Canada Passes New Anti-Spam Law: What You Need to Know

The long awaited Canadian Anti-Spam law has passed after years of waiting.  The new law named FISA, Fighting Internet and Wireless Spam Act (Bill C-28), will establish requirements on those sending marketing emails (including SMS and IM) to and from Canada.  Click here for the full Bill C-28.

The main theme with this new Canadian law is that it is requiring consent whereas the CAN-SPAM Act does not in the US.  Any marketer sending a message to an email address of a person who resides in Canada will need consent to do so. FISA defines explicit and implied consent as follows:

Explicit consent is when the recipient provides permission to the sender to send them messages like a web page sign up form.

Implied consent comes in the form of an existing business or non business relationship between recipient and sender.  A business relationship is considered when a customer purchases a product/service or entering a contract.  A non-business relationship is when your customer does volunteer work for you or becomes a part of your organization.  Implied consent is stated to last up to 2 years after it is implied.

Once you have consent you should ensure these emails include:

• Company contact information such as name, address, email and phone number.
• A clear and conspicuous unsubscribe mechanism such as a link in your email or a working reply-to address where requests are read and processed.
• Clear identification of who the sender is.
• Process unsubscribe requests within 10 business days from time of request.
• The unsubscribe mechanism must remain intact for that email for 60 days of the send date of that email.

Now for the tough question you are asking -- 'How do i know who I am sending to is in Canada or not??'  This is going to be the big challenge if you are sending emails that are not clearly permission based on the definitions stated by FISA.  Simply stating you didn't know where the person lived will not hold up in court as a defense so it is important if you haven't already started gathering more information at time of sign up.

Here are some recommendations to make sure you are complying with this law. Although enforcement wont likely start until later next year, now is the time to make these changes for your protection.

1. Start storing sign-up information such as IP address which can be traced back to the email address at time of sign up.
2. Ask subscribers at point of sign up of their location.
3. Segment out domains you know are Canadian like a .ca extension or known popular domains such as Shaw, Sympatico, Rogers and Telus.  DO NOT assume anyone not under these domains are not Canadian based email addresses but it is a good start.
4. Use opt-in consent (if using implied consent, get explicit consent during the 2 year window)
5. Include BOTH an unsubscribe link as well as a working email address for redundancy.
6. Assume all your email addresses are Canadian!

Penalties for not complying with FISA can create fines that range from $1 million (individual) and up to $10 million (organizations).

Although the new bill may seem scary to email marketers, it will challenge us to improve sign-up and list hygiene practices that may otherwise be neglected.  Still have questions about the bill?  Comment below.

Chris Kolbenschlag
Director of Deliverability