The Anti-Spam Act – Part 5 of 5 – Challenges going forward

SPAM_Banner_DCanton

This last of 5 articles on the Anti-Spam Act will set out some of the questions and challenges going forward.

This is the last of a series of 5 articles that will introduce the Act, describe what spam is and is not, talk about collateral provisions, what we can do now, and some of the challenges going forward.

As I said in the first article, if you think the Act won’t affect you because you don’t send mass emails trying to sell random products, and don’t infest other people’s computers with spyware, you would be wrong.  It creates tools to fight spam, but unfortunately defines spam so broadly that it will affect how most of us conduct business. The definition of spam is so broad that goes far beyond what the average person would consider to be spam.

My personal view is that this Act is fundamentally flawed.  Creating tools to combat spam such as emails sent out by the thousands to try to sell drugs would be welcome by most people.  But this Act defines as spam things that most of us would consider innocuous, and indeed perhaps desirable.  For example, if you and I meet at an event, it may be spam if afterwards one of us sends an email to the other suggesting that we should talk further about our respective services.

The Act’s biggest impact will be the compliance headache it will cause to the average business or charity that is caught by the Act.

For many, obtaining and tracking explicit consent will be the best approach.  That is easier said than done, because opt-out (“toggling” in CRTC parlance) is not allowed, and response rates requiring a positive step are usually low.  And after the Act is in force, even sending an email requesting consent is considered spam and must be done under an exception.

We can expect to see a deluge of emails before the Act comes into force asking for permission.

Concern has been expressed that its negative effects and compliance burden on typical businesses and charities are far too onerous.  It has the potential to impede e-commerce and leave Canada behind in the use of electronic messaging going forward.  Organizations cannot afford to ignore the Act.  Just one email sent to one person can be spam.  Even though a business or charity may not be sending spam as that term is generally understood, the potential penalties are too severe to take chances.

As we have seen, the Act is long and complex, and is open to interpretation in many aspects.  The fact that the CRTC bulletins interpret some things in ways that go beyond what many of us think the Act provides for is testament to that.  Indeed, some comments by CRTC staff seem contrary to written Industry Canada provisions.

The practical ramifications of the Act do not always seem logical or simple to determine.

Consider for example buying a car, where no express consent for future communications is obtained.  Does the 2 year rule (the definition of existing business relationship says it lasts 2 years from the latest transaction) start running when I buy the car if I buy it, but not until the lease is over if I lease it?  Does the fact that the lease is with a financial institution rather than the dealer mean the finance company’s 2 years starts when the lease expires, but the car dealers starts when I acquire the car?  Does the 2 year period of the dealer start to run again every time I bring the car in for service?  Or does that just apply to communications regarding service, and not communications relating to a new car?

Another example to ponder is a press release.  Those sending a press release will need to think about the purpose of the release, and who is on the recipient list.  Is it being sent beyond traditional news services?  Does the fact that a recipient has published their email address on their firm’s website mean that they can or cannot get the release depending on the content of the release?  Does the fact, for example, that my email address is listed on my newspaper column mean I can be sent emails that could not be sent if my address was only on our firm web site?  Does it make a difference that I may be listed somewhere on a list of journalists because I write a newspaper column?  Does it make a difference if my address is disclosed on various social media platforms, such as facebook, linkedIn, twitter, or .tel?  Is the sender going to have to analyze each recipient to see how they fit under the exemptions, or how their email address has been published?

Some of the issues to ponder going forward include the following.

  • One of the keys will be to figure out the boundaries of “commercial activity”.  The inclusion of specific provisions relating to volunteers and donors for charities suggest that commercial activity may have a broader definition than one might contemplate.
  • Consider what the ramifications of the Act are in an era of convergence where messaging platforms are merging and in an era where mobile access to content and location based content is becoming more prevalent.
  • The definition of “electronic address” talks about “to an account”.  It would be a reasonable interpretation that things like a direct message on twitter could fall into the definition of spam – but messages sent on social media that are not directed by the sender to specific accounts or individuals would not be considered spam.  CRTC staff have commented that they are not considering social media, but the definitions in the Act are broad enough to impact it.
  • One of the exemptions is for sending warranty, safety or recall information.  But the recipient can opt out from receiving such electronic messages – unless recall messages are required by law.  If the buyer opts out – what is the vendor’s obligation if the buyer suffers because they were not aware?
  • How strictly will the Competition Act misleading advertising provisions be interpreted?  For example, will email subject lines be judged on their own, or will they be judged in conjunction with the broader details within the message body?

