This Canadian government flyer summarizes the broad reach of the country’s anti-spam law, which takes effect July 1.
for larger view
For small-business owners such as Dr. Jim Gillis, who relies on electronic communications to keep in touch with clients, a far-reaching new law in Canada to combat spam looks a bit ominous.
"We have a long list of client email addresses that we use to send vaccine reminders, newsletters, disease information, etc.," Gillis, owner of the Bedford Highway Veterinary Hospital in Nova Scotia, wrote on a message board
of the Veterinary Information Network (VIN), an international online community for the profession. "What," Gillis asked his colleagues, "are you doing to prepare?"
That is exactly the right question, according to lawyers and others who advise veterinarians in private practice. They say complying with the law need not be onerous but will entail some thought, planning and possibly actions before the law takes effect on July 1.
Canada’s Anti-Spam Legislation (known by its acronym CASL
) aims to help Canadians avoid unsolicited commercial messages and electronic threats such as phishing and spyware. But the act has an expansive reach that means veterinary hospitals, along with any businesses or organizations using electronic messages, should take a careful look at how they communicate — even those outside Canada, if they send messages to Canadian clients.
"The application of the legislation is quite broad," said Maggie VanderMeulen, an associate attorney at Borden Ladner Gervais (BLG) in Ontario who has been following the law. "If you are sending an electronic message in any business, I think you have to be wary of being captured by the legislation."
Passed in December 2010, CASL at its most basic prohibits the sending of any commercial electronic message (CEM), including email, text or instant message, without permission from the recipient. It also requires that all CEMs include certain content and a way to unsubscribe. Violators can incur fines in the millions of dollars.
Industry Canada spokesperson Michel Cimpaye said that spam — including attempts at identity theft, fraud and installation of spyware — costs the Canadian economy more than CA$3 billion annually.
"We wanted to make sure consumers were protected from spam while also making sure legitimate business activities could continue in today’s digital economy," Cimpaye said by email.
Unlike anti-spam legislation in the United States
, which uses the opt-out model, CASL requires that recipients opt in before they receive a commercial message. In other words, veterinarians need permission from clients before sending them commercial email.
CASL applies to any message accessed in Canada, making veterinarians in the United States who communicate electronically with clients in Canada subject to the act.
That may surprise border-area practitioners such as Dr. Jeffrey LaHuis, owner of Sault Animal Hospital in Michigan. LaHuis said 40 percent of his clientele reside in Canada. He was unaware of CASL until he read about it on the VIN message board.
"I’d never heard anything about it until I went online," LaHuis said. "Nobody had contacted me about it or anything."
The lengthy law
— 53 pages in English and French — contains broad definitions, gray areas and a variety of exceptions, causing many a furrowed brow.
As Gillis told the VIN News Service, "I am concerned about being in compliance."
"There’s a lot of confusion," said Scott Smith, director of the Canadian Intellectual Property Council. "And that is based on the fact that the law has a lot of ambiguities. There are outstanding questions on how to comply."
Veterinarians might wonder, for example, whether a vaccine reminder or satisfaction survey is "commercial."
CASL has been called "the most onerous
" law in the world to regulate the commercial use of electronic communications. But after studying the requirements, Raphael Moore, general counsel for VIN, concluded that complying with the law doesn’t have to be bad for business or overly complicated.
"Overall, I think acting within the requirements of the act is not that difficult," Moore said. "Business owners need to follow certain practices. But in reality, these are good business practices to follow, anyway."
For example, Moore said, "If you are not contacting your clients regularly, you should. If you are not asking them permission to email, you should. If you are blanketing the community with mass emails, you are probably not marketing very well to begin with and should change your practices." A million-dollar question
The first question for anyone trying to comply with the act is, "What exactly is a CEM?"
The law defines a CEM as any electronic message that would be reasonably perceived as encouraging participation in commercial activity, regardless whether the sender expects to profit.
An obvious example would be an email promoting a new flea product or a new service offered in a clinic. Less obvious: CEMs include electronic messages asking permission to send CEMs.
A business might be tempted to try to fit its messages into one of the act’s many exceptions — such as warranty and safety information — or argue that its messages are not CEMs at all. But several lawyers emphasized that it is safer and simpler to assume all messages are CEMs.
"I could be argumentative and say that if I vaccinated your pet years ago, I’m going to contact you because the efficacy of that vaccine wore off and it’s now considered safety information," Moore said. "But that’s a work-around, and I’m going to spend so much time dealing with that, that I might as well just get permission."
This is especially prudent because encouraging commercial activity need be only one of the purposes of the message, not the sole or even primary purpose. Any message, even something like a customer satisfaction survey or news about medical advancements, might qualify as a CEM if it has a hyperlink to a website or includes an advertisement.
