Privacy
Breach insurance has been available worldwide to commercial
clients; however, we are now currently in the true evolution of the
product, and is speculated that this line of insurance will grow
between three and four times in premium volume over the next
three to four years. Increasing reports of cyber intrusions, data
theft, and computer system malfunctions have led a rapidly growing number of companies to purchase this line of coverage.
There are many direct and indirect consequences that arise
from a privacy breach risk. There are costs associated with the
loss of data: having to bear the costs pertaining to responding
to the breaches including investigative costs (such as forensic
experts), outsourcing hotline support and providing free credit
monitoring subscriptions to those affected by the breach, as
well as providing customers discounts for future products and
As seen in TheFranchiseVoice | Winter 2014 | www.cfa.ca
services to help regain trust and loyalty. Additionally, the jurisdiction that your business is located in may insist on notification
to privacy commissioners and you may not have considered that
there is a cost for this. Many people are surprised to learn that
a standard Commercial General Liability policy or a Professional
Liability policy would not apply to a technology or cyber-privacy
claim, and would therefore not be covered. This Cyber-Risk and
Privacy Breach Insurance policy covers a broad spectrum of
liability claims; however, there is no one Cyber-Risk and Privacy
Insurance language common amongst all carriers. Lastly, there is
also an extension that may be considered being added onto your
CGL Liability policy called Advertising/Media Liability coverage.
Jennifer Tyrwhitt Gory, B. Mus., CAIB is President of Insurance
Portfolio Inc., an independent insurance brokerage in business for
over 80 years. Contracted with the best carriers in Canada, brokers
commercial, professional indemnity, group programs for franchise
systems, group benefits, automobile, and homeowners insurance.
Visit our website at www.insuranceportfolio.com or contact us at
1-800-773-8638, or email us at [email protected].
Member Since: 2007
© 2014, Canadian Franchise Association. All rights reserved. The contents of this publication may not
be reproduced by any means, in whole or in part, without the prior written consent of the publisher.