Another issue is whether the Act is actually within the powers of Parliament to enact.  Just over a year ago the Supreme Court of Canada ruled that the proposed federal Canadian Securities Act was ultra vires the federal government.  In other words, they did not have the power to enact it as drafted, essentially because it attempted to regulate matters that are within provincial powers.  Commentary has been written that draws parallels between the decision in that case and the Anti-Spam Act.  It would not be a surprise to see someone take that position and try to have the entire Act declared invalid when faced with sanctions under the Act.

David Canton is a business lawyer and trade-mark agent with a technology focus at Harrison Pensa LLP. This article contains general comments only, not legal advice. Web: www.harrisonpensa.com/lawyers/david-canton Blog: www.canton.elegal.ca  Copyright David Canton 2013.  This article may be reproduced in its entirety for non-commercial purposes.

 

The Anti-Spam Act – Part 4 of 5 – Things we can do now to prepare

SPAM_Banner_DCanton

Today’s’ article talks about what we can start doing now to be ready when the Act comes into effect.

This is the forth of a series of 5 articles that will introduce the Act, describe what spam is and is not, talk about collateral provisions, what we can do now, and some of the challenges going forward.

At this point it is unclear when the Act will come into force.  Expectations range from the next few months to as late as June of 2014.  We have been waiting for some time for the regulations to be finalized, as they are crucial to practical compliance with the Act.  The CRTC regulations are final.  While the Industry Canada regulations released on January 5 are only in draft form, they are a second draft, so are likely fairly close to the final version.

We are now therefore in a position to understand the Act’s practical application.

Consent is king under the Act.  So businesses and charities should start thinking about how to best obtain and document consent to send electronic messages.  It is important to remember that a consent that you may have now that qualifies under PIPEDA or other privacy legislation may not qualify as consent under the Act.  You may have to obtain consent again using a method that qualifies under the Act.

For example, under PIPEDA you might have my consent on an opt-out basis to send me emails promoting your products.  The Act (at least in the CRTC’s official view – I’m not convinced this is supported by the Act) does not recognize opt-out consent or consent obtained by “toggling”.  So a consent to send that email to me that is valid under PIPEDA might not be valid under the Act.

The first step is to conduct an audit of your information practices.  Take a look at the types of electronic messages your organization sends, why you send them, to whom you send them, and how you get people’s addresses.  Consider not only mass emails, but also what individual employees might send routinely or occasionally.

Keep in mind that the Act applies to any kind of electronic message – not just email – such as text messages, and direct messages using social media.

As a picture of your electronic communications emerges, consider how they fit into the Act.  Do the messages qualify as spam?  Do you have consent that is sufficient to comply?  What information do you need to add to the communications to comply?

It may be prudent to obtain and document explicit consent before the Act is in force.  The Act is very particular about how consent is obtained, so if consents are obtained before the Act comes into force, it is crucial to ensure that they comply.  The advantage of obtaining consent before the Act comes into force is that electronic messages can be sent to obtain consent before the Act is in force.  Once the Act is in force, electronic messages sent to obtain consent are themselves considered spam.

To reduce the odds of director and officer liability, consider implementing appropriate policies to show diligence, put proper processes in place, and reduce the chances of a violation.

If you use third party mail services to send emails to customers, potential customers, donors or others, discuss the legislation with the provider and ask if they are implementing processes to include the required information and unsubscribe capability, and obtain and track consents.  Of particular concern are email providers from outside of Canada.  The Act is very different than anti-spam legislation in other countries.  They may be unaware of the requirements, may want higher fees to implement the changes, or indeed may choose not to take the time and effort required to comply at all.

If you are in the software business, your software should be looked at to determine if it does anything that would require explicit consent under the Act.  If so, methods will have to be implemented to obtain and track the consents.  Consider whether the software can be changed to avoid the consents, or whether changing to a SAAS model will avoid the issue.

The next and final article will discuss some of the challenges going forward.

