Understanding (And Complying With) Canada’s Laws


Understanding (And Complying With) Canada’s Laws

Canada has a strong customer service culture, enabled and supported by contact centers. Canadians are noted—and perhaps stereotyped—for their patience and tolerance. For example, they will put up with queues but will also make it known, in no uncertain terms, their disapproval if someone jumps the line.

Consequently Canadians expect excellent service from the companies, non-profits, and government agencies and departments that market to and communicate with them and interact with. And that includes respecting privacy.

Canada’s laws and regulations have been shaped, it can be argued, as a result of this “get along, but don’t cross the line” attitude.

Or as the Constitution Act, originally the British North America Act (that had been passed by the British Parliament and given royal assent by Queen Victoria), put it, “peace, order and good government.”

Sara Clodman

To provide an understanding of Canada’s laws and regulations as these impact customer engagements, I recently had a virtual conversation with Sara Clodman, Vice President, Public Affairs and Thought Leadership, Canadian Marketing Association (CMA). Here are her insights.

Q. What are the key laws and regulations that contact centers must be aware of and comply with in Canada?

Trust lies at the heart of marketing. To earn and maintain trust, marketers need to abide by the laws and regulations that protect consumers and impact marketing activities across Canada.

Marketing in Canada is regulated at both the federal and provincial levels. Here is an overview of some key areas that contact centers need to know about. For more detailed explanations of the rules, check out the CMA’s wide range of guides and tools.

Dealing with personal information

Whenever employees or marketers at a contact center handle personal information, they need to ensure they’re abiding by Canadian privacy laws. This includes making sure they have appropriate consent from an individual to collect, use, or disclose their personal information.


The rules and regulations that govern telemarketing include: the federal Competition Act and the Canadian Radio-television Telecommunications Commission’s (CRTC) Unsolicited Telecommunications Rules (UTR), which include the Telemarketing Rules, Automatic Dialing-Announcing Device Rules, and the National DNCL (do not call [DNC] list) Rules.

Marketers must subscribe to the National DNCL and must remove any telephone numbers on that list from their marketing list when conducting consumer telemarketing or fax campaigns in accordance with the UTRs.

There are exemptions, for example, for political parties or Canadian registered charities, but even if you are operating under an exemption, there are rules that must be followed.

Marketing in Canada is regulated at both the federal and provincial levels.

Marketers must keep an internal DNC list, which must be used at the request of a current customer, consumer, or business. Numbers must be added within 14 days of the DNC request and are to be kept on this list for three years and 14 days.

Telemarketers must identify the callers, even if making exempt telemarketing calls. They must limit the hours of outbound telemarketing to certain hours and not engage in sequential dialing.

Additionally, the provinces of British Columbia and Manitoba have licensing requirements and their own rules.

Since we live in a global economy, marketers need to be aware of international laws that their organizations might be subject to. For example, the General Data Protection Regulation (GDPR) might be triggered when marketing to consumers in the European Union (EU).

Electronic messages

It is crucial for all Canadian marketers to abide by Canada’s Anti-Spam Legislation (CASL).

One of the most important aspects of CASL is its rules for sending commercial electronic messages (CEM), such as emails or text messages. Prior to sending CEMs, marketers need to ensure they have consent and abide by other requirements, like offering consumers a simple, quick way to opt out.

When sending SMS messages that are CEMs, marketers must also adhere to the Canadian Wireless Telecommunications Association’s Canadian Common Short Code Application Guidelines, which outline what wording short code advertisements must contain.

Consumer protection

Consumer protection laws at the provincial or territorial levels, and in Canada’s Competition Act, prohibit several types of activities. These include false and misleading advertising, bait-and-switch selling, sale of a product above its advertised price, misleading warranties and guarantees, and misrepresentation of goods or services.

Q. What major developments have taken place – or are underway – on privacy law?

Governments across Canada are in varying stages of reforming their private sector privacy laws.

Federally, Canada’s privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), is more than 20 years old.

While PIPEDA served Canada well for many years, it pre-dates the digital era and is due for a thoughtful update. We anticipate that the federal government will introduce a law this year that would ultimately replace it.

In September 2022, Quebec’s Bill 64 was passed, ushering in a new private sector privacy law for the province.

The new law includes significant enforcement penalties, new rights similar to EU’s GDPR for consumers, and stringent consent and transparency requirements. It will have important consequences for contact centers that do business in Quebec and those that handle the personal information of Quebec residents.

Most of Bill 64’s provisions will take effect in September 2023, and marketers should begin to prepare their compliance plans now. The CMA will be releasing guidance for marketers later in 2022.

In Ontario, the provincial government consulted in both 2020 and 2021 on the possibility of bringing a private sector privacy law to Ontario for the first time ever.

The province is not expected to proceed with a new law in the foreseeable future, and instead is expected to continue to rely on federal law for private sector privacy protection.

British Columbia consulted on reforming its Personal Information Protection Act (BC PIPA) in fall 2021. The provincial government released 34 recommendations for reform in December 2021. A bill is anticipated at the end of 2022 or early 2023.

Last year, Alberta followed suit and launched a brief survey on the need to reform its own Personal Information Protection Act (AB PIPA). The survey did not include detailed proposals for reform and more consultations are expected to come.

Generally speaking, once any of these bills become laws, there would be a transition period: likely in the range of 18-24 months.

The transition period is intended to give businesses the necessary time to adjust to the new rules and bring themselves into compliance, including updating their internal processes, and training staff on the new rules.

Q. What other legislation changes or actions by regulators have been made that affect contact centers?

In November 2021, the CRTC cracked down on caller ID spoofing, which is the altering of information that appears on a caller ID display to misrepresent the identity of the caller and thereby tricking the receiver of the call into answering.

Telemarketers that use technology to spoof their caller ID information with inaccurate, false, or misleading information are in direct violation of the requirement to accurately identify themselves and their clients.

The financial repercussions of caller ID spoofing can be significant. Each violation can lead to fines of up to CAD $1,500 for an individual and CAD $15,000 for a corporation. Also significant, though harder to measure, is the detrimental impact of these violations to a company’s reputation.

Q. What are your recommendations to help contact centers and their organizations with compliance?

First, get motivated to comply. Breaking the rules can be costly. If a marketer launches a campaign that doesn’t follow the rules, it impacts the reputation of the individual marketer and undermines the reputation of the profession.

Second, educate yourself. You can’t comply with the rules if you don’t know what they are. If you are working with consumers’ personal information, familiarize yourself with your organization’s compliance plan. If your organization does not have a plan, or if the plan does not provide sufficient guidance, propose changes.

As the marketing community’s foundation for self-regulation, the Canadian Marketing Code of Ethics and Standards provides a great summary of the relevant laws and best practices in Canada.

The CMA has a series of user-friendly guides and tools, as well as professional development offerings, webinars, and events, to help marketers better understand existing laws and keep pace with evolving compliance requirements.

Third, when in doubt, check with your legal team. To avoid problems that may arise later, it is better to seek legal advice before you start a new campaign or launch a new program. The CMA offers tons of resources and information on our website to support and inform marketers. To learn more, visit our website at thecma.ca.