Advertising & Marketing Review

December 2009

Advertising and Marketing News and Topics

Content to follow:

Competition Bureau Provides Guidance on Rebate Promotions

By Meredith Ashton

On September 21, 2009, the Competition Bureau (Bureau) published Enforcement Guidelines on Consumer Rebate Promotions (Guidelines). While these Guidelines do not have the force of law, they set out the Bureau’s approach to interpreting the false or misleading representation provisions of the Competition Act (Act), the Consumer Packaging and Labelling Act and the Textile Labelling Act as they apply to consumer rebate offers and promotions.

In the Guidelines, the Bureau confirms that the misleading advertising provisions of the Act do apply to rebates and recommends that manufacturers and retailers also take into account the ordinary selling price provisions of the Act when promoting rebates.

Rebate Promotion as Misrepresentation

The Guidelines provide examples of five circumstances in which a rebate promotion could be considered to be a false or misleading representation:

  1. failing to clearly and conspicuously disclose all of the rebate’s material conditions, limitations and exclusions. (Note that disclosure inside a product’s packaging or on the website where a consumer applies for the rebate is unlikely to constitute adequate disclosure);
  2. disguising a rebate as the sale price or regular price (e.g., displaying the “after rebate” price in the largest font in the advertisement or using the term “save” to give the impression that the price is the result of a sale rather than a rebate);
  3. failing to prominently disclose the type of rebate such that a mail-in rebate could be disguised as an instant rebate;
  4. offering a credit in gift card form to be used on future purchases and advertising the retail price as the regular price minus the value of the credit such that a consumer believes that a rebate is being offered so that the product can be purchased at the advertised price; and
  5. failing to use a transparent and efficient rebate fulfillment method.

The Bureau will consider both the general impression and literal meaning conveyed by a rebate offer in determining whether there has been a false or misleading representation.

Best Practices

The Guidelines also provide manufacturers and retailers with recommendations for best practices to reduce the risk of making a false or misleading representation in connection with a rebate offer  including clear and prominent disclosure of: all terms and conditions; the before rebate price; the amount of the rebate; and the form of rebate (mail-in or instant).

Competition Bureau Issues Guidelines for “Product of Canada” and “Made in Canada” for Non-Food Products

By James Blackburn

In the October 2008 issue of the Osler Advertising and Marketing Review, we reported on the Canadian Food Labelling Initiative (CFLI). The initiative included a plan to update the guidelines for the use of “Product of Canada” and “Made in Canada” claims on food labels and advertising. These guidelines came into effect December 31, 2008 under the enforcement of the Canadian Food Inspection Agency. On July 10, 2009, the Competition Bureau, which enforces the Consumer Packaging and Labelling Act (CPLA) only as it relates to non-food products, issued its draft Enforcement Guidelines relating to “Product of Canada” and “Made in Canada” Claims (Draft Guidelines). The consultation period on the Draft Guidelines closed on October 8, 2009 and the final version is expected to be released sometime in the New Year.

The Draft Guidelines describe the Bureau’s approach to assessing “Product of Canada” and “Made in Canada” claims for non-food products under the false and misleading representations provisions of the Competition Act, the CPLA and the Textile Labelling Act. They will replace the Bureau’s current Guide to “Made in Canada” Claims, which has been in place since the early 1980s. The objective of the Draft Guidelines is to ensure greater consistency and transparency with respect to these claims. They are intended to provide guidance to businesses in developing policies to prevent contravention of the false or misleading representations provisions of the above-mentioned statutes.

Canadian Content Thresholds

Of particular significance are the Canadian content thresholds established for “Product of Canada” claims and “Made in Canada” claims. A product may be labelled “Product of Canada” only if it meets the threshold of 98% Canadian content, whereas a “Made in Canada” claim requires that a 51% Canadian content threshold be met and that the claim be accompanied by a qualifying statement (e.g., “Made in Canada with imported parts”).  For either claim to be made, the last substantial transformation of the product must have occurred in Canada.