David Canton is a business lawyer and trade-mark agent with a technology focus at Harrison Pensa LLP. This article contains general comments only, not legal advice. Web: www.harrisonpensa.com/lawyers/david-canton Blog: www.canton.elegal.ca  Copyright David Canton 2013.  This article may be reproduced in its entirety for non-commercial purposes.

The Anti-Spam Act – Part 3 of 5 – Other things in the Act

SPAM_Banner_DCanton

This article talks about things in the Anti-Spam Act that are not directly related to spam.

This is the third of a series of 5 articles that will introduce the Act, describe what spam is and is not, talk about collateral provisions, what we can do now, and some of the challenges going forward.

Spyware

The Act contains anti-spyware provisions – the goal being to eliminate spyware, malware, and other malicious software.

You may recall the Sony copy protection rootkit scandal from 2005 where Sony music CD’s automatically installed digital rights management software on users’ computers without their knowledge or consent.  This software made operating systems more vulnerable to third-party attacks and could be used to collect and transmit information about computer use back to Sony.  Under the Act, such practices will be prohibited.

The Act applies to all software installed on someone’s computer.  The definition of computer program and computer system is very broad.  It includes software installed on smart phones, tablets, e-book readers and – since almost everything includes some kind of computing power these days – even things such as PVR’s and cars.

The Act prohibits the installation of computer programs and the transmission of electronic messages from a computer program unless the creator of the software has express consent from the owner or authorized user of the computer system.

Express consent may only be obtained if there is a notice to the user containing prescribed information about the software, and if it clearly and simply describes the function and purpose of the program or program update to be installed.

In addition, if a program performs certain undesirable functions then more prominent and explicit disclosure is required. The Act contains a list of functions often found in spyware, malware, and other types of malicious software, including:

  • Collecting personal information stored on the computer;
  • Interfering with the authorized user’s control of the computer;
  • Unknowingly changing or interfering with data;
  • Unknowingly changing or interfering with settings, preferences or commands;
  • Causing the computer system to communicate with another computer system; and
  • Installing a program that may be activated by a third party without the user’s knowledge.

If software contains one of these functions, the user must be told the reasonably foreseeable impacts of these functions.

Software vendors may need to amend their end user license agreements (EULAs) to comply. Some circumstances will require specific permission with full disclosure before the change can be made, regardless of the contents of a EULA.

Software vendors may want to consider whether changing from a traditional installed software model to a hosted SAAS or cloud model will avoid some of these issues.

Canadian software creators – indeed any entity selling software to Canadians – will need to review the Act, given the significant potential fines and consequences to directors and officers if there is a violation.

Preservation Demands

Telecommunications service providers, meaning an ISP or anyone providing telecommunications services, can be ordered to preserve transmission data for 21 days to facilitate investigations under the Act.

The Act also includes provisions where anyone can be ordered to produce documents to facilitate investigations, and allows warrants to be issued to enter a premises to facilitate investigations.

Privacy

PIPEDA, (The Personal Information Protection and Electronic Documents Act) has been amended to make it a privacy breach to harvest email addresses by electronic means.

Competition Act

New deceptive marketing practices have been added to the Competition Act, including:

  • sending a false or misleading representation in the sender information or subject matter information of an electronic message
  • sending in an electronic message a representation that is false or misleading in a material respect
  • make or cause to be made a false or misleading representation in a locator (eg a url)

The next article will discuss things we can do now to prepare for the Act.

David Canton is a business lawyer and trade-mark agent with a technology focus at Harrison Pensa LLP. This article contains general comments only, not legal advice. Web: www.harrisonpensa.com/lawyers/david-canton Blog: www.canton.elegal.ca  Copyright David Canton 2013.  This article may be reproduced in its entirety for non-commercial purposes.

The Anti-Spam Act – Part 2 of 5 – The definition and treatment of Spam

SPAM_Banner_DCanton

This is the second of a series of 5 articles that will introduce the Act, describe what spam is and is not, talk about collateral provisions, what we can do now, and some of the challenges going forward.

