2

CANADA’S ANTI-SPAM LEGISLATION

An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

Referred to as “CASL” Comes into force on July 1, 2014

3

CASL prohibits various types of behavior including the sending of unsolicited commercial electronic messages, the unauthorized alteration of transmission data, the installation of computer programs without consent, false and misleading electronic representations (including websites), the unauthorized collection of electronic addresses and the collection of personal information by accessing a computer system in contravention of an Act of Parliament.

4

COMMERCIAL ELECTRONIC MESSAGES

CASL prohibits the sending of “commercial electronic messages” or “CEMS” that are designed, in whole or in part, to encourage participation in a commercial activity.

CEMS are defined as any “message sent by any means of telecommunication, including a text, sound, voice or image message.”

A “commercial activity” is defined as: any particular transaction, act or conduct or any regular

course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct that is carried out for the purposes of law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defence of Canada.

5

The CEM must be sent to an electronic address, which is defined as: an address used in connection with the transmission of an

electronic message to an electronic mail account, an instant messaging account or any similar account.

Any person (which includes corporations, partnerships and other entities) will be prohibited from sending a CEM unless: The sender has the consent (which can be express or

implied) of the recipient of the CEM; or The CEM is exempt under CASL.

There are certain CEM’s that are only exempt from the consent requirement of CASL, but not its form and content requirements.

6

Express Consent

Express consent may be obtained orally or in writing Oral consent may be used only if it can be verified by an

independent third party or where a complete and unedited audio recording of the consent is retained by the person seeking consent.

A request for express consent must be sought separately and must set out: The purpose for which consent is being sought; Specific information about the person seeking consent

and, if applicable, the person on whose behalf consent is sought; and

A statement that the recipient can withdraw their consent.

7

8

9

10

Implied Consent

“Implied Consent” is established under CASL where the sender and recipient have: an “existing business relationship”; or an “existing non-business relationship”; or the person to whom the message is sent has

conspicuously published, or has caused to be conspicuously published, the electronic address to which the message is sent, the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person’s business, role, functions or duties in a business or official capacity;

11

the person to whom the message is sent has disclosed, to the person who sends the message, the person who causes it to be sent or the person who permits it to be sent, the electronic address to which the message is sent without indicating a wish not to receive unsolicited commercial electronic messages at the electronic address, and the message is relevant to the person’s business, role, functions or duties in a business or official capacity; or

12

Existing Business Relationship

Existing Business Relationship” is defined as a business relationship between a recipient of a CEM and the sender of a CEM (including if the sender permitted the CEM to be sent)– arising from (a) the purchase or lease of a product, goods, a service, land or

an interest or right in land, within the two-year period immediately before the day on which the message was sent, by the person to whom the message is sent from any of those other persons;

(b) the acceptance by the person to whom the message is sent, within the period referred to in paragraph (a), of a business, investment, or gaming opportunity offered by any other those other persons;

(c) the bartering of anything mentioned in paragraph (a) between the person to whom the message is sent and any of those other persons within the period referred to in that paragraph;

13

(d) a written contract entered into between the person to whom the message is sent and any of those other persons in respect of a matter not referred to in any of the paragraphs (a) to (c), if the contract is currently in existence or expired within the period referred to in paragraph (a); or

(e) an inquiry or application, within the six-month period immediately before the day on which the message was sent, made by the person to whom the message is sent to any of those persons, in respect of anything mentioned in any paragraphs (a) to (c).

14

Non-Existing Business Relationship

Existing non-business relationship" is defined as a non-business relationship between a recipient of a CEM and the sender of a CEM (including if the sender permitted the CEM to be sent)– arising from: (a) a donation or gift made by the person to whom the

message is sent to any of those other persons within the two-year period immediately before the day on which the message was sent, where that other person is a registered charity, a political party or organization, or a person who is a candidate — as defined in an Act of Parliament or of the legislature of a province — for publicly elected office;

15

(b) volunteer work performed by the person to whom the message is sent for any of those other persons, or attendance at a meeting organized by that other person, within the two-year period immediately before the day on which the message was sent, where that other person is a registered charity, a political party or organization or a person who is a candidate — as defined in an Act of Parliament or of the legislature of a province — for publicly elected office; or

(c) membership, as defined in the regulations, by the person to whom the message is sent, in any of those other persons, within the two-year period immediately before the day on which the message was sent, where that other person is a club, association or voluntary organization, as defined in the regulations.

16

CASL also contains a transitional provision which provides that the consent of the recipient of a CEM is implied until July 1, 2014, if, and only if: The sender and recipient have an “existing

business relationship” or an “existing non-business relationship” on July 1, 2014; and

The relationship includes the communication between them of commercial electronic messages.

