Canada's New Anti-Spam Legislation

Spam, ie. unwanted email, is not only an irritation to most people but it can also be a threat carrying a virus or other malware and as a means for identify theft and fraud.  Many Western countries have enacted legislation to deal with the problem and in 2010 Canada passed the Fighting Internet and Wireless Spam Act, known as FISA.  The purpose of the legislation is to provide for a more secure online environment, both for personal and commercial communications, by deterring the most damaging and deceptive forms of spam.  The intent is to be technology-neutral so that unsolicited text messages or cell phone spam, as well as email, are covered by the Act.  The Act is not yet in force but anyone affected by it should be prepared to comply because the Act is expected to be brought into force shortly.

As a very rough summary, the Act prohibits the sending of unsolicited commercial electronic messages, the unauthorized alteration of transmission data, the installation of computer programs without consent (eg. through the use of malware), false and misleading electronic representations online (including websites), the unauthorized collection of electronic addresses and the collection of personal information by illegal access to a computer system.  A commercial electronic message is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.  Most promotional emails would be caught by the Act and are prohibited without the consent of each recipient.  An existing relationship or the publishing of a contact address that does not prohibit unsolicited messages will likely imply consent.  Each commercial electronic message must identify the sender and provide a means for the recipient to withdraw his or her consent, eg. to opt out of mailing lists.  Some market research surveys, since they are not encouraging participation in a commercial activity, would not be considered commercial electronic messages.

Most of the administration and enforcement of the Act will be the responsibility of the CRTC, although the Competition Bureau will have jurisdiction over false or misleading representations made by electronic means as part of its general jurisdiction over misleading marketing.  The CRTC will be able to impose fines for breach of the Act of up to $1,000,000 per violation for individuals and $10,000,000 per violation for corporations.  Canada's Privacy Commissioner also has a role to play with respect to the activities of address harvesters, who use technology to obtain email or other electronic addresses for the purposes of spam.

The size of the potential fines and other remedies available to enforce the Act and the broad scope of activities that are affected make a review of email policies and practices a worthwhile undertaking.  The government of Canada has indicated that it takes spam seriously and will pursue remedies against violators.

The comments in this article are intended as general information only and are not to be relied on as legal advice or an opinion applicable to your particular situation.   For further information, please contact Bruce Farrend at Farrend Law.