Do you use email, SMS, social media or instant messaging to reach volunteers, donors and more? Do you carry out these activities in or from Canada? If so, you should be aware of recent changes to Canada’s anti-spam laws.
Here’s the low-down regarding Canada’s recently implemented anti-spam legislation. The law targets damaging and deceptive forms of spam, defined by the Government of Canada as any electronic commercial message sent without the express consent of the recipient(s). Nonprofits are not excluded from these new laws, so if you use electronic networks to market your organization, you should take note of the changes.
The act will be enforced by three separate government agencies. Significant fines or penalties may apply to organizations (as well as for profit companies and individuals) that violate the new laws. The Canadian Radio-television and Telecommunications Commission will investigate and take action against any organization found to:
- Send commercial electronic messages without the recipient’s consent. This includes emails, social networking messages and text messages.
- Alter transmission data in an electronic message which results in the message being delivered to a different destination without expressed consent. This includes directing users to websites they did not intend to visit and other illegal activities.
- Install computer programs without express consent of the computer owner or authorized employee. This includes malware, spyware and viruses installed with computer programs.
In addition, the Competition Bureau will impose monetary penalties or criminal sanctions to any organization found using false or misleading representations online in the promotion of products or services. This includes misleading sender or subject matter information, electronic messages and locator information such as URLs and metadata.
The final government agency responsible for enforcing the new anti-spam legislation is the Office of the Privacy Commissioner, who will exercise new powers against any organization found to be responsible for:
- Collecting personal information through the access of a computer system in violation of federal law.
- Collection of electronic addresses without permission, such as address harvesting. This includes bulk email lists compiled through the use of mechanisms that mine the Internet for email addresses.
Some important exemptions that apply to nonprofits include:
- Messages sent on behalf of a charity or political organization for the purposes of raising funds or soliciting contributions.
- Messages that provide information about a purchase, subscription, membership, account, loan or other ongoing relationship, including delivery of product updates or upgrades.
- A single message to a recipient without an existing relationship on the basis of a referral. The full name of the referring person must be disclosed in the message.
Government agencies are not the only body permitted to report violations to the new laws, however. Individuals and organizations that receive messages that constitute as spam may bring a private right of action in court against an individual/organization that they allege have violated the law.
The law defines two distinct types of consent, implied and express, for receiving a commercial electronic message. Implied consent includes when:
- A recipient has purchased a product, service or made another business deal, contract or membership with your organization in the last 24 months.
- You are a registered charity or political organization, and the recipient has made a donation or gift, has volunteered or attended a meeting organized by you.
- A professional message is sent to someone whose email address was given to you, or is conspicuously published, and who hasn’t published or told you that they don’t want unsolicited messages.
Express consent is defined as a “written or oral agreement to receive specific types of messages,” and is only valid if the following information is included with your request for consent:
- A clear and concise description of your purpose in obtaining consent.
- A description of messages you’ll be sending.
- Requestor’s name and contact information (physical mailing address and telephone number, email address or website URL).
- A statement that the recipient may unsubscribe at any time.
There is a transition period, lasting until July 1, 2017, during which your organization may continue to send messages to recipients from whom you have implied consent, unless they unsubscribe. After the 2017 cut-off date, you may only send to recipients with express consent or whose implied consent is currently valid under CASL—that is, 24 months after a purchase or six months after an inquiry.
Canadian nonprofits need to be aware of the new regulations and make sure all commercial messages comply with the criteria. Some helpful tips for contacting supporters are listed below:
- Maintain a record of consent confirmations.
- When requesting consent, checkboxes cannot be pre-filled to suggest consent.
- All messages sent must include your name, the person on whose behalf you are sending (if any), your physical mailing address and your telephone number, email address or website URL.
- All messages sent after consent must also include an unsubscribe mechanism and unsubscribes must be processed within 10 days.
Further information regarding the new legislation, as well as a helpful quiz for any businesses or organizations who want to ensure their compliance can be found on the Canadian Government’s FightSpam site.