The Draft Guidelines contain a more restrictive approach to “Made in Canada” claims than does the CFLI.  Whereas the Draft Guidelines require a minimum of 51% Canadian content for such a claim to be made, the CFLI permits a food product to be labelled “Made in Canada from domestic and imported ingredients” even if the Canadian content is minimal. This inconsistency between the respective approaches to food and non-food products may cause confusion among consumers. Further, the requirement under the Draft Guidelines of a qualifying statement for “Made in Canada” claims will result in many Canadian businesses having to change their existing packaging to include such a statement. The Bureau has not indicated whether businesses would be provided with a significant grace period during which they could continue to use their existing packaging.

We will continue to monitor the status of the Draft Guidelines and will report on any developments in upcoming issues of the Osler Advertising and Marketing Review.

Advertising Standards Canada Waives Checkered Flag at Unsafe Auto Ads

By Meredith Ashton

On September 24, 2009, Advertising Standards Canada (ASC) published the new voluntary Interpretation Guideline #4 – Alleged Infractions of Clauses #10 or #14: Motor Vehicle Advertising (Guidelines). The Guidelines were collaboratively developed by: the ASC; the Société de l’assurance automobile due Québec; the Canadian Council of Motor Transport Administrators; the Canadian Vehicle Manufacturers of Canada; the Association of Canadian Advertisers; the Association des agences de publicité du Québec; Transport Canada; and the Ontario, British Columbia, Alberta, Saskatchewan, Manitoba and Yukon provincial governments.

The Guidelines aim to put the brakes on motor vehicle advertising that depicts hyper-accelerated, dangerous and illegal driving practices which stakeholders believe disrespect Canadian road safety and breach the Canadian Code of Advertising Standards (Code), specifically Clause 10 (Safety) and Clause 14 (Unacceptable Depictions and Portrayals). In 2008, 108 complaints about automotive advertising were submitted to the ASC. Thirty-eight of these complaints were upheld by the Consumer Response Council (Council).

Developing an Auto Advertisement

When Council evaluates a complaint that a motor vehicle advertisement contravenes Clause 10 of the Code, it will now consider four broad questions which relate to speed and unsafe driving practices. To reduce the risk that Council will answer these questions affirmatively, thus increasing the likelihood that the complaint will be upheld, motor vehicle manufacturers and advertisers should ensure the following when developing an auto advertisement:

    • a. the depiction of the performance, power or acceleration of the vehicle does not convey the impression that it is acceptable to exceed speed limits;
    • b. the depiction of a vehicle’s handling ability does not involve potentially unsafe actions such as cutting in and out of traffic, excessively aggressive driving or car chases in a residential setting; and
    • c. the depicted situation does not condone or encourage unsafe driving practices.

Manufacturers and advertisers should also consider whether the advertisement’s depiction appears realistic or unreal and fantasy-like such that it would not likely be copied or emulated in real life.

The Guidelines further stipulate that Council will take into account four questions relating to speed, racing and unsafe or illegal driving practices if a complainant alleges that a motor vehicle advertisement contravenes Clauses 10 and 14 of the Code. To reduce the likelihood that such a complaint will be upheld, motor vehicle manufacturers and advertisers should ensure the following when developing an advertisement:  

  • d.  the vehicle is not operated in violation of applicable laws, beyond a reasonable speed under the circumstances (taking into account the portrayed road, weather, traffic and surrounding conditions) or over usual speed limits in Canada;
  • e.  taking into consideration the advertisement as a whole, including visual and audio messages, the depiction of the performance, power or acceleration and braking of the vehicle does not convey the impression that it is acceptable to exceed speed limits or otherwise operate a vehicle unsafely or illegally;
  • f.  taking into consideration the advertisement as a whole, including visual and audio messages, the depiction of racing, rallies and other competition environments does not convey the impression that production vehicles could be driven like racing or competition vehicles on a public roadway; and
  • g.  the advertisement does not encourage or endorse vehicle use that is aggressive, violent or injurious toward other road users nor does it disparage cautious behaviour when using a vehicle.