17

Prescribed Information

All CEMS must: Identify the person(s) who sent the message and, if

applicable, identify who the message is sent on behalf of; Provide contact information for the sender of the message,

which must be valid for a minimum of 60 days after the message is sent; and

Must include an unsubscribe mechanism.o Must be included in every CEM;o Must set out clearly and prominently the right to

unsubscribe and must be able to be readily performed;o Cannot charge a fee to unsubscribe; ando If the recipient unsubscribes, the sender must ensure that

within ten (10) business days no further messages are sent.

18

Exemptions

CEMS between those with a personal or family relationship; “Personal Relationship” is defined as a relationship between an

individual who sends a message and the individual to whom the message is sent, if those individuals have had direct, voluntary, two-way communications and it would be reasonable to conclude that they have a personal relationship, taking into consideration any relevant factors such as the sharing of interests, experiences, opinions and information evidenced in the communications, the frequency of communication, the length of time since the parties communicated or whether the parties have met in person; and

“family relationship” is defined as a relationship between an individual who sends a message and the individual to whom the message is sent if those individuals are related to one another through a marriage, common-law partnership or any legal parent-child relationship and those individuals have had direct, voluntary, two-way communication.

19

CEMS responding to an inquiry, request or complaint; CEMS within organizations or between organizations in a

relationship if the message concerns the activities of the recipient organization;

CEMS that deliver legal notices; CEMS from electronic messaging services provided

certain conditions are met; CEMS from secure limited-access accounts where

messages can only be sent by the person who provides the account;

20

CEMS sent from Canada to one of a list of prescribed foreign countries so long as the messages comply with the law of the recipient country that addresses the conduct that is substantially similar to conduct prohibited under CASL;

CEMS for fundraising by charities and political parties; and

A CEM for third party referrals (as discussed below).

21

Third Party Referrals

Only one CEM will be permitted without consent stemming from a referral where: The sender has an existing business relationship, and

existing non-business relationship, a family relationship, or a personal relationship with the referring third party;

The referring third party has an existing business relationship, an existing non-business relationship, a family relationship, or a personal relationship with the recipient; and

The sender discloses the full name of the referring third party to the recipient, and states that the message was sent as a result of the referral.

22

Exempt from Consent Requirements

Any senders of CEM do not need the recipient consent for the following CEMS, but the messages must contain CASL’s form and content requirements: CEMS that provide a requested quote or estimate for

the supply of a product, good or service; CEMS that facilitate, confirm or complete a

commercial transaction that the recipient previously agreed to enter into;

CEMS that provide warranty, product recall or safety information on a product or service used by the recipient;

23

CEMS offering factual information about a subscription, membership, account or loan;

CEMS delivering ongoing information about the recipient’s employment or benefit plan; and

CEMS delivering a product or service, including updates/upgrades, as part of pre-existing, agreed-upon transaction.

24

Penalties and Liability

There is a due diligence defence Penalties for individuals can be up to $1,000,000

and up to $10,000,000 for corporations. There is a private right action, but won’t be in force

for any three years. Once it is in force, statutory penalties of $200 per offence - if the organization commits more than one offence on a day – up to a maximum of $1,000,000 for each day.

25

There is vicarious liability for employees Directors and officers can be held personally liable

for any violation(s) if they directed, authorized, assented to, acquiesced in or participated in the violation

26

Compliance Steps

Review all messages that are sent electronically and determine whether any could be considered CEMS

If any are CEMS, determine whether they would be subject to CASL exemptions

If not, determine what consents (whether express or implied) you have during the three-year transition period.

Collect any express consent that you need to send CEMS before July 1, 2014.

Identify any CEMS where a consent is not required but the form and content requirements must be included.

27

Put in place a system or database that: Organizes and records all consents; And allows easy amendment so that the consents

can easily be varied or up-dated. Maintain policies to ensure that CEMs are not sent where there is no consent or where implied consent has expired.

Create and maintain an easy-to-use and effective unsubscribe mechanism for the CEMs.

Create templates for CEMs which satisfy the informational requirements and formalities, as applicable.

Develop and implement a CASL-compliance policy to address applicable provisions in CASL.

28

Educate all relevant employees and service providers about CASL, and the organization's CASL compliance strategies.

Ensure that all records of your compliance procedures and policies are maintained (as such documentation may support a due diligence defense at a later point in time).

Review your CASL compliance activities from time to time and adapt as needed.

Review developments in the law concerning CASL from time to time and adapt your compliance policies as necessary.

29

Mergers and Acquisitions

Due Diligence should now include consideration of CASL compliance

Share Purchase Agreements should include representations on CASL compliance

Thank You