Archive for December, 2010

New Federal Anti-Spam Legislation

Monday, December 20th, 2010

Last Wednesday (December 15) Royal Assent was given to Bill C-28.  Although not officially titled, it is known as the “Fighting Internet and Wireless Spam Act”.  The legislation can be found here.  As of the moment, it has not been proclaimed into force, but this will come sooner rather than later.  My expectation is that the Industry Ministry is busy finalizing the regulations and once they are done they will be released and there will be a short time period for businesses to adjust to the legislation and then it will be proclaimed into force.  My suggestion is that you read the summary of the legislation below, then go to the Act and take a look and start to prepare now to ensure that you don’t run afoul of the new legislation.

While you will not see the word “spam” anywhere in the Act, it is very clear that this is what is being targeted.  But it should also be noted that it does cover other activities such as altering data transmissions and the unauthorized installation of computer programs – although most small businesses will not have to worry about these issues, so I will simply focus on the anti-spam provisions.  I will also take this opportunity to mention that even though I use the word “spam”, what is really being discussed in any uninvited e-mail or other communication (for example, faxes) that are sent as part of “mass e-mailings” or communications to promote your product.  It is not only the “nefarious” communications but any mass promotion that is caught.

The basic framework of the legislation is that there is a prohibition, a bunch of exceptions and penalties or consequences of breach of the prohibition are set out. 

Section 6 of the Act provides the basic prohibition on spam.  However, spam can be permitted if either (a) express or implied consent has been given by the recipient; or (b) the message meets certain criteria.  Let’s look at each of these possibilities.  What constitutes either express or implied consent is set out in Section 10 of the Act.  If there is a previously-existing business relationship (for example, spam sent to prior customers – as opposed to potential customers) or non-business relationship, then consent will be implied (at least until notice is given of withdrawal of any consent).  Also, for consent to be express, there must be certain information found on whatever consentform you use to ensure that the consent given is a fully knowledgable consent.

If consent is not available, then the person sending the e-mail can still send out spam but only if it provides the name of the sender, the name of the person on whose behalf the communication is being sent (if different from the sender) and it must comply with the unsubscribe mechanism requirements of Section 11.  In addition, the names of the sender and person for whom the communication is being sent MUST remain valid for 60 days.  As such, if Employee A sends the mail e-mail mailing out and then quits 2 days later, the employer will have to ensure that Employee A’s e-mail account remains active and valid and, most importantly, is being monitored for another 58 days.  Why is this important?  Because, as part of the Section 11 requirements for the unsubscribe mechanism, the sender must provide confirmation of removal from the mailing list within 10 business days of the request being sent by the recipient of the spam.

Beyond the two general ways in which permission might be found to send out spam, there are also several specific exceptions which are found in Subsection 6(6) of the Act – for example, sending out information to subscribers or providing warranty information.  You should check these exceptions to see if any will apply for your mass communication or e-mailing.

Another “exception” isn’t actually an exception per se but is rather a recognition of Canada’s territorial restriction on applying its laws.  Section 12 provides that the prohibition in Section 6 only applies where the computer that is used to send the spam is located in Canada.  This has two implications.  The first is that, if you are really intent on sending out spam, you will want to see if it can be sent through a service company that uses “foreign” computers to send their messages.  The second is that, as we will see below, there is a private right of action, so if your company is being inundated with spam and you want to sue, you will only be able to do so if the spammer is using a Canadian-based computer system.

If an allegation of spamming is made, the CRTC now has powers in Sections 15 to 19 to investigate the complaint and to preserve data either at your business location or through your Internet service provider.  The result of this investigation can result in a notice of breach of Section 6 with a penalty being imposed of up to $1 Million for individuals and $10 Million for all others (for our purposes – your business).  This can be sent to you up to 3 years after the spam communications.  For present purposes, it’s similar in structure to a speeding or parking ticket.  You get the “ticket” (albeit one for up to $10 Million) and you then have the opportunity to “fight the ticket”.  If you lose, you do have appeal rights as well.

Beyond the “ticket” power of the CRTC, there is a private right to bring an application for a determination of a breach of Section 6.  In other words, the recipients can go after the spammers themselves if they so wish.  This is set out in Section 47.  The application can be brought to either the Federal Court or to the provincial superior court (in Quebec and Ontario, the Superior Court, on the prairies the Court of Queen’s Bench, etc.) and, as with the “ticket” power, the application can be made up to 3 years after the fact.

It should also be noted that Section 52 expressly permits for directors and officers to be found liable for a breach of Section 6 and that this can occur even if the director or officer merely acquiesced in the breach.  Similarly, Section 53 permits vicarious liability – so a company will not be able to say “that was just our employee goofing around, we didn’t know what he was doing” if the company gave him enough authority to do whatever it is that he did, even if the company didn’t realize that he would abuse this authority in this way.  As such, if you are a director or officer, you or your company could find yourself on the wrong end of either a “ticket” type prosecution by the CRTC or a private lawsuit by an angry spam recipient (or recipients, as there appears to be nothing to preclude the bringing of a class action in this regard).  That said, Section 54 does give some relief in that a defence exists if the director / officer / company can show that they used due diligence to prevent the spamming from occuring.

