Director and Officer Liability from New Legislation in Canada

March 14, 2011

New “Fighting Internet and Wireless Spam” (FISA) legislation, (Bill C-28) has too long a name to bother retyping, so you can find it here.

It is designed to make changes to the CRTC Act, the Competition Act, PIPEDA and the Telecommunications Act, with the intent to reduce unsolicited electronic contact including identity theft, phishing, spyware, viruses, and botnets . But, it will have a major impact on almost every business in the country (or at least those who want new customers.)

Basically, it regulates and puts restrictions on “commercial electronic messages”, and though it will be enforced by the Canadian Radio-television and Telecommunications Commission, they have taken the lazy way out, and put the enforcement in the hands of the plaintiff class action bar. Fines can be up to $1 million for individuals and $10 million for organizations per violation. But the true frequency and severity of loss will come from the private right of action and civil remedy for violation of the act or false or misleading representations provisions of the Competition Act, in amounts that could reach up to $1 million per day. And to pique the interest of plaintiff lawyers, the legislation includes risk of personal liability to officers and directors who (allegedly) “directed, authorized, acquiesced in or participated in the offending conduct” (not a difficult thing to allege, especially as most D&O issues are settled and the plaintiff doesn’t have to prove a thing.)

McCarthy Tétrault, here, has posted a few articles on the subject, here and here, defining unsolicited electronic messages, exceptions and consent. The first one also includes steps that directors, officers and organizations should take. Thanks to James Gannon, Lorne P. Salzman and Charles S. Morgan for their hard work.

From a D&O insurance context, there are a few exclusions that may trigger complete or partial denial of Bill C-28 based litigation against a director or officer. They may or may not be present in your policy, and you need to look for these, or have an independent and experienced D&O broker look for you.  Remember, there is no regulation of D&O insurance policy contracts in Canada, and there are dozens of insurers and hundreds of different policies.

The traditional “personal asset protection” coverage in a policy would not typically exclude an allegation of competition act violation. Some policies (usually those marketed to Private Entities) have explicit coverage for “Competition Act” violations, but this term is usually used to extend the policy to “entity coverage.” Such entity coverage may be great, if the maximum possible loss is less than the total policy limit of liability and you have a reinstatement of limit clause, but it could be catastrophic to the individual director or officer if the entity’s loss exhausts the limit of liability. Reinstatement of limit clauses are very rare and most companies to not maintain a limit of liability large enough to cover entity coverage, personal asset coverage, investigation costs, legal fees, and future unrelated-claim costs.

If you want to do your own D&O insurance coverage analysis, request from your broker a searchable electronic copy of the policy (please note, the policy includes, but is not limited to, the applications and endorsements) and do a word search for “competition”, “fines”, “penalties”, “notice”, “deliberate”, “severabl”, “impute”, “consent”,  and  “privacy”, and determine if it is exclusionary or an extension of coverage. The word search is important because exclusions in a D&O policy are not limited to the Exclusions section, they are hidden in Definitions and other places. The extent of Entity coverage is very difficult to determine, because it is not always in the form of explicit coverage, it can be found in a “carve-back” to an Exclusion, in “Allocation”, “Discovery” and “Definitions” (see “Insured”.) Finally, the response of the policy depends in large part on meeting the Notice provisions in the policy and on Severability (the potential to impute the knowledge or actions or one insured to another.)

If you do not want to do your own analysis, email me a copy of the policy and I can take a few minutes to guide you through it. Greg Shields, Partner, Mitchell Sandham Insurance Brokers, 416 862-5626, gshields@mitchellsandham.com.

The new law is still a few months away, but, like most regulation, it creeps up and the risk precedes the risk management. But, the sky is not falling. A little diligence, advice of experienced and independent advisors, and properly structured indemnity and insurance will significantly reduce the risk of personal loss.

CAUTION: The information contained in the Mitchell Sandham website or blog does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult an experienced and truly independent registered insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this site from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.


Value of Communities and other Social Media, and Media / Advertising Risk

October 3, 2010

 

The value of Canadian electronic communities and other social media may be going up soon. The proposed legislation in Bill C-28 – the Fighting Internet and Wireless Spam Act (FISA) – will make some significant changes to the law. It will require consent for any email or text messages. Senders of electronic messages will be required to identify themselves, provide contact information and include an unsubscribe feature. Consent will be required for any software or program installation and the consent feature must first disclose any undesirable functions, including the collection of personal information. The FISA will prohibit alteration of data or the diverting of messages to an unintended destination.

