Most striking about FISA, however, is not the historic and legal significance of the legislation, but the new procedural and substantive aspects for legal recourse should an individual be victimized by spam or other prohibited electronic communications. More specifically, s. 47 of the act entrenches a private right of civil action for individuals who believe that they have been victimized by a contravention of FISA.
Traditionally, regulatory and public-good legislation in Canada provided a complaints-based mechanism whereby individuals could file their allegations with a public body or agency. At this point, a complainant would subrogate their own right to the public body to pursue a resolution “in the public good” not only on the complainant’s behalf, but Canadian society in general.
Good examples of such subrogation are Canadian human rights complaints, over which the Canadian Human Rights Commission has exclusive right to seek recourse, or privacy complaints under the Personal Information Protection and Electronic Documents Act, which are exclusively pursued by the Privacy Commissioner of Canada — both to the absolute exclusion of individuals filing a private claim.
Unfortunately, Canadian public bodies and regulators are also backlogged with complaints that sometimes take several years to dispose of — effectively leaving a complainant without any true remedy to sometimes serious breaches. On the other hand, industries facing such complaints often win by default as time delays break the resolve and anger of complainants who often drop their suits or government agencies deem them too stale.
FISA’s new private right of action appears to be motivated by two interests: (1) access to justice: the need to allow aggrieved individuals to assert rights in a timely fashion without the lag of bureaucratic backlog; and (2) deregulation: the privatization of the complaint process between parties. Some could argue that a private right of action is in fact a move towards a more “Americanized” legal culture where direct adversarialism to solve disputes is preferred over soft bureaucratic moral suasion.
In fact, private rights of action in American legislation are fairly commonplace. For example, the CAN-SPAM Act of 2003, the United States’ legislation to regulate spam, includes such a right. Only recently have Canadian legislators began including such actions. Of recent note is the British Columbia’s Business Practices and Consumer Protection Act, section 171, which enables consumers to sue businesses who violate consumer-protection laws.
This new development in FISA provides significant opportunity for lawyers. On one hand, plaintiff-side lawyers now have another tool to serve clients victimized by spam and other related business practices.
On the other hand, industries that make use of e-mail marketing or regulated electronic communications in the course of their regular business are now vulnerable to not only government oversight, but the risk of a wave of individuals initiating private action. With the potential prescribed damages in FISA in the millions of dollars, lawyers representing these industries will have to ensure that not only do their clients have adequate policies and procedures in place to adhere to FISA, but a compliance and risk-management framework where expecting increased litigation may be a reality. Or, clients may just have to accept that an increased litigation budget is the new norm.
With FISA’s new private right of action, the rules of the game have changed. No longer can counsel and clients depend on the evaporation of complaints through the bureaucratic realities of backlogs, alternative dispute and mediation, or toothless and tired government agencies. That harmless little e-mail advertisement may not seem so harmless when it results in real litigation, costs a client several million dollars in fines, and affects goodwill and reputation.
Law firm marketing, a new liability
Not only do firm clients have to worry about the impact of FISA, Canadian law firms themselves have to be aware of how the new anti-spam rules may affect prospective client communication.
Like any other business, law firms sending electronic communication (e-mail) for the purposes of “commercial activity,” such as selling legal services, will be subject to FISA once the law comes into force. This means that cold-call e-mails or newsletters to new or prospective clients, which were formerly the bread and butter of law firm marketing, may result in complaints to the Canadian Radio-television and Telecommunications Commission (CRTC) or private action being taken against a firm. Further, administrative CRTC penalties can range in the millions of dollars, so an innocent e-mail blast could result in more than a few unhappy e-mail recipients. As a strict-liability offence, even the best intentions of an uninformed and non-compliant law firm are irrelevant and can result in liability.
So how does a law firm protect itself from possible liability when marketing legal services? Luckily, FISA exempts e-mail communications for commercial purposes to clients with whom a firm has “an existing business relationship,” that is, it has or currently represents a client; “express consent,” that is, a prospective client asked for the contact or a quote for services; and “implied consent,” that is, a prospective client has an e-mail address conspicuously placed or advertised publicly without a notice to not contact.
Without a doubt, the “implied consent” exemption in FISA will create headaches for law firms as the CRTC and courts grapple with the fact-specific scenarios on which the implied consent exemption can be founded.
In the meantime, it pays for law firms to keep a few simple rules in mind when communicating by e-mail to prospective clients yet remaining compliant with FISA:
1. Establish internal policies and procedures regarding e-mail marketing to prospective clients and communicate those to all staff and lawyers and designate a staff member as a FISA compliance officer (proactive “due diligence”).
2. Only e-mail marketing to existing clients (“existing business relationship”).
3. Let prospective clients contact the law firm first before responding by e-mail (“express consent”).
4. Keep proof and records of initial telephone, e-mail, and physical inquiries from prospective clients before responding by e-mail (proof of “express consent”).
5. Be careful when obtaining mass industry e-mail lists, mass e-mails, or allegedly pre-qualified e-mail contact lists (the uncertainty of “implied consent”), or be prepared to vet each and every e-mail contact to verify it is publicly advertised for commercial purposes.
FISA will affect a law firm’s ability to reach new, prospective clients through the electronic medium. However, keeping in mind some straightforward rules and conducting some proactive due diligence will allow firms to continue marketing without facing a penalty from the CRTC or private litigation from complainants.
Mark R. McMackin is a partner at Ricketts Harris LLP in Toronto. He can be reached at firstname.lastname@example.org.