As blogged about earlier the week by my colleague Sue Walsh, Canada finally joined the rest of the G8 nations in passing legislation intended to help fight SPAM. Bill C-28 (complete text here in pdf) should go into effect in September of this year, and contains some provisions that, frankly, I find rather alarming. In reading the bill, an arguement can be made that C-28 provides individuals a license to spam. Read the law yourself, especially sections 6(1)a and 10(9)b, and then see if you agree with me on this.
As mentioned in Sue’s post, one of the first provisions of the law prohibits the sending of commercial emails unless the recipient has opted to receive such messages. In case you don’t have time to read the full bill yourself, here are a couple of excerpts from C-28. As mentioned above, the specific wording that disturbs me the most is found in section 6(1)a.
6. (1) It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless (a) the person to whom the message is sent has consented to receiving it, whether the consent is express or implied…
when combined with section 10(9)b
(9) Consent is implied for the purpose of
section 6 only if
(b) the person to whom the message is sent has conspicuously published, or has caused to be conspicuously published, the electronic address to which the message is sent, the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person’s business, role, functions or duties in a business or official capacity;…
Consider how many places on your corporate website an email address appears. Consider how many places your own email address appears. Now, I am not a lawyer, and I did not stay at a Holiday Inn Express last night, but as an IT professional, I think I need to go update EVERYWHERE my email address might appear with a disclaimer or the floodgates of Canadian spam will be opened and my inboxes will be filled by SPAM for a range of products that could arguably be considered as “relevant to my business.” I may need to add a statement that I do not wish to receive unsolicited commercial electronic messages to the signature of every email.
The problem with this law, as with so many others relating to Information Technology, is that it appears to be written by people whose understanding of the law far exceeds their understanding of the technology. And while my own understanding of the law is considerably less than my understanding of technology, as a potential juror on a case involving this law, that wording is open enough that I would have to acknowledge any argument that says the defendent got my email address off of my blog, and on my blog I had a post about getting older, so the emails touting hairloss products were relevant to my business.
What do you think? Am I overreacting, or does the way the bill reads sound to you like it does to me? Leave a comment with your thoughts and let’s get a dialog started on this law and how many ways it could be interpreted, and what we as IT professionals may need to do to ensure that its intent is not circumvented.
No comments:
Post a Comment