To be legal, CEMs must include certain components outlined by the Canadian Radio-television and Telecommunications Commission (CRTC): the identity of the sender and on whose behalf the message was sent; contact information that is valid for 60 days (a mailing address along with either a phone number, email or web address); and an "unsubscribe" mechanism. Requests to be unsubscribed must be fulfilled within 10 business days.
Most importantly, a CEM requires consent from the recipient, and that should be the ultimate focus, said Douglas Jack, counsel at BLG, who has been practicing veterinary law for decades.
"If a client consents to receive the information, then you are in compliance, essentially," Jack said. "I think the focus should be less on what the message is and more on getting the consent." Get consent … but which kind?
CASL allows for two kinds of consent: express and implied. Generally, for the sake of record-keeping purposes, lawyers say express consent is the better route.
"When it comes to consent for anything, I think having an active, written consent is better," Jack said.
Express consent means an oral or written statement from the recipient. Obtaining it may be as easy using a check box or asking for a signature on client paperwork. The request must explain the purpose, identify who is requesting, provide contact information and state that the recipient can withdraw consent.
Unlike in the United States, a pre-checked box would not be valid; the consenter has to take positive action to opt in.
Alternatively, consent can be implied via several circumstances, such as through a business relationship that arises from the purchase of a good or a service, or when a prospective customer makes an inquiry.
CASL also provides a three-year transitional period during which consent is implied for existing business relationships unless the recipient withdraws consent. Moore stressed that the relationship must already have involved the sending of CEMs.
Veterinarians likely have an existing relationship with current clients and could conceivably rely on implied consent — as long as they had been sending CEMs — even after the transitional period. But VanderMeulen and Jack maintain that obtaining express consent usually is easier.
"It comes down to having records," VanderMeulen said. "(Implied consent) calls upon people to be a bit more diligent and have more surveillance of their client visits."
Another complicating detail is this: While express consent doesn’t end until the recipient withdraws consent, implied consent based on an existing business relationship expires two years after the last purchase of a good or service, and six months after an inquiry, once the transitional phase is over.
Those expirations could mean some serious record-keeping to track all transactions and to date email lists based on the last purchase or service.
"The difficult part is having a way of tracking consent in your database," said Kristin McEvoy, spokeswoman for the Canadian Veterinary Medical Association. "Some don’t currently have that functionality, and it could be costly to implement it."
In addition, the onus is on senders to prove they had consent if someone complains of a CASL violation; express consent is likely to be much easier to document.
Gillis, for his part, said his hospital plans to contact everyone on its current email list to ask for express consent. For those who aim to do the same, it’s important to remember that after July 1, emails requesting permission also are considered CEMs. "Better safe than sorry"
There’s no doubt that complying with CASL will mean some work for all businesses and organizations that use electronic messages. On the checklist: deciding how to obtain consent and following through; keeping records to document consent; meeting content requirements for CEMs; and tracking and fulfilling unsubscribe requests.
The law will be enforced by three federal agencies, largely by the CRTC, which can investigate violations and impose penalties that range up to CA$1 million for individuals and CA$10 million for businesses.
Most aspects of the law take effect July 1, but some portions will be phased in: A section prohibiting the installation of computer programs, including mobile applications, without consent takes effect January 2015, and individuals will be able to take private action against violators of CASL starting in July 2017.
As long as veterinarians take a "better safe than sorry" approach, complying with CASL should be straightforward, observers say.
"Your defense is due diligence," Smith said: "that you’ve made a decision on how you are going to handle it and comply, and that you do the things you have to do to stay in compliance."
For some, that decision might mean avoiding the reach of CASL altogether. Dr. Chiara Switzer, a relief veterinarian in Ontario, said she plans to stick to snail mail to let clinics know about her services. Dr. Sophia Fanous, owner of the Agassiz Animal Hospital in British Columbia, said she uses email only if clients request it. Similarly, LaHuis said emails are a very small part of his practice.
"They may get, like, three emails a year from us," he said. "I’m not losing sleep over it."
But for those who are concerned, Moore said he believes the Canadian government is unlikely to go after early violators who are trying to comply in good faith. He said he expects that as the law comes into force, CASL’s regulatory agencies will make more clarifications, such as what truly constitutes a "commercial" activity.
In general, he is optimistic that clients will welcome veterinarians’ communications.
"Most people will say, ‘Sure, you’re not spam, you’re my vet,’" Moore said. "If you go to a professional who just serviced you, you don’t see them in the role of spam. You see them as a service provider and you will want to hear from them again."