This article talks about what the Anti-Spam Act defines as spam, the myriad of exceptions, and what needs to be tracked to prove compliance.  This will be presented by way of the thought process to be followed to determine whether a message is spam, and whether or how it can be sent without violating the act.  The graphic that accompanies this article may be helpful.  (Download a pdf of the Spam Graphic )

[ Jan 14, 2014 – See a revised graphic reflecting the final regulations here]

HPDC_Spam7_580

The first question to ask to determine if you are about to send spam is whether it is a “commercial electronic message” (“CEM”), which is very broadly defined.  In part, the definition says it is “…an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity…”

It is worth noting that “An electronic message that contains a request for consent to send a message described in subsection (2) is also considered to be a commercial electronic message.”  In other words, if you want to send a message or messages that are considered spam, it is considered spam to even send a message asking for permission.

“Electronic message” is broadly defined to include a message via email, instant message, phone, or “any similar account”.  That could include things like a twitter direct message or a facebook message or chat.

“Commercial activity” means “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit…”.

If you are not sending a commercial electronic message, then it is not spam and the act does not apply.

If it is a CEM, the next question to ask is whether:

  • it is sent to an individual with whom the sender has a personal or family relationship; or
  • it is an inquiry re the recipients commercial activity; or
  • it is exempted by the regulations.

If any of those apply, it is not spam.

If none of those work to exempt the message as spam, there is a long list of possible exceptions.  Those exceptions include things like:

  • a requested quote
  • to facilitate a commercial transaction that has been agreed to
  • warranty, safety or recall info to a buyer
  • providing factual info about ongoing use or an ongoing subscription, membership or account
  • providing info about an ongoing employment or benefit plan
  • delivering a product or upgrades that a person is entitled to
  • is otherwise allowed by regulation

If the message does not fall into any of those exemptions, and the sender does not otherwise have consent from the recipient to send the message, then it is spam and cannot be sent.  The Act and the CRTC regulations spell out at length what is required to obtain consent, which can be express or implied.  The onus is on the sender to prove that it has consent, so consents will have to be recorded and tracked.  What amounts to consent is defined at length.  It is worth noting that a consent that one already has from someone under PIPEDA or other applicable privacy legislation may not qualify as consent under the Act.

Implied consent includes if the message is to someone:

  • the sender has an existing business or non-business relationship with (both terms are extensively defined in the Act and the Industry Canada regulations); or
  • who has published their address, not stated they don’t want to receive unsolicited CEM, and the message is relevant to the recipient’s business; or
  • who has disclosed their address to the sender, not stated they don’t want to receive unsolicited CEM, and the message is relevant to the recipient’s business; or
  • as set out in the regulations

But you are not out of the woods yet.  If you have consent, or if it falls under an exemption, you can send the message, but only if the message:

  • conforms to requirements contained in the regulations; and
  • identifies the sender; and
  • provides contact info for the sender; and
  • provides an unsubscribe mechanism.

The Act’s application to charities must be considered.  An indication of the broad interpretation of commercial activity and purposes intended by the Act is that the definition of implied consent includes references to volunteers and donors.  Specifically, “existing non-business relationship” includes messages from charities to:

  • donors within the past 2 years; or
  • volunteers who performed work or attended a meeting within the last 2 years.

 

The next article will discuss various provisions in the act that tangentially relate to spam.

David Canton is a business lawyer and trade-mark agent with a technology focus at Harrison Pensa LLP. This article contains general comments only, not legal advice. Web: www.harrisonpensa.com/lawyers/david-canton Blog: www.canton.elegal.ca  Copyright David Canton 2013.  This article may be reproduced in its entirety for non-commercial purposes.

 

The Anti-Spam Act – Part 1 of 5 – Introduction

SPAM_Banner_DCanton

The Canadian Anti-Spam Act was passed in December of 2010, and is expected to come into force some time in 2013.

If you think it won’t affect you because you don’t send mass emails trying to sell random products, or don’t infest other people’s computers with spyware, you would be wrong.  It creates tools to fight spam, but unfortunately defines spam so broadly that it will affect how most of us conduct business.  The definition of spam is so broad that it goes far beyond what the average person would consider to be spam.

My personal view is that this Act is fundamentally flawed.  Creating tools to combat spam such as emails sent out by the thousands to try to sell drugs would be welcome by most people.  But the Act defines as spam things that most of us would consider innocuous, and indeed desirable.  For example, if you and I meet at an event, it may be spam if afterwards one of us sends an email to the other suggesting that we should talk further about our respective services.  Or if the child of a friend emails you offering to shovel the snow off your driveway for money, it might be spam.

The Act’s biggest impact will be the compliance headache it will cause the average business or charity that is caught by the Act.

