Authors: Kristél Kriel, Olamide Pedro
Many organizations have increased their online operations in the past few years in response to COVID-19. Online operations are often critical to your ongoing success, but you may face legal risks if you are not compliant with applicable laws.
In this blog, we’ll provide a brief overview of five key questions and offer resources to help you avoid unexpected risks.
1. Do you have a good privacy policy?
Organizations operating in Canada are required to have a compliance program to meet privacy law requirements. A key element of this program is having a privacy policy on your website.
Your privacy policy must meet certain requirements, such as explaining what information you’re collecting, why you’re collecting it, how you’re using it, how you’re protecting it and who you’re sharing it with. Your privacy policy should be user-friendly and make users aware of your key privacy practices, as well as how they can access and control their own personal information. You should also review and update your privacy policy regularly to reflect changes in privacy laws and best practices.
If you think you can just copy and paste your privacy policy from various other sources, think again. In addition to possibly exposing yourself to copyright infringement claims, copying privacy policies from other websites could leave you with a policy that is not compliant with privacy laws. Consulting a legal professional when you’re drafting a privacy policy could save you significant costs in the long run.
To learn more about privacy policies, check out this blog.
2. Do you have good terms of use?
Your online operations should also include terms of use that explain the terms, conditions, requirements and rules regarding the use of your site and platform. These terms serve as the contract between you and your website users.
Terms of use can also give you flexibility, protect you and limit your liability. They should establish the type of conduct that is prohibited on your website and put certain obligations on users. Typically, these terms will cover applicable laws and address matters such as security and unauthorized use of your intellectual property. Your terms should also assign risks related to using your website and create flexibility for you to take action as needed (for example, in the event of abusive behaviour by users).
For your terms of use to be enforceable, your users must be aware of them and agree to them. Users should typically be given multiple opportunities to review and agree to your terms of use. For example:
- Have users scroll through the terms of use and click “I agree” when they open an account
- Require users to agree to your terms of use when they make a purchase
- Make your terms of use readily available for review on your website
For more details on terms of use, see this blog or our terms of use blog.
3. Are you CASL compliant?
Canada’s Anti-Spam Legislation (CASL) is among the world’s strictest laws about electronically contacting users for commercial purposes.
Electronic communications can be a great way for you to drive more engagement and sales. However, before sending out any promotional emails, it’s imperative that you meet CASL’s requirements. CASL requires you to obtain consent before sending commercial emails and other electronic messages to your customers. You must also include certain content, such as the option to unsubscribe, in your electronic communications. CASL complaints and investigations are common, with roughly 6,000 complaints made to the CRTC (the agency responsible for enforcing CASL) per week. Significant fines have also been levied against people who have flouted CASL rules, with enforcement actions resulting in more than $1.9 million payable in penalties since CASL came into force.
When users are accessing your website, you have a golden opportunity to obtain their consent to receive marketing and other communications from you, but it is important to set this up correctly. If you’re interested in learning more about how to comply with CASL, check out this blog, which includes a link to download our complimentary CASL Compliance Guide and Checklist.
4. Do you meet the consumer protection requirements?
Consumer protection legislation in Canada generally applies when you are providing goods or services to an individual for non-business purposes. The terms and conditions of your online operations and any resulting contracts must comply with any applicable provisions of the consumer protection laws in your jurisdiction (this can include certain disclosure requirements in your contracts as well as cancellation rights). Legal counsel can help you determine what consumer protection laws apply to your online operations and review your agreements to confirm they are compliant.
5. Are you protecting your online operations and information?
Taking cybersecurity seriously to protect your organization and your users is extremely important. Failing to do so can lead to significant financial and reputational consequences. The best way to minimize your risk is to be diligent and do the preventative work up front. This can save you significant time and resources later on. Our team has published a number of cybersecurity resources. Learn more on our Privacy, Data Protection & Cybersecurity page.
The lawyers in the MLT Aikins Innovation, Data & Technology team have helped countless organizations with developing and implementing online operations. We have extensive experience with the above considerations and would be pleased to assist you with your online operations. Contact us to learn more.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.