Last fall, I provided an overview of sections of the upcoming
Canada Anti-Spam Legislation ("CASL") and explained why
every business, large or small, must begin preparing for it.
Since then, there have been some developments in the area, most
significantly, the announcement that the CASL will be
coming into force on July 1, 2014. It is important that
every business begin preparing for the CASL now, as, a few months
from now, it will have a profound impact on how businesses engage
in electronic communication and marketing.
How to prepare for the CASL?
All businesses must make CASL compliance a priority. Policies
need to be put into place to ensure compliance, and employees need
to be educated on those policies.
In drafting compliance policies, consideration must be given to
how the business markets itself and how it communicates
electronically with clients and potential clients. A list of all
clients and potential clients should be compiled. Emails need to be
sent out to those individuals asking for their consents to receive
future correspondence from the business. A database of consenting
clients or potential clients should then be maintained and managed.
This may or may not require a business to acquire additional
software and server space, depending on its existing IT
All future electronic messages