URL: http://www.btobonline.com/apps/pbcs.dll/article?AID=/20090702/FREE/907029981/1085/FREE

The Canadian House of Commons in April introduced a bill to create the Electronic Commerce Protection Act (ECPA) (ECPA)—Canada’s version of the U.S. CAN-SPAM legislation, with some significant differences. The bill seeks not only to cut down on spam but also addresses phishing, spyware and unsolicited text messages. It also lays out penalties for spamming, allowing businesses and consumers to take civil action of up to $1 million (Canadian) against individuals and $10 million against companies or groups that violate ECPA.

But what exactly does this mean for marketers that send e-mail to Canada? Matthew Vernhout, director of delivery and ISP relations at e-mail marketing company ThinData Inc., explained the most significant highlights of the bill.

1) In or out. One of the main differences between CAN-SPAM and the Canadian bill is consent. CAN-SPAM focuses on opting out; marketers can send e-mail to anyone as long as they have not opted out and their e-mail address was not harvested. The Canadian legislation will require marketers to have explicit or implied consent, said Vernhout, who recently discussed the bill before the Canadian government’s Standing Committee. “In Canada for 10 years we’ve had our privacy law that advocates consent-based communications,” he said. Companies can e-mail people when there is a business relationship or nonbusiness relationship. So, for example, marketers will be able to e-mail a customer who purchased something from them even if they didn’t officially opt in, but only for a period of 18 months. This is why he suggested companies start adding fields to their databases today that will log when names are added to a list—the specific date—as well as what kind of relationship a marketer actually has with those contacts.

2) Update in time. Today, CAN-SPAM requires companies to remove someone who has opted out within 10 business days. The Canadian regulation will require opt-outs to be handled within 10 calendar days. “This might be an issue for companies that use ‘multiple affiliates,’ ” Vernhout said. Making sure all opt-outs happen in what could be as little as a single business week may take some getting used to.

3) Show your face. CAN-SPAM requires U.S. marketers to provide a “from” address, a postal address and a Web-based opt-out. Under the Canadian rules, marketers will need to disclose the identity of the person sending the e-mail—and if it’s being sent on behalf of a company, both companies involved must disclose their information, including company name and contact information, including a physical address. An opt-out link is not required, although unsubscribe procedures must be listed in messaging.

4) Share and share alike. The Canadian government is promising to “share information and evidence with their counterparts in other countries who enforce similar laws internationally,” according to a press release. This means the Canadian Radio-Television and Telecommunications Commission (CRTC), the Competition Bureau and the Office of the Privacy Commissioner would be able to share evidence with, for example, the U.S. Federal Communications Commission to ensure people in Canada who are spamming those in the U.S. could still be prosecuted.

Press Release
Federal Trade Commission
July 2, 2009

URL: http://www.ftc.gov/opa/2009/07/spear.shtm

A U.S. district court has ordered key players in an international spam ring to give up $3.7 million that they made by sending out illegal e-mail messages pitching bogus hoodia weight-loss products and a “human growth hormone” pill they claimed reversed the aging process.

In a Federal Trade Commission law enforcement action, the court found that the five defendants, located in Canada and St. Kitts, violated the FTC Act and the CAN-SPAM Act by participating in the spam operation. The court order bars the defendants from violating the CAN-SPAM Act and from making false or unsubstantiated claims about the health benefits of any food, drug, or dietary supplement.

The FTC charged that the operation used spammers to drive traffic to Web sites selling an extract of the hoodia gordonii plant it claimed would cause significant weight loss, and a “natural human growth hormone enhancer” it claimed would reverse the aging process. The FTC alleged that these claims were false or unsubstantiated, and charged the defendants with deceptive advertising in violation of federal law. It also alleged that the spammers sent e-mail that contained false “from” addresses and deceptive subject lines, and that they failed to provide a required opt-out link or physical postal address.

The case, filed by the FTC in October 2007, marked the first time the Commission invoked the US SAFE WEB Act, a federal law designed to protect consumers from cross-border fraud and deception. The Act enhances the agency’s ability to exchange information with foreign counterparts and helps protect consumers from cross-border spam and spyware distribution, as well as Internet fraud and deception. The FTC’s complaint charged eight defendants – Spear Systems, Inc., three other corporate defendants, and four individuals.