The risks to electronic advertisers and media companies will also increase, because the Office of the Privacy Commissioner (OPC), the CRTC and the Competition Bureau will have new powers to share information and evidence with foreign counterparts to pursue violators outside of Canada, and therefore purse Canadians violating our laws in other countries. Penalties of violation of the FISA can be up to $1 million for individuals and up to $10 million for businesses. The Competition Act will be extended to false or misleading marketing in electronic messages. Certain exceptions within the Personal Information Protection and Electronic Documents Act (PIPEDA) will be restricted. And a private right of action will be extended to consumers and businesses to allow lawsuits for violation of FISA. The suggested damage awards are fierce, including $200 per violation to a maximum of $1 million per day, and actual loss, damages and expenses. And, if the Consumer Protection Act can be brought into play, the  recent Appeals Court decision in Riendeau v. Brault & Martineau (a great description of the risk was presented in an article No Crime, Lots of Punishment, here, available in Mondaq, by Donald Bisson and Shaun Emery Finn, of McCarthy Tetrault, here,) could mean substantial punitive damages, even without compensatory damages, and Class Action exposures. (The insurance aside to this is that many Professional Liability and D&O policies can only be triggered based on ‘compensatory’ damages, and if this portion of potential loss is not triggered then there might be no defence costs available from the policy.) There is a great article by Arnold Ceballos, here, in Lawyers Weekly, here, provides much better description of bill C-28.

The intent of most evolving legislation on electronic communication is to deter spyware, malware, phishing and the other vehicles used for theft of private information, identity or direct money. FISA might not accomplish that on its own, but it looks like it is going to make waves. The promotion on this bill suggests it is focused on ‘criminal spammers’ and that taking the ‘pro-spam’ side could be political suicide. However, I am sure the law of unintended consequences (are they really unintended by everyone?) will apply and the bill could significantly alter the way legitimate businesses operate, and it could very likely increase the current cost and risks of doing business.

When we think of Social Networks, we think of Facebook and Twitter, but there is a universe of ‘electronic communities’. Message boards, interactive blog sites, membership based information providers, are all communities based on ‘opt-in’ or ‘consent’ based interaction, even if some privacy aspects were not fully understood or communicated. If FISA is farther reaching than criminal spamming and has the affect of stopping other legitimate unsolicited contact, opt-in communities might be the only way to legally reach a large audience. However, the use of a community for distribution has risks. If you want to avoid the direct advertising costs to reach the members of a community, you will have to go through the slow and painstaking task of building your own membership within each community by producing content that is attractive to users. Some companies might urge employees to help with this new method of distribution by building their individual social networks to help promote the company. The result is a lack of control and oversight or what is legitimately considered media and advertising activity.

It was not that many years ago that it was impossible for the average person or small company to reach a very large audience with any message. Now, one blog comment, tweet or video can ‘go viral’ and be viewed by millions of people within minutes. A few weeks ago I was sitting in my office, looking South down University, and could see a mass of black smoke billowing from a high-rise. I could not tell which building or the location, so I searched a number of different main-stream media sites, and could not find any information. It took them at least ten minutes to report on the story, but I had already gone to twitter and viewed multiple pictures from different angles, and knew the exact building and location of the fire, all within 60 seconds of seeing the smoke. One tweet about beg-bugs in a movie theatre is seen by millions of people and immediately broadcasted on mainstream media.

Many companies seeking to get that ‘viral’ hit for free corporate publicity will have almost no media experience and have few or no controls regarding copyright (music, art, video, image or print), libel, slander or defamation, and no planned response to a publication crisis. Many will say “there is no bad publicity” or “I will worry about that after I am able to reach 6 million people.” The problem is that electronic media cannot be controlled, it can’t be erased or deleted, and even an effort to mitigate a loss by ‘printing a retraction’ will not have the same affect because there is no chance the retraction will reach the same audience.

We have incredible opportunity to share information and promote ourselves and our businesses, but it does not come without risk. Legislative changes, like the proposed Bill C-28, PIPEDA and many others, might reduce annoying, invasive or even harmful electronic communication; might reduce the current level of disruption of online commerce; might increase consumer confidence and the electronic marketplace; but it won’t do any of this with risk.

Greg Shields, Partner, Mitchell Sandham Insurance Brokers, 416 862-5626, gshields@mitchellsandham.com

CAUTION: The information contained in the Mitchell Sandham website or blog does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult a registered insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decision. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this site from any external website must seek the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.