This is the first of a series of 5 articles that will introduce the Act, describe what spam is and is not, talk about collateral provisions, what we can do now, and some of the challenges going forward.

The Act is long and complex, and includes amendments to four existing acts – the CRTC Act, Competition Act, PIPEDA, and Telecommunications Act.

The first indication that the Act is overly complex is its name: An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

It applies to the sending of commercial electronic messages that many of us would not consider to be spam.  It applies to various forms of electronic communications, including email, instant messages, and social media.

Essentially, any electronic message with any kind of commercial purpose is caught, subject to a myriad of complex provisions setting out exceptions, and consent requirements.  And since the onus is on the sender to show compliance with the Act, all this will somehow have to be tracked and recorded.

It also includes provisions that require specific permission to install certain types of software and software updates.

So while the intention is to control what we all understand as spam and spyware, it will affect many things that we may not intuitively consider spam or spyware.  Similar to privacy legislation, this Act will no doubt lead to situations where our first reaction is to label it spam or spyware if we receive it, but not consider the same thing spam or spyware if we send it.

Some of the details required to understand the daily impact of the Act are contained in regulations.  These regulations come from two different entities.  The CRTC has finalized regulations that deal with issues surrounding information to be disclosed and consent to receive electronic messages.  The CRTC has also issued two Compliance and Enforcement Information Bulletins that set out some CRTC views on enforcement.  While they are helpful, their interpretations are also somewhat troubling as they set out requirements that are more onerous and commercially unfriendly than the Act seems to contemplate.

Industry Canada regulations deal with some of the exceptions to the definition of spam.  The first version of the draft regulations received significant criticism – the second try was released on January 5, and is subject to a 30 day commentary period.

I believe there should be a volume threshold where it is deemed not to be spam if it’s a targeted message sent to a small number of individuals – but that is not contemplated.

The penalties for non-compliance are significant, complex and detailed.  Remedies include fines of up to $1,000,000 for individuals, $10,000,000 for others, and private rights of action.  Statutory damages are included, so a plaintiff does not have to prove actual damages.  Private rights of action allow lawsuits by individuals, including class actions.

Some things are “reviewable conduct”, meaning that it is subject to the investigatory and order making powers of the Privacy or Competition Commissioners.

Directors and officers can be personally liable if they authorized or acquiesced in the offence. Employers are vicariously liable for the actions of their employees acting within the scope of their authority.  To lessen the risk to directors and officers, many boards will mandate anti-spam policies and procedures to take advantage of a defence section that says:  “A person must not be found to be liable for a violation if they establish that they exercised due diligence to prevent the commission of the violation.”  Boards may also want to look at their D&O insurance to determine whether violations of the Act are covered.  D&O insurance typically does not cover fines and penalties, so it is an important question to ask.

Remedies also include the ability to obtain an injunction to prevent a contravention of the Act.

The next article will discuss what spam is under the Act, the myriad of exceptions, and what needs to be tracked.

 

David Canton is a business lawyer and trade-mark agent with a technology focus at Harrison Pensa LLP. This article contains general comments only, not legal advice. Web: www.harrisonpensa.com/lawyers/david-canton Blog: www.canton.elegal.ca  Copyright David Canton 2013.  This article may be reproduced in its entirety for non-commercial purposes.

ANTI-SPAM ACT: Penalties are in the millions but even one e-mail has potential to be spam

For the London Free Press – January 21, 2013

Read this on Canoe

Industry Canada recently released its second attempt at regulations under the Anti-spam Act. These regulations are important for the practical application of the act because they help define what is and is not spam.

The regulations are subject to a 30-day commentary period, but because they’re a second draft, significant changes are unlikely.

Though most people will welcome the thought of legislation that reduces spam, the legislation has a dark side.

The act defines spam so broadly that it will affect how businesses and charities operate. Its definition of spam goes far beyond what the average person would consider to be spam. Indeed, one e-mail or text message or Twitter direct message sent from one person to another has the potential to be spam.

The act’s biggest impact may not be on the amount of spam we receive, but rather the compliance headache it will cause to the average business or charity.

Any electronic message with any kind of commercial purpose is caught, subject to a myriad of complex provisions setting out exceptions and consent requirements. And because the onus is on the sender to show compliance with the act, all this will somehow have to be tracked and recorded.

