To most people, myself included, the word "spam" conjures up images of unwanted and annoying emails covertly finding their way through our e-mail filters. I am hesitant to believe that my legal services have been referred to "Nigerian princes". Similarly, I cannot help but wonder why I am so often inundated with cheap offers for pharmaceutical products. These are but a few examples of electronic messages that we have come to view as the archetype of "spam". Thus, it will come as a surprise (or even a shock!) to most people that the emails and other electronic messages that you send on a daily basis may be caught by Canada's Anti-Spam Legislation ("CASL").
CASL, which was given royal assent on December 15, 2010 and is expected to come into force in 2014, hopes to prohibit the sending of a commercial electronic message ("CEM") without the sender first (A) complying with the form of CEM prescribed by CASL and the regulations and (B) obtaining the prior implied or express consent of the receiving party.
To put the breadth of CASL into perspective, a CEM is defined under CASL as an electronic message that would be reasonable to conclude has, as one of its purposes, the encouragement of participation in a commercial activity. "Electronic messages" are defined to include any means of telecommunications, including text, sound, voice, and image messages. "Commercial activity" is similarly broadly defined to mean any transaction, act or conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit. The lack of a requirement for an expectation of profit pulls electronic messages sent by charities and not-for-profit corporations within the net cast by CASL.
CASL should not be taken lightly as, in addition to the broad application of the Act, there are considerable penalties for violations of its provisions. CASL provides for penalties of up to $1,000,000 for individuals and $10,000,000 for corporations. CASL also provides for a private right of action allowing any person to apply to the courts to obtain financial compensation for damages incurred due to breaches of the Act.
Under CASL, to comply with the form requirements, CEMs must properly identify who is sending the message, include the contact information of the sender and provide a proper unsubscribe mechanism. These categories of form requirements are expanded in CASL and the regulations. For example, messages sent on behalf of multiple persons, such as affiliates, must identify all such persons and contact information must be valid for a minimum of 60 days after a message is sent. In addition, all unsubscribe requests must be honoured without delay and within 10 business days of receipt.
Consent to the receipt of a CEM may be implied where there is an existing business or non-business relationship between the sender and recipient of the CEM. If consent is not implied, senders of CEMs may obtain the express consent of their recipients. In obtaining the consent, the sender must outline the purpose(s) for which the consent is being sought and provide the identification and contact information of the person(s) seeking the consent.
There are, of course, exemptions to compliance with the form and consent requirements. The most applicable full exemptions include internal messages sent between employees and messages sent to a family member or person with which the sender has a personal relationship. On the other hand, some messages may be solely exempt from the consent requirements. For example, factual information about a loan, subscription, membership, account or similar relationship between the sender and recipient would be exempt from the consent requirements. Messages related to the delivery of a product, good or service, or an upgrade to the same, that the recipient is entitled to receive under the terms of a previous transaction, are similarly exempt.
It is clear that, going forward, compliance with CASL will require the maintenance of an organized and well-structured database tracking which CEMs: (i) require express consent and must comply with the form requirements; (ii) must solely comply with the form requirements; and (iii) are exempt from the form and consent requirements entirely. The database will also have to track the date, time, manner (implied or express, written, electric or oral) and purpose of consents received, along with the dates when CEMs were sent out and when unsubscribe requests have been received. There is a three-year transition period following the enactment of CASL in the case of recipients with which a sender has an existing business or non-business relationship. However, because CASL provides that an electronic message that contains a request for consent to send a CEM is itself considered to be a CEM, the period leading up to CASL coming into force should be used to solicit and obtain express consent.
Whether CASL will hamper the efforts of aspirant Nigerian princes remains to be seen. What is certain, however, is that, for better or for worse, the way businesses communicated with their customers and clients will change significantly.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.