Over the past years the USA has implemented initiatives to limit the volume of spam email. Later in 2014 Canada will join other OECD countries by finally implementing its own anti-spam regulation. My colleague James Bond Q.C. and I have both previously written entries in this blog concerning the details of this new initiative (see our previous posts here and here). What is not widely appreciated amongst US-based organizations is that Canada's new rules may also have implications for them when their e-mail marketing includes electronic addresses located in Canada.
Canada's new anti-spam legislation ("CASL") goes further than many prior initiatives in this area, by:
a) generally requiring a separate and express "opt-in" consent, rather than an "opt-out" regime;
b) prescribing required content for a request for such consent;
c) building significant limitations and complexity into the many exemptions under CASL and circumstances where CASL permits consent to be inferred; and
d) in some circumstances, even if a consent exemption is available, requiring the email to still meet prescribed requirements of form and content.
CASL impacts US-based organizations by providing that foreign senders of email into Canada are potentially violating CASL where a computer system located in Canada is used to send or access the message, if the message doesn't comply with CASL rules. While any nation's attempt to extend the effect of its laws beyond its own borders may have some practical and legal limitations, US-based organizations which engage in email traffic into Canada should assess the extent to which their existing forms of email messages and CRM database practices are harmonized with CASL. Significant fines can potentially be assessed under CASL (up to $10,000,000 per organization), and starting in 2017 there will be the potential for private suits and class actions.
As an illustration of how CASL's prescriptive rules may differ from current practice, consider the issue of a "stale" entry in a CRM database – the prior customer who has not transacted business with the organization for a few years, or the sales prospect who obtained a product quote last year, but has had no contact since. Many organization will maintain that CRM database entry and continue to send promotional email "blasts". What CASL does is legislate prescriptive purge rules for this type of situation. CASL creates a definition of "existing business relationship", permits consent to be inferred for an initial period (2 years for a prior customer, 6 months for a sales prospect), but the consent expires after that period of inactivity. The email sender would then need to either purge the stale entry off the distribution list for email "blasts", find a different CASL exemption that might apply, or obtain express opt-in consent in prescribed form from the intended recipient.
CASL also prescribes rules permitting certain first-time contact by email to referral prospects, but only if the detailed CASL rules are followed.
Many commentators have predicted that compliance with CASL will not usually require major adjustments by organizations – but it is important to understand the CASL rules and verify that email practices are harmonized with those rules. While most CASL provisions come into force July 1, 2014, there is a three year transition period during which there is a presumption of implied consent. Many organizations in Canada are now considering whether to use this transition period for a campaign of seeking express opt-in consent from existing entries on distribution lists in order to confidently maintain them on email distribution lists into the future.
CASL also regulates certain other technology-related conduct such as cookies, pretexting, and address harvesting.
More information on CASL can be found at the Canadian government website here, or on our firm's privacy blog.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