The Commission settled with three defendants in the case – Spear Systems, Inc. (a U.S. company) and two individuals, one in the United States and one in Australia – in May 2008. The agency was unable to reach settlements with the remaining five defendants, who are the subject of the court order announced today: Xavier Ratelle and Abaragidan Gnanendran, of Quebec, Canada; and corporate defendants 9151-1154 Quebec, Inc., 9064-9252 Quebec, Inc., and HBE, Inc. The final orders were entered by the United States District Court for the Northern District of Illinois, Eastern Division.

URL: http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=109242

In a ruling that could fuel debate about online privacy, a federal judge in Seattle has held that IP addresses are not personal information.

"In order for 'personally identifiable information' to be personally identifiable, it must identify a person. But an IP address identifies a computer," U.S. District Court Judge Richard Jones said in a written decision.
Jones issued the ruling in the context of a class-action lawsuit brought by consumers against Microsoft stemming from an update that automatically installed new anti-piracy software. In that case, which dates back to 2006, consumers alleged that Microsoft violated its user agreement by collecting IP addresses in the course of the updates. The consumers argued that Microsoft's user agreement only allowed the company to collect information that does not personally identify users. Microsoft argued that IP addresses do not identify users because the addresses don't include people's names or addresses. The company also said that it did not combine IP addresses with other information that could link them to individuals.
Last month, Jones sided with Microsoft and dismissed the case before trial.

But some say that Jones's decision about IP addresses is inconsistent with other recent opinions about the issue. Eric Goldman, director of the High Tech Law Institute at Santa Clara University, points out that the European Union considers IP addresses to be personal information. Last year, the EU said that search engines should expunge users' IP addresses as soon as possible.

Additionally, a court in New Jersey ruled last year that Internet service providers can't disclose users' IP addresses without a subpoena, on the theory that people expect their IP addresses will be kept private.
Marc Rotenberg, executive director of the Electronic Privacy Information Center, criticizes the Microsoft ruling as "a silly decision." "The judge didn't understand the significance of the IP address or the reason that it was collected," he says.

Rotenberg adds that the judge prematurely dismissed the case, arguing that more facts were needed to determine whether IP addresses were personally identifiable.

Today, industry observers say that IP addresses can be combined with other information to determine people's identity. In addition, even when IP addresses have been anonymized, it's possible to associate the account with a specific individual, given enough other information. The most famous example occurred in 2006, when AOL released search logs showing queries made by more than 650,000 members. The members' IP addresses had been changed, but the queries themselves contained enough clues to people's identities that The New York Times was able to find and profile one "anonymized" user, Thelma Arnold, within days. At the time of that incident, many companies took the position that IP addresses were not personally identifiable information.

Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum, adds that many sites with older privacy policies maintain that they don't collect personally identifiable information, but log IP addresses. "For many years, people just threw around the term 'personal information,'" he says. "They didn't pay attention to account IDs in the hands of third parties, IP addresses -- other types of information that, with some effort, could become identifiable."

It's that time of year again. If you're an email marketer, you're probably not thinking about hosting a back yard BBQ or staking out a spot on your favorite beach. Your head (and your company's bottom line) is much more focused on what's going to be in Santa's sleigh this year and how you can use email to ensure that your customers will be decking their halls with your products this holiday season.

Most email marketers plan their holiday strategy in the summer, and this year is no different. However, this year does bring with it a greater set of challenges. The current economic climate is stagnant at best. While the financial pundits predict signs of an upturn any day now, that hasn't translated to consumer spending. Purse strings are tight and marketers are going to have to work harder than ever this year to stand out from the rest of the holiday inbox clutter, resonate with their customers and provide relevant messaging that encourages brand loyalty and purchasing activity.

So what can a forward-thinking marketer do? The first step is to break free from the same type of "Free Shipping" messaging that was sent last year (and possibly the year before that, and the year before that). While discounts and savings are certainly relevant this year, sending the same one-dimensional messaging throughout the holiday season will only lead to subscriber fatigue (and possibly opt-outs and complaints) and won't differentiate your brand from the competition. Instead, consider implementing these tips to help you stand out:

If you don't know what your subscribers want to receive from you this holiday season, ask! The pre-holiday season (basically now through early October) is a great time to send out a subscriber survey that gives you insight into how you can really resonate with your subscribers this holiday season. What did they like (or not like) about your emails last year, in terms of content, offers, and frequency? What do they need the most help with? How much are they planning to spend, and on who? How can you help get them into the holiday shopping spirit? Offering an incentive (like an entry into a holiday contest, prize give-away or a coupon code) could improve response rates, and once you've received answers and feedback, be sure to actually use this data to make adjustments to your email program strategy.

Count down the season with a special holiday series. Ask subscribers for permission to send a new gift-giving series. Send the series once a day for a week or once a week for a month. Content can include gift ideas for her, for him, for the kids, for a budget ($50 and below), for the hard-to-shop-for friend or family member, or feature non-traditional gifts or eco-friendly items. Track sign-up rates and subscriber behavior across the series. Do all messages in the series perform well? Which ones get the most clicks and conversions? Which categories generate the most interest? The least? Start promoting the series in your fall campaigns and make it easy to sign-up for. Be sure that you set clear expectations about what subscribers will be getting, when they'll get it and for how long.

Give a little something extra. While sending email is first and foremost about driving sales, show your subscribers that you can still embrace the true meaning of the holiday season. Inspire them to tap into their holiday spirit and connect with friends and family by featuring extra helpings of content in at least one promotion a week. Consider sending a favorite cookie recipe (and give subscribers a forum for sharing theirs), instructions for a family-friendly craft idea, how subscribers can start a new holiday tradition, ideas for festive activities, or a how-to guide for hosting a great party or mixing the perfect cocktail.

By Michael Geist
Toronto Star
Jun 22, 2009

URL: http://www.thestar.com/sciencetech/article/654448

Last Thursday began as an ordinary, rainy spring day in Ottawa. Canadian politicians, having just avoided an unwanted election, were only two days away from an extended summer break.

Yet by the end of the day, a trio of events unfolded that could help shape the Internet in Canada for years to come.

The first took place mid-morning, with the introduction of new lawful access legislation.

The bills would dramatically change the Internet in Canada, requiring Internet service providers to install new surveillance capabilities, force them to disclose subscriber information such as name, address and email address without a court order, as well as grant police broad new powers to obtain Internet transmission data.

The introduction of the legislation by Justice Minister Rob Nicholson and Public Safety Minister Peter Van Loan – accompanied by more than a dozen law enforcement representatives –generated an immediate wave of criticism.

Internet service providers expressed concern about the cost of the program, while privacy groups lamented the government's about-face on the issue of court oversight since Stockwell Day, the previous public safety minister, had pledged not to introduce mandated disclosure of subscriber information without it.

Given the experience with misuse of surveillance powers in other countries, the bill will likely continue to attract attention as Canadians ask whether the government has struck the right balance between providing law enforcement with the necessary investigative powers, ensuring robust oversight, and preserving online privacy.

Hours later, the scene shifted to question period, where Liberal Industry critic Marc Garneau surprised Internet watchers by emphasizing the importance of an open Internet and declaring that the Liberal party now firmly supports net neutrality. The party has adopted a position opposing the management of Internet traffic that infringes privacy and targets specific websites, users and legitimate business applications.

The move represents an unexpected shift in policy direction just weeks before the Canadian Radio-television and Telecommunications Commission is scheduled to conduct hearings on network management practices. For months, the NDP has stood virtually alone among the major Canadian political parties in its support for web neutrality.

With the Liberals onside, the door is open for a bipartisan effort this fall to enshrine net neutrality principles into law.

Immediately after Question Period, the standing committee on industry held its final hearing before the break on the Electronic Commerce Protection Act, Canada's new anti-spam bill. Some business groups have sought to water down the legislative proposal, implausibly arguing that Canadian privacy law is sufficient to address persistent spamming activities and that the ECPA's tough penalties could dissuade talented business leaders from taking on corporate directorship positions for fear of potential liability.

Representatives from the Office of the Privacy Commissioner of Canada and the Competition Bureau and CRTC chairman Konrad von Finckenstein firmly put those fears to rest. Assistant Privacy Commissioner Elizabeth Denham rejected the view that current privacy laws are up to the task of countering Canadian spam and welcomed the clarity of the anti-spam bill.

Von Finckenstein was similarly supportive of the ECPA, expressing optimism about its potential to address long-standing spam concerns.