Although financial advisors may believe that they have adapted well to Canada's tight new restrictions on electronic messages, they need to be aware that the next phase of Canada's anti-spam legislation (CASL) law carries a new, potentially expensive type of risk, lawyers say.
Starting in 2017, advisors and their firms will be exposed to lawsuits — most likely in the form of class actions — launched by those who allege they have received commercial electronic messages (CEM) without their consent. Such suits could be triggered by something as innocuous as a newsletter sent to multiple recipients who did not provide their express consent to receive it.
"It's the next big thing people are watching," says David Fraser, a lawyer at McInnes Cooper LLP in Halifax. In fact, it's even possible that such actions could be launched on a retroactive basis.
Molly Reynolds, a lawyer with Torys LLP in Toronto, says that it's not clear whether the government will set the start date for private actions to begin in 2017, or allow lawsuits relating to CEM sent after the legislation was implemented, in July 2014.
Notes Reynolds: "One of the questions we are discussing on the legal side is how far back is that right of action going to extend?" There is the prospect, she said, that an email sent on July 2, 2014, could be actionable July 1, 2017.
Breaches of the law currently expose anyone to regulatory risk, with enforcement carried out by the CRTC: fines for sending unsolicited email can reach as much as $1-million per occurrence for an individual and $10-million for a company. There is also director and officer liability for the actions of employees. One Canadian company has already been fined $1.1 million for breaching CASL. (See www.investmentexecutive.com, June 30).
Although the idea of being sued for millions over an unwanted newsletter might seem far-fetched, it's wise not to underestimate the persistence of class action lawyers who act for plaintiffs: they are generally paid a percentage of the amount that is recovered, if any. In the U.S., where class action trends have been a precursor to similar trends in Canada, there are a growing number of privacy-related lawsuits. (While CASL is not Canada's primary privacy legislation, it is considered part of the privacy protection regime.)
Consider a few recent examples: this past spring, Bell Canada was sued for $750-million for allegedly tracking cellphone customers' browsing habits and selling the information to advertisers. And medical marijuana users sued Health Canada over postal envelopes that identified the recipients as members of the Marijuana Medical Access Program. The federal government was sued in a class action when it lost a computer containing the social insurance numbers of almost 600,000 Canadians with student loans.
That's why it's important for investment firms to ensure they can show that they have the proper consents in place in the event class action lawyers come knocking. Currently, the law prevents anyone from sending a CEM without the express consent of the recipient, unless it's covered by an exemption. A CEM is broadly defined and covers most digital forms of communications to clients, including texts, emails, podcasts, videos, newsletters, product information or even invites to seminars.
Reynolds says it's imperative for investment advisors to put in place mechanisms to manage and document the consents they receive from their clients, as well as any unsubscribe requests and responses to those requests.
Advisors also need to be aware of future changes to one of the key exemptions under CASL, often referred to as the business-to-business exemption. If you have an existing business relationship with a company or individual, you can continue to do business with them, electronically.
The question, Reynolds says, is how the CRTC will interpret the meaning of an existing relationship. Adds Reynolds: "It's one area where we are going to start seeing more enforcements."
The other area that still needs to be clarified, Reynolds says, is the type of evidence that companies will require to establish that they have complied with CASL and, to raise a "due diligence" defence. "We may not get any answers right away," Reynolds predicts, noting that courts will be key to providing those answers after the private right of action comes into effect in 2017.
Another issue raising question marks for advisors and their firms is vicarious liability. CASL makes directors and officers liable for the actions of an employee. One of the expanding areas of tort law, Reynolds notes, deals with privacy and the newly created action to recover damages for "intrusion on seclusion." How violations of CASL by an employee may impact the liability of the employer remains an open question, Reynolds says.