Anti‐Spam Legislation Factsheet Who needs to know about the law? Anyone who uses or makes use of “commercial electronic messages”, is involved in the alteration of transmission data, or produces / installs computer programs needs to be aware of the new anti‐spam law. What is the Anti‐Spam Act? The anti‐spam law will help protect Canadians while ensuring that businesses can continue to compete in the global marketplace. When does the law come into force? The Act will take effect on July 1, 2014. Businesses should start reviewing their existing activities before the Act comes into force. Once the regulations are published in their final form, there will be a short period of time between the date of publication and the coming into force of these provisions, to enable businesses and organizations to comply with the requirements. There is a 3‐year transitional period, which begins on July 1, 2014, during which consent to send commercial electronic messages is implied in the case of pre‐existing business and non‐business relationships. Please note that this period will end if the recipient of the commercial electronic messages says that they don’t want to receive any more of these messages. What does “spam and other electronic threats” mean? Under Canada’s anti‐spam legislation, there are various types of violations including the sending of unsolicited commercial electronic messages, the unauthorized alteration of transmission data, the installation of computer programs without consent, false and misleading electronic representations (including websites), the unauthorized collection of electronic addresses and the collection of personal information by accessing a computer system in contravention of an Act of Parliament. Violations include, but are not limited to, spam, malware, spyware, address harvesting and false and misleading representations involving the use of the any means of telecommunications, Short Message Services (SMS or Texts), social networking, websites, URL’s and other locators, applications, blogs, Voice over Internet Protocol (VoIP)m and any other current and future internet and wireless telecommunication threats prohibited by Canada’s anti‐spam legislation. What is a “Commercial Electronic Message”? A “Commercial Electronic Message” is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit. Also referred to as a CEM. What are the requirements concerning the sending of CEMs? Generally, the sender will need to obtain consent from the recipient before sending the message and will need to include information that identifies the sender and enables the recipient to withdraw consent. What is an example of altering transmission data? When an individual causes an electronic message to be sent to a destination that is different from that which the sender intended, such as forwarding a message. What are the general requirements for altering transmission data? Express consent will be necessary before transmission data in an electronic message can be altered. Other requirements that will need to be met, such as; clearly and simply describing why, and for what purpose, consent is being requested, as well as the identity of the requester. There requirements apply when the alteration of transmission data occurs in the course of a commercial activity. What is “Address Harvesting”? This refers to the collection of email addresses through the use of; ‐ “web crawlers”: computer programs that scan websites, groups and social networking sites, looking for electronic addresses ‐ “dictionary attacks”: when a computer program guesses live email addresses by methodically trying multiple name variations within a particular group of common email domains, such as Hotmail or Gmail. Anti‐Spam Legislation Factsheet What are the activities that fall under the CRTC mandate pursuant to Canada’s anti‐spam law? There are three broad activities that will engage the CRTC: ‐ Sending of commercial electronic messages without consent ‐ Alteration of transmission data in an electronic message without express consent ‐ Installation of computer programs without express consent The underlying principle is that these activities can only be carried out with prior consent and that such consent may be withdrawn. Who is responsible for enforcing the laws? There are three government agencies responsible for enforcement of the law: ‐ The Canadian Radio‐television and Telecommunications Commission (CRTC) to issue administrative monetary penalties for violations ‐ The Competition Bureau to seek administrative monetary penalties or criminal sanctions under the Competition Act ‐ The Office of the Privacy Commissioner to exercise new powers under an amended Personal Information Protection and Electronic Documents Act These agencies are able to share information with the government of a foreign state if the information is relevant to an investigation or proceeding in respect of a contravention of the laws of a foreign state that is substantially similar to the conduct prohibited by the Canadian law. What Administrative Monetary Penalties will the CRTC be able to issue? The CRTC will have a number of tools available including administrative monetary penalties. The maximum penalty is $1 million per violation for an individual and $10 million per violation for entities, such as a corporation. Where can I get more information about the law and what I need to do? The best place to get reliable information is from the Canadian government. Some of the websites available on the legislation are: www.fightspam.gc.ca www.chamber.ca/resources/casl www.bennettjones.com/casl www.crtc.gc.ca/eng/archive/2012/2012‐183.htm www.ic.gc.ca/eic/site/030.nsf/eng/home Source: fightspam.gc.ca