The result of this new legislation is that you should give some consideration to any mass e-mailings or other communications that you do.  In particular, items that you would not ordinarily think of as “spam” just might fall under the legislation.  I’ll give you a simple example.  As some of you will know, this year Wilson Vukelich (the firm to which I provide counsel services) did not send out a physical Christmas card but, instead, sent out an e-card.  While some people were very impressed by it, it is possible that others viewed it as “spam”.  Subsection 1(2) of the Act states that a “commercial electronic message” is one from which “it would be reasonable to conclude [as having] as its purpose, or one of its purposes, to encourage participation in a commercial activity”.  While there is no question that the primary purpose of the e-card was to extend holiday greetings, could it be said that “one of its purposes” was also to say “don’t forget to send us your legal work”?  Arguably this could be the case and, if so, then the e-card, if sent next year, would fall within the scope of the new legislation.  If it was sent only to existing or prior clients, then no problem.  But what if it is sent to potential clients?  As another example, I received more than a few e-cards this year from fraud investigators, forensic accountants, etc. with whom I have never worked in the past on commercial litigation or corporate files.  If the legislation was in effect, and if I suddenly for some crazy reason took offence to these e-mails, I could potentially sue under the legislation.  So, you may want to consider any marketing efforts being taken on a wide scale and think about whether you could run afoul of the new legislation.

Something to think about.


Alleging Fraud

Tuesday, December 7th, 2010

I met with a client recently who was involved in a type of oppression remedy claim.  It involved a charitable organization that resulted in two divergent groups and disagreements among them.  One side did X which the other side did not like and the client came to me to see what could be done – could we get an injunction to stop this?  How much can we sue them for?  Etc., etc.

What struck me, though, was that throughout the conversation the client continually stated how the members of the other side had “defrauded” the organization and that their actions were “fraudulent”, etc.  The client wanted me to specifically plead in the Statement of Claim that the charitable organization was the victim of the other group’s “fraud”.

As I indicated to my client, and I am indicating to you now, no matter how heated or displeased or otherwise you may be feeling, you absolutely have to watch out for allegations of fraud.  Why?  Because if you cannot prove it then your words could really come back to hurt you. 

For example, suppose that I told someone that Bob was a fraudster.  And then suppose that I could not prove that Bob was a fraudster.  Bob could sue me for a lot of money.  I would then try to argue that Bob has to prove that he has suffered damages by what I said because the general rule is that slander (which is the verbal form of defamation) requires there to be proof of damage before judgment can be granted against me.  Oh, but one little problem – there is an exception carved out for allegations of criminal conduct (which includes fraud).  Such statements are “actionable per se“, that is, that damage does not have to be proven.  All that Bob has to prove is that I said the words and damages are presumed.  Not a great result for me – and hence the reason that I should have kept my mouth shut.

But suppose that I decided to sue Bob for breaching a contract I had with him and I allege in the Statement of Claim that Bob fraudulently breached the contract or that he tricked me into signing the contract in the first place by fraud.  The general rule is that statements made in Court, or in pleadings like the Statement of Claim, are “absolutely privileged”, that is, that nobody can sue for defamation based on those allegations.  The rationale is that the Court is seeking the truth and that if people were afraid that they might be sued for defamation that this would hinder the ability of the Court to get at the truth.  So, to protect the need for complete candour in court proceedings, but at the same time to give some protection to the other party’s reputation if it should turn out to have been dragged through the mud unnecessarily, the Court have provided that if there is an unproven allegation of fraud, the person making the allegation can be required to pay almost 100% of the other person’s costs of the litigation (the normal amount being approximately 50%).  Thus, in the case of my recent client meeting, if my client could not prove that there was actual fraud (for example, the Court could have found gross negligence – being short of full-blown fraud), then my client could have faced very significant cost consequences.

I am starting to see more defamation claims coming forward in my practice.  My personal view is that as we become more techno-relative, that is, interacting more through Facebook, Twitter, etc. and less through actual face-to-face contact, there are more opportunities to take harsher positions (the so-called “flaming” that used to appear infrequently on the old UseNet newsgroups but are more and more common on various forums and chat groups nowadays).  Moreover, newspapers make allegations that politicians, civic leaders, etc. are corrupt, fraudulent, etc. all of the time.  People see this and they think that this is more acceptable to allege that someone with whom one disagrees must be ”a fraud”.  The difference, though, is that the mainstream media is extremely aware of defamation laws and what they can and cannot allege and, more importantly, what defences they have available to them that might not be available to the average person on the street. 

So, the next time you are unhappy with a supplier, a customer, someone with whom you have a contract that has just broken his/her/its obligations, just walk away and respond a little later after you have cooled down.  Otherwise, you might be making the situation worse for yourself if you “fly off the handle” (as my mother used to say).  Maybe that’s why revenge is a dish best served cold.

Something to think about.