Merchant Compliance with Payment Card Industry Data Security Standard Necessary to Manage Risks

By Simon Hodgett 

Any business participating in the payment card system needs to understand the Payment Card Industry Data Security Standard (PCI Standard) to manage risks accordingly. The PCI Standard is intended to apply to all organizations that store, process or transmit cardholder data in the course of carrying out credit card transactions. It is maintained by the PCI Security Standards Council, which is a membership-based organization led by the credit card brands. Given the breadth of its application, the PCI Standard has become one of the more influential security standards for the regulation of data protection. It is vital that any business subject to the PCI Standard keep up-to-date with modifications to that standard and ensure that its personnel are directed to remain compliant with the most current versions of the PCI Standard.

Application of PCI Standard

The PCI Standard is not a legislative requirement. Rather, it is implemented through agreements that govern credit card systems (i.e., agreements between merchants and financial institutions or transaction processors that receive transactions (“acquirers”) and between acquirers and credit card companies).

Merchant agreements are typically characterized by strong protections for the acquirers and credit card companies, and substantial obligations and liability for the merchant. Merchant agreements entered into recently specifically set out an obligation to keep current with the PCI Standard, and generally indicate that the merchant will be liable for any fines, penalties or liabilities arising from a failure to comply. Acquirers and credit card companies are usually granted rights to audit the merchant and its systems to ensure that the PCI Standard is being followed. Merchant agreements generally do not contain any limitation of liability.

Compliance with the PCI Standard

Under the PCI Standard, organizations that store, process or transmit cardholder data must meet the following 12 broad requirements:

  • install and maintain a firewall configuration to protect cardholder data;
  • avoid using vendor-supplied defaults for system passwords and other security settings;
  • adopt measures to protect cardholder data;
  • use encryption of cardholder data across open networks;
  • use and update anti-virus software or services; 
  • develop and maintain secure systems and applications;
  • restrict access to cardholder data by business need-to-know;
  • assign a unique ID to each person with computer access;
  • restrict physical access to cardholder data;
  • track and monitor access;
  • regularly test security systems and processes; and
  • maintain information security policies for employees and subcontractors.

The following measures should also be undertaken by organizations which may be subject to the PCI Standard:

  1. Ensure that any contracts mandating compliance (usually merchant agreements) with the PCI Standard are identified and the liability terms clearly understood;
  2. Designate personnel with responsibility for reviewing, complying with and monitoring changes in the PCI Standard;
  3. Establish appropriate internal reporting for compliance with the PCI Standard. This reporting should be to the executive level in the company;
  4. Undertake self assessments of practices and systems to ensure compliance and, when necessary, engage outside resources trained in PCI Standard compliance to review systems. Where there are material non-compliance issues, put in place a plan to promptly address the issues; and
  5. Review contracts with service providers to ensure not only that there is an obligation to comply with static security requirements or a general standard of good industry practices, but also an obligation to comply with the applicable portions of the PCI Standard and its evolution over time.

Consequences of Non-Compliance

PCI Standard compliance should be a matter of heightened concern as a result of recent developments related to more general liability for data breaches in the payments system. In the past few years, both the potential liability and the appetite to make claims for compensation for liability arising out of data breaches have widened considerably. Massive thefts of cardholder data from The TJX Companies, Inc. (disclosed in January, 2007), Heartland Payment Systems Inc. (disclosed in November, 2008) and others have resulted in a number of significant lawsuits and complaints to privacy authorities in the United States and Canada. Card issuers have sought damages for the costs associated with re-issuing cards to consumers whose card data had been compromised. In addition, a number of class actions have been filed to directly address damages incurred by individuals whose identities had been stolen as a result of a breach.

The broad application of the PCI Standard suggests that it may also become the basis of a standard of care for system security, particularly for systems that deal with consumer and financial data. Following the PCI Standard will likely not be a complete defence to negligence claims, but compliance does establish a strong presumption of diligent conduct. Conversely, a failure to comply offers a clear and compelling argument that the business has not maintained its data in accordance with a well recognized standard of care, opening the company to not only claims in contract but also in tort for negligence.

It is important to bear in mind that in Canada, data breaches involving consumer data will likely result in complaints and investigations by the Privacy Commissioner of Canada under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation. Once again, while not entirely determinative, compliance with the PCI Standard can be an important factor in how well the business bears the scrutiny and weathers the public relations storm associated with a major breach of privacy. Merchants who fail to comply with the PCI Standard may be penalized with fines.