In other words, if an allegation is made that you sent spam, you will have to prove that it was not spam — which could be by showing an exemption under the act, or showing that permission was obtained that follows the requirements of the act.

Certain commercial electronic messages are simply prohibited as spam. Commercial electronic messages that are allowed must contain specified sender information, and an unsubscribe mechanism. That mechanism of course has to be created and tied in to a system that tracks consents and exceptions.

Consents that are in place now and adequate under privacy legislation will not be adequate consent under the act unless the requirements of the act were followed when it was obtained. So we can expect a deluge of e-mails requesting consent to send things that we already thought we had consented to.

Penalties for non-compliance of the act are significant, so ignoring the act is not an option. Remedies include fines of up to $1 million for individuals,

$10 million for others, and private rights of action. Private rights of action allow lawsuits by individuals, including class actions.

Some things are “reviewable conduct,” meaning they’re subject to the investigatory and order-making powers of the privacy or competition commissioners.

Directors and officers can be personally liable if they authorized or acquiesced in the offence. Employers are vicariously liable for actions of employees acting within their authority. It is not certain when the act will come into force — probably no sooner than the second half of the year.

For more detailed information on the act, see a series of articles that I will be posting shortly on my blog at http://elegal.ca/ .

www.harrisonpensa.com/lawyers/david-canton

Industry Canada Anti-Spam regs released

On January 5, 2013, Industry Canada released its second attempt at regulations under the Anti-spam Act.  The Act is expected to come into force some time in 2013.  One of the keys to its practical implementation are the regulations.  These Industry Canada regulations are subject to a 30 day commentary period, but because they are a second draft, I expect they are very close to final. Anyone wanting to make comments can do so following the process described in the release.

The Industry Canada regulations are important as they help define what is and is not spam. 

The Act defines spam so broadly that it will affect how most of us conduct business and goes far beyond what the average person would consider to be spam.  Most businesses and charities now routinely send emails that will be considered spam under the Act.

The regulations are helpful, but the fact that it has to go on at length about the definition of such things is an indication of just how complex and over reaching the legislation is.

The regulations:

  • Define “family relationship” and “personal relationship”
  • Adds as an exemption from the definition of spam messages within an organization or with contracted parties
  • Adds as an exemption from the definition of spam messages in reply to a request or complaint
  • Adds as an exemption from the definition of spam messages sent to satisfy legal obligations or enforce rights
  • Adds a complex limited exemption for business referrals
  • Exempt the need for consent for certain software installed by telecommunications service providers
  • Defines what membership in a club, association or voluntary organization means for the purposes of an “existing non-business relationship”

I’m working on a series of articles about the anti-spam act to be published later this month, so stay tuned for more detail.

More anti-spam regulations on January 5

Todays’ Slaw post:

The Canadian anti-spam act was passed in December of 2010 – but is still not in force.  Current speculation is that it will be in force later in 2013 – or perhaps not even until 2014.

The act contemplated 2 sets of regulations that are crucial for how the act works in practice.  Regulations from the CRTC are final.  We have been waiting for regulations from Industry Canada. 

Industry Canada announced on Dec 24 that its regulations will be published in the Canada Gazette on January 5th 2013 for a 30 day consultation period.

Stay tuned for more detail.

http://harrisonpensa.com/lawyers/david-canton/

Anti-Spam Act – still waiting for regs

The Canadian Anti-spam act is now expected to come into force some time in 2013.    We are waiting for the regulations to be finalized.   Hopefully the regulations will soften the blow of the act, which will in my opinion be a compliance nightmare for many businesses and charities.  The reason is that the act has an extremely broad definition of spam that goes far beyond the questionable mass email pitches for drugs, enhancements and the like that most of us consider spam.  The definition covers many emails or direct messages using social media that many of us routinely send, and don’t consider to be spam when we receive them.  And just 1 email sent to a single person can be considered spam.

The act then goes on to list many exceptions to pull certain things out of the definition of spam, such as family relationships, and current ongoing business relationships.

Barry Sookman just wrote a blog post that summarizes the current regulation status as expressed by Industry Canada at a recent meeting , and provides his comments.  It is worth a read by anyone interested in the subject.  I concur with Barry’s comments.

http://harrisonpensa.com/lawyers/david-canton