When Availiability Meets Legislation

Well, it looks like Canada is about to get an interesting kick in the business behind from government when it comes to business continuity. What? How could that be, Randall? What does legislation have to do with my ability to continue operations? Good question. You may not like the answer.

The new legislation is considered the most aggressive in any jurisdiction and has some provisions different from any other country on the planet. In the “Fast Facts” section of the new law, coming into effect in July 2014, it will generally prohibit:

sending of commercial electronic messages without the recipient’s consent (permission), including messages to email addresses and social networking accounts, and text messages sent to a cell phone;

Now, this looks really good on paper, until you dig deeper into the legislation. Suppose you have a customer that has installed your amazing banking software in production. Unless you have specific permission to contact your own customer by email, and you have to get it periodically because it expires, you may not be able to send them information about critical updates (fortunately not including mandated PCI security fixes and product safety notices). Out of warranty operational issues are not covered. I’m sure they won’t mind hearing about it, but you still have to get their permission. No problem, right? Well, suppose that you have done a great job and there have been no fixes or bugs or any other communication for two years. Their permission is out of date. You can’t tell them that something is wrong. Not by email anyway. What are you going to do? More importantly, what are they going to do? They get hit by the bug you fixed, but you couldn’t tell them. They are down and you might get sued, or not, depending on where province/state/country your license agreement is governed. Oops.

You cannot even send an email to a prospect asking them for permission to get in touch with them in most cases. If you had doubts about email being dead in Canada, doubt no longer.

The way this could work is to have a mechanism similar to Add Friend buttons in social media. If the legislators had worked with technology companies, this might have worked. It was discussed more than a decade ago. However, this was not done, so we now have gaps between legislation and technology that will result is a fair amount of chaos and damage to the economy.

On the other hand, the entire email spam situation can simply be implemented, without any legislation, if people use White Lists as the only allowable means of email receipt. Using that choice, no one would get spam or any communications whatsoever from anyone new, which appears to be the point of that part of the legislation.

There are a few things you can do, as a customer, to help your supplier operationally:

  • Consider “out of warranty warranties”. This would be a provision in your license agreement to have you be notified of all changes as warranty items, even if you are not paying for (or entitled to) warranty service.
  • More importantly, if there is any doubt, make sure you contact your vendor periodically to keep implied consent active. Or make your consent explicit.

As a vendor, make sure you have consent on record. Regardless of what may have been said in the press, and there are exceptions, implied consent essentially expires every two years without any other communications. So what you can do:

  • Keep in touch with all of your customers. This will keep implied consent alive.
  • Get explicit consent.

We’re still researching the proper procedure in dealing with this rather painful situation. Needless to say, we may have to send out some bulk mailings to obtain your permission so that we can let you know the answer, at least if we don’t have one before this law goes into effect.

Unfortunately for the pain and effort that we legitimate companies will have to go to, the legislation is unlikely to make any difference to the nasty spammers out there, who will simply move to a different country and send us spam anyway.

All I can say here is, please keep in touch. Unless you are a spammer, we are not going to have a problem with you sending us email communications or contact requests. You are our valued customers, and will we treat you with the respect you deserve.