Bakers Journal

Following FISA

May 16, 2011
By Jessica Foster

When Bill C-28 comes into effect in September, bakeries will want to
make sure their marketing communications methodologies are on the right
side of this law. Failure to comply could cost individuals up to $1
million in fines and corporations up to $10 million dollars per

When Bill C-28 comes into effect in September, bakeries will want to make sure their marketing communications methodologies are on the right side of this law. Failure to comply could cost individuals up to $1 million in fines and corporations up to $10 million dollars per infraction. The bill is 79 pages long, and it is complex. This article is not intended to provide legal advice nor a complete analysis of the Act, but rather to inform readers of the potential ramifications for their day-to-day business practices.


Bill C-28 is called the Fighting Internet and Wireless Spam Act (FISA). Its intended effect is to deter and prevent deceptive and damaging forms of spam and Internet practices. After long consultations with industry, organizations, legal experts and interested parties, Canada has now passed a bill that is intended to increase the reliability and trustworthiness of the digital economy for Canadians. The full version of this bill can be viewed on Industry Canada’s website at

The legislation will deal with how, when, where and why you are authorized to send commercial electronic messages. Commercial electronic messages that may affect your business include e-mails, text messages, instant messages, social media messages, telephone calls, and voicemail messages that are intended to solicit business.

You may be asking yourself the following question: “As a legitimate business, how can FISA affect the day-to-day operation of my bakery?”

In a nutshell, under the new rules of the FISA you are now required to obtain permission (either implied or expressed) from your potential customers before you can legally send them electronic messages about your business and services. In addition, you would be well advised to maintain records so that you are able to prove, if needed, that you have received this permission.

A commercial message is a message that contains content that is intended to solicit business or commerce. FISA covers more than just the words contained in the message. It also includes commercial website page content, but only if a link to that page is included in the transmitted message.

As mentioned, FISA requires that you receive permission from your customers and potential customers before you communicate with them electronically about your business and services. Within the act, both expressed and implied permissions are acceptable. What is the difference between the two?

Express permission describes a situation in which customers, or potential customers, have formally “opted-in” to receive commercial messages from you. They check a box on a website registration form, or mail in a point-of-purchase postcard requesting your communiqués. This is, by far, the strongest form of consent, as it is very clear what your clients’ intent is with respect to you marketing to them.

Implied permission, on the other hand, denotes consent that is not actually stated, but is inferred by another action taken by your customers. For example, when you already have an existing business relationship with customers, it is implied that they expect ongoing business-related communications from you.

In addition, implied permission may include persons you may not even know, as long as their business and duties are relevant to your business and their contact information has been made publicly available to you. You do, however, need to ensure that persons who publish their contact information have not also published a disclaimer along with it, stating that they do not wish to receive commercial messages.

When you stop to think about this for a minute, you will quickly recognize that it can be very easy for you to obtain permission from your clients without deviating from your regular day-to-day practices. Here are just a couple of ideas you may want to consider implementing:

  • If your bakery offers customers the option of ordering products ahead of time, why not add a checkbox to your order form that simply states, “I understand and agree that I may receive communications from you electronically about your products and related services.” Once checked, this would be an example of clients giving you expressed permission for you to communicate with them about your business and services.
  • An example of implied consent would be when a new client visits your website and requests information about a class your bakery offers. This action is inviting a business relationship with you and therefore is implied permission for you to communicate with them.

In both cases, there will be adequate documentation for you to provide proof of consent later, if you are ever required to do so.

There are two more very important issues that FISA compliance requires and that may affect the way you presently communicate with your customers. These include, but are not limited to:

  • All the commercial message e-mail and electronic newsletters you send to your customers must contain the full name of the sender along with valid contact information. You are likely already doing this, as it is only common sense to provide your customers with a way to get back in touch with you. That said, with FISA, it is no longer an option, but a must-have.
  • All of your commercial messages must provide the recipient with a working mechanism, manual or otherwise, for them to opt-out of receiving any further electronic correspondence from you. It is also very important that you monitor and honour these unsubscribe requests to ensure FISA compliance.

FISA in no way should reduce or hinder your legitimate business practices. So don’t panic. The core requirements of FISA are straightforward to adopt into your day-to-day operations, and are not costly.

One of the results of this legislation will be the desirability for bakeries and other commercial ventures to maintain relevant and legitimate contact with customers and potential customers. There are affordable management systems available that will help you build your business by engaging your customers and potential customers through professional, interactive
website tools and legitimate e-mail correspondence. These systems also will help you maintain your client list and minimize the time required to legitimately correspond with your customers through mass e-mailing tools and automation – all the while maintaining FISA compliance.

While visiting your website, potential customers will gladly provide you with consent if by doing so they believe it will be beneficial to them. They will welcome the convenience of online website tools such as newsletter subscriptions and class registrations, to name a few, through which they may willingly provide you with their e-mail address and consent to receive further communications from you, all well within the rules of FISA.

As mentioned at the outset of this article, the new FISA legislation will come into effect in September.
This leaves you plenty of time to consider its implications and put appropriate business practices in place to ensure your compliance in electronic communications.

Jessica Foster writes collaboratively with co-staff on behalf of mindZplay Solutions, a developer of websites and online software solutions that enable small businesses, professionals and volunteer organizations in a variety of industries to benefit from Internet technologies. Visit or 888-373-6996.

Print this page


Stories continue below