Many U.S.-based companies extend their service and product reach into Canada with the assumption that our northern neighbors have the same regulatory and legal requirements. Unfortunately, this is not the case. For organizations leveraging digital — whether web, mobile, email, social or another channel — this can lead to business risk in the form of fines, reputation loss, or even an order to cease business.

The U.S. and Canadian regulations differ on a number of fronts, including accessibility (digital access to those with a disability), privacy, record keeping, language (French in Quebec), data localization, and most recent data breach notification. If this all seems far-fetched, consider the following cases:

• Williams-Sonoma group, which owns Pottery Barn, had its website blocked from access by Quebec site visitors until it could re-launch the site in French and cater to the local audience in full compliance with the localization law.
• Kellogg Canada, Inc. agreed to pay a $60,000 fine for alleged anti-spam violation for sending out email via the third party in violation of Canada’s anti-spam legislation that doesn’t exist in the U.S.
• Amazon was fined $840,000 by Canada’s Competition Bureau for misleading consumers by comparing its online prices with a so-called list price to illustrate what savings could be had, thus constituting false online advertising.

As an organization with a digital presence in Canada, you should name an individual responsible for addressing digital risk exposure in the Canadian market. It can be daunting to address all of the requirements, especially if you are a smaller organization without dedicated staff to identify the requirements and potential risks and formulate an appropriate response. If you find yourself with limited resources, consider partnering with an external vendor who can support you in meeting your organization’s digital obligations.

While it is easy to assume that the same legal and regulatory requirements apply to our neighbor to the north solely because of the shared language and similar cultural aspects, nothing can be further from the truth. Whether you currently have a digital presence targeting the Canadian market or are looking to expand your presence into new territory, consider taking the following steps:

1. Schedule a meeting between marketing and in-house legal counsel to determine and understand your organization’s obligations under Canada’s regulations and legislation. If you do not have in-house legal counsel, find an external vendor who knows the digital landscape and Canadian law to support you in this.
2. Review and update, or define new digital policies to enable staff (whether in the U.S. or in Canada) to implement the policy obligations.
3. Partner with your procurement and contracting department to ensure that all third parties and vendors are contractually held accountable for meeting policy expectations.
4. Create a communications and training plan, and provide implementation support to staff, 3rd parties and vendors on how to meet policy requirements and proactively gauge any challenges to adoption.
5. Review and measure policy compliance, and develop action plans to remediate non-compliance. Such plans should address a clear set of actions. If additional resources are required, this should be escalated through the budgetary process.

With this five-step process in hand, you should be ready to tackle your online operations in the U.S. and in Canada. Bonne chance, for the local market, or good luck!

Photo by Silvestri Matteo on Unsplash