Director and Officer Liability from New Legislation in Canada

New “Fighting Internet and Wireless Spam” (FISA) legislation, (Bill C-28) has too long a name to bother retyping, so you can find it here.

It is designed to make changes to the CRTC Act, the Competition Act, PIPEDA and the Telecommunications Act, with the intent to reduce unsolicited electronic contact including identity theft, phishing, spyware, viruses, and botnets . But, it will have a major impact on almost every business in the country (or at least those who want new customers.)

Basically, it regulates and puts restrictions on “commercial electronic messages”, and though it will be enforced by the Canadian Radio-television and Telecommunications Commission, they have taken the lazy way out, and put the enforcement in the hands of the plaintiff class action bar. Fines can be up to $1 million for individuals and $10 million for organizations per violation. But the true frequency and severity of loss will come from the private right of action and civil remedy for violation of the act or false or misleading representations provisions of the Competition Act, in amounts that could reach up to $1 million per day. And to pique the interest of plaintiff lawyers, the legislation includes risk of personal liability to officers and directors who (allegedly) “directed, authorized, acquiesced in or participated in the offending conduct” (not a difficult thing to allege, especially as most D&O issues are settled and the plaintiff doesn’t have to prove a thing.)

McCarthy Tétrault, here, has posted a few articles on the subject, hereand here, defining unsolicited electronic messages, exceptions and consent. The first one also includes steps that directors, officers and organizations should take. Thanks to James Gannon, Lorne P. Salzmanand Charles S. Morgan for their hard work.

From a D&O insurance context, there are a few exclusions that may trigger complete or partial denial of Bill C-28 based litigation against a director or officer. They may or may not be present in your policy, and you need to look for these, or have an independent and experienced D&O broker look for you.  Remember, there is no regulation of D&O insurance policy contracts in Canada, and there are dozens of insurers and hundreds of different policies.

The traditional “personal asset protection” coverage in a policy would not typically exclude an allegation of competition act violation. Some policies (usually those marketed to Private Entities) have explicit coverage for “Competition Act” violations, but this term is usually used to extend the policy to “entity coverage.” Such entity coverage may be great, if the maximum possible loss is less than the total policy limit of liability and you have a reinstatement of limit clause, but it could be catastrophic to the individual director or officer if the entity’s loss exhausts the limit of liability. Reinstatement of limit clauses are very rare and most companies to not maintain a limit of liability large enough to cover entity coverage, personal asset coverage, investigation costs, legal fees, and future unrelated-claim costs.

If you want to do your own D&O insurance coverage analysis, request from your broker a searchable electronic copy of the policy (please note, the policy includes, but is not limited to, the applications and endorsements) and do a word search for “competition”, “fines”, “penalties”, “notice”, “deliberate”, “severabl”, “impute”, “consent”,  and  “privacy”, and determine if it is exclusionary or an extension of coverage. The word search is important because exclusions in a D&O policy are not limited to the Exclusions section, they are hidden in Definitions and other places. The extent of Entity coverage is very difficult to determine, because it is not always in the form of explicit coverage, it can be found in a “carve-back” to an Exclusion, in “Allocation”, “Discovery” and “Definitions” (see “Insured”.) Finally, the response of the policy depends in large part on meeting the Notice provisions in the policy and on Severability (the potential to impute the knowledge or actions or one insured to another.)

If you do not want to do your own analysis, email me a copy of the policy and I can take a few minutes to guide you through it. Greg Shields, Partner, Mitchell Sandham Insurance Brokers, 416 862-5626, gshields@mitchellsandham.com.

The new law is still a few months away, but, like most regulation, it creeps up and the risk precedes the risk management. But, the sky is not falling. A little diligence, advice of experienced and independent advisors, and properly structured indemnity and insurance will significantly reduce the risk of personal loss.

CAUTION: The information contained in the Mitchell Sandham website or blog does not constitute a legal opinion or insurance advice and must not be construed as such. It is important to always consult an experienced and truly independent registered insurance broker and a lawyer who is a member of the Bar or Law Society of the relevant jurisdiction with regard to this material before making any insurance or legal decisions. All material is copyrighted by Mitchell Sandham Inc. and may not be reproduced in any form for commercial purposes without the express written consent of Mitchell Sandham Inc. Anyone seeking to link this site from any external website must receive the consent of Mitchell Sandham Inc. by sending an e-mail to gshields@mitchellsandham.com.