We always hear about bills being passed in Parliament but only when it’s
immediately relevant to us do we actually pay much attention to the
small details of legislation.
We always hear about bills being passed in Parliament but only when it’s immediately relevant to us do we actually pay much attention to the small details of legislation. For instance, we DCs will be all ears when it comes to legislation related to chiropractic, and especially funding and scope of practice. A bill has recently been passed that may not seem to be too directly related to the profession and its members – and that, therefore, DCs might be tempted to gloss over. But, in fact, this bill has a direct bearing on a broad scope of individuals, small single-proprietor businesses and multinational corporations, including – as it turns out – chiropractors within their practices. If you have not heard about Bill C-28, it certainly is something you need to know about, and reading this article may shed some light on its contents and why they’re important to you.
So what is Bill C-28?
Bill C-28 is Canada’s attempt at fighting spam. It’s the new anti-spam legislation previously known as Canada’s Online Protection Legislation and now renamed “Fighting Internet and Wireless Spam Act” or “FISA.” This legislation, according to Industry Canada, is intended to protect individuals from four of the most damaging and deceptive types of spam: identity theft, phishing, spyware and malware.
Spam includes much more than just unsolicited e-mail messages. It now accounts for 90 per cent of e-mail traffic and is clogging up network providers’ servers, slowing them down and costing us, the consumer, money in the end.
For individuals, spam can lead to the theft of personal data (identity theft) including credit card numbers and banking information. It can lead you to fraudulent websites (phishing) luring you to answer questions and divulge personnel information voluntarily. As well, spam can access your computer’s sensitive information, unbeknownst to you, and extract your personnel information with spyware. Malware is a general term for all forms of harmful and malicious content, especially hostile software such as viruses, worms and Trojan horses being installed on your computer.
“BotLab – A Study in Spam” (www.botlab.org) is a web-based initiative that analyzes spam weekly. Table one shows the results of the top 12 countries producing spam. (Note: these results are taken at the time this article is being written – if you check the website while reading the article, the results may look different.) Canada is said to rank 15, at this time, but that doesn’t say much for a country with such a small population.
Who will enforce this legislation and who needs to comply?
Anyone sending e-mails to Canadians will have to comply with the regulations. Any e-mails originating from another country to Canada will have to comply with our regulations also. Our tax dollars will pay for a new spam reporting centre that will collect evidence and gather intelligence to assist three distinct
- The Canadian Radio-Television and Telecommunications Commission
- Competition Bureau Canada
- The Office of the Privacy Commissioner
You need to find out how to be compliant because stiff penalties are on their way! Someone has to pay for this infrastructure and, so, individuals can face fines of up to $1 million per violation per day. Businesses can face fines of up to $10 million per violation and per day. That’s a lot of cash, folks, just for sending an e-mail!
This legislation will be in force September 2011, and we should start seeing a noticeable reduction in spam originating from Canada fairly soon after it comes into play. When Australia passed similar legislation in 2004, it dropped out of the top 10 list for countries producing spam. Unfortunately, the results weren’t the same for our friends south of the border; the U.S. is battling for that top position.
How does this legislation affect you?
Bill C-28 is technology neutral in its approach, and covers more than just e-mail to computers. It will encompass all forms of commercial electronic messages, including text messages or cellphone spam, sound, voice or image messages. If you send bulk e-mail to your patients – or prospective patients – such as events, newsletters, office closures and special workshops, this legislation may affect you.
Here are five easy ways to protect yourself and your business:
1. All outgoing messages must include information that clearly identifies the person who sent the message.
Make sure your e-mail includes your company name, contact information, address and phone number. A spam message will never have a phone number – if and when they list a phone number and address, a simple search will reveal to you that it’s counterfeit. Not only does offering your full, legitimate contact information give your e-mail credibility but also it allows recipients to contact you via other means besides e-mail.
2. The message must include information that allows the recipient to readily contact the actual sender, and not just the organization or business.
If a chiropractic assistant (CA) is sending a message on behalf of the doctor or clinic, the CA needs to include her contact information at the clinic. In other words, someone in the organization must be a liaison who can be directly contacted.
Make sure to include the company name, website and the name and position of the individual sending the message.
3. The sender must offer an electronic address or link on the web that will allow the recipient of the e-mail to unsubscribe.
Allow the client or patient the ability to unsubscribe and make it easy – don’t hide the unsubscribe button. Have that unsubscribe button go to a web page were they can confirm they no longer wish to receive communication from your clinic.
Once a recipient has unsubscribed, you should receive a courteous and simple “thank-you” to confirm the unsubscription. You then have 10 days to cease all communications with that individual. The recipient must be provided with an alternative method to communicate with you their desire to be taken off your list, in case the unsubscribe button does not work for the recipient. In most cases, they should be able to reply to the e-mail and simply request to be removed.
Additional provisions need to be in place for the individual to unsubscribe for up to 60 days following the electronic communication. If you have a phone number on the e-mail correspondence, or they can reply back to the e-mail, that gives them plenty of opportunity to unsubscribe.
4. Provide a double opt-in to prevent individuals from counterfeiting information.
There are a host of good companies that have double opt-ins built into their system. I’m sure most people have double-
opted-in at some point in time and didn’t even realize it.
This is how it works: someone visits your website and wants to receive your video series on health and wellness. They input their e-mail address into your system and are told to go check their inbox for a message. The individual then goes to their inbox to find a message from you to confirm their e-mail address by clicking a link that leads them back into your website. This prevents someone from using your e-mail to sign up for a service on your behalf (fraud).
If you’re setting up your list for the first time and have your patients’ e-mails, it’s a good idea to input them into the system and it will generate a double opt-in for all your patients. This is a good way to see who is interested in receiving your newsletter or your automated videos on health and wellness.
Most important to remember!
The rules of Bill-C28 stipulate that you must receive express consent, or implied consent, prior to sending commercial electronic messages.
The federal government will be issuing detailed regulations and related materials to support implementation of the law, and these are expected to better describe acceptable methods of obtaining express consent. However, organizations following current best practices and guidelines can expect that their consents will be compliant with the new law and, in the end, attaining “express consent” is rather straighforward and can be put into place quite easily. However, ‘implied consent’ is a bit murkier.
Some examples of implied consent
If you have an existing relationship with a patient, you have their implied consent, meaning they are OK with receiving communication from you. (But relationships with patients come and go – to protect yourself when continuing to communicate with them if they leave the practice, a double opt-in with the option to unsubscribe is important to ensure you continue to have their consent when they’re gone.)
There is a transition or “grandfather” clause for businesses with existing relationships prior to the Act coming into force. The government does understand that some small businesses do not have the technology to implement sophisticated automated opt-in systems with their email lists.
What about renting e-mail lists in your area to promote products and services?
This bill won’t stop you from renting lists. It will require the individuals compiling the list to comply with the rules of consent and other federal and provincial privacy laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA). Building your own list with existing relationships is, by far, the best strategy.
If you do communicate with your patients via e-mail, and you have concerns about whether you are doing this in accordance with the new regulations, I would highly recommend you contact a chiropractic e-mail service provider to ensure your systems comply with the rules and to help you readjust your practices if they do not.
Dr. Stephane Laverdiere is a 1995 graduate of the National University of Health Sciences in Lombard, Illinois. He is president and co-founder of Atlas Chiropractic Systems, a paperless office solution. He is also founder of the Internet video marketing company, ChiroVMail. He can be contacted at 877-602-8527 or firstname.lastname@example.org. Please visit www.atlaschirosys.com and www.chiroVMail.com for more information on digital solutions for your practice.
Print this page