Industry Committee on Oct. 26th, 2017

We almost always use flat rates, precisely because we don't want businesses to hold off on calling us for help.

For a one-person enterprise, a retailer, artisan, self-employed worker or freelancer, we charge $699 plus tax. For a 2-to-10 employee business, we charge $1,249 plus tax. For a business with 11 to 300 employees, the cost will vary according to the specifics of the business. We will ask them a few questions in order to come up with a customized flat rate. For those businesses, our rates vary from $3,000 to $15,000. A 300-employee business that is complex and has a lot of systems might be charged up to $15,000. That said, over the past four years, we have never charged anyone that much.

I don't have anywhere near the detailed data that Mr. Le Roux has, but I can offer a couple of examples.

I had a client—I obviously can't name them—who wanted to dig into issues around text messaging. I can't remember what the bill was, but if memory serves, it was several thousand dollars. It may have been as high as $10,000. It wasn't a massive bill, but it wasn't nothing.

In my own firm, we didn't spend a lot of money, but that's because I spent a lot of my time—several thousand dollars' worth of time—on our newsletter list. We are employing a guy right now on contract who's going through and updating the implied consents and so forth.

I'll anticipate Monsieur Le Roux's comment. He's right: it's a best practice to do that anyway, because of course databases age and you should be updating those. Some of what someone might call a compliance cost is in fact a cost of maintaining a good database, but it's not negligible.

There are companies out there offering these plug-ins at about eight bucks a user to monitor and intervene so you can't accidentally send a spam email. Eight bucks a user doesn't sound like much, but consider that your cost of Microsoft Office, depending on the package you buy, is around $12 to $25 a user. That's a significant increment on a per-user IT cost for an organization.

Oh, oh!

The exemption in the regulations right now refers to messages sent by or on behalf of charities, and so our hope would be that in those cases where people are outsourcing some of that messaging, it would be the same sort of thing.

Again, we supported the suspension, especially knowing that the review by the committee was coming up. We thought that made a lot of sense. But when we're dealing with organizations large and small, for which the board members are members of the community who are volunteers doing this to serve their community, the prospect of personally being liable under a PRA if the organization either doesn't have assets or doesn't have sufficient assets is troubling to a lot of organizations. As I said, in the survey we did, more than half the charities were concerned. Being aware of this, they're not going to be able to recruit board members in the future because of that potential issue.

What we would like the CRTC to do first and foremost is clarify its interpretation of the act. We identified about a hundred compliance issues for an ordinary SME. For half of these problems, we do not know what the CRTC's interpretation would be. What we see based on the rare published cases or rare details it provides, or the conferences it holds, is that there is a systematically radical and restrictive interpretation. Everything that seems to make good sense should be permitted, authorized or managed by the CRTC. However, the positions the CRTC adopts never seem to proceed from logic or common sense; this creates a climate of fear and uncertainly which makes the compliance process more cumbersome.

Consequently, one of our recommendations would be that the CRTC create an advisory committee comprised of representatives from marketing, compliance, and consumer representatives; in short, people who represent the various stakeholders. Their role would not be to determine the interpretation, but they could play an advisory role to the CRTC to help it to interpret the provisions well. Such a committee could accelerate the CRTC's interpretation process. It is not normal that after three years only three small rules have been explained, while all the rest are still vague and we have no idea where we are headed.

We have another suggestion to make concerning the CRTC. Currently there is a discretionary fine model. The CRTC examines the penalty amount in light of its criteria — I won't say it tosses a coin — up to a maximum of $10 million. When an SME learns that it could be liable for a $10-million fine for missent emails, it is incredulous. The figure is so gigantic that the deterrent effect is lost. In addition, I expect that the CRTC, in order to be able to justify imposing a fine of $200,000 or $300,000, must compile quite an extensive investigation file. Since it takes a long time to do that, it processes very few files.

We recommend that there be a guideline for the fines, including a maximum and a minimum. According to this scale, a first breach that seems to have been an error, committed in good faith, would be liable to a fine of $5,000 or $10,000, for instance. In the case of a large business, the fine for a first offence resulting from an error made in good faith would be more on the order of $50,000. For someone who reoffends, the amount would be higher. If you see that it was not an error committed in good faith, but that the company intended to break the law, then the penalty would be higher. If a scale of that type were brought in, the CRTC's burden of proof and substantiation would be lightened, and this would allow it to process more files. This would also send businesses the message that everyone must respect the law. I believe this would have a much stronger deterrent effect.

The presentations I heard from people who spoke on behalf of small businesses were essentially from the Canadian Federation of Independent Business, the CFIB, and the Canadian Chamber of Commerce. As members of the CFIB, we receive its emails. I also heard representatives from the Retail Council of Quebec. These organizations are dinosaurs with regard to digital marketing. I apologize for saying that, but people who know me know that I am a person of integrity. The Retail Council of Quebec contributed to the fact that the retail industry fell behind in e-trade. It spent years saying that it was not important; then all of a sudden it realized that it was important and it changed its tune, but the ship had already sailed, and Quebec's retailers were already behind in all this. I regularly receive the CFIB newsletters and emails, and their electronic marketing is not effective. It must not obtain very good results. There may even be complaints regarding compliance with the law.

These organizations do not represent reality of SMEs. We were talking about new businesses earlier, start-ups. They were created in this digital universe. In today's world, the last thing you want to do is displease a client or a potential client by sending him information that does not interest him, while letting him know that he can delete the email if he does not want it. That is harmful to its brand and reputation.

Frankly, here is what I recommend. In fact, one of the blog posts we wrote recently had the following subtitle: “Is there a marketer in the room?” That is the role I try to play. I would say that you should talk to people who are SME email marketing specialists. There are enterprises that do a lot of work in this area. Those people will be able to tell you what really needs to be done and what the practices are.

I hear a lot about theoretical cases and hypotheses in the testimony. The comments were abstract and theoretical. That is normal on the part of lawyers who are not marketing specialists, because this is not their trade and this is not what is expected of them. However, we have been doing email marketing for 20 years; some things work and others don't. We have data. I could show you graphs that show how 10 times fewer subscribers can generate twice as many clients. A good message sent to 1,000 people generates more sales than a moderately effective message sent to several thousand people.

With regard to the data, there were three studies done on SMEs in 2017. This is recent; I won't go back to 2014. We did a survey in February of about one hundred SMEs in Quebec, in all sectors. The Insurance and Investment Journal, a magazine published by the insurance industry, conducted a study involving 500 Quebec insurance companies in March. Fasken Martineau and the Direct Marketing Association of Canada surveyed 200 or 300 Canadian enterprises. If you extrapolate the data collected from these surveys, they show that between 5% and 15% of Canadian businesses may be in compliance with CRTC requirements. That means that 85% to 95% of businesses absolutely do not comply with the law at this time.

As to motivation, the issue is that in Quebec, there is only one organization that talks about compliance programs, and that is Certimail. The CRTC has never come to Quebec to talk about compliance programs. Mr. Harroun told you that he was very proud to have raised the awareness of 1,200 businesses during his conference tour in Toronto this spring. The Insurance and Investment Journal contacted the CRTC in the spring to invite one of the members of Mr. Harroun's team to do a presentation on Canada's Anti-Spam Act at an insurance industry seminar. The CRTC only responded in September, and declined the invitation. The seminar was cancelled. Four hundred enterprises were going to participate. Those 400 enterprises still have not been given the information.

Oh, oh!

That would work with the highway traffic act as well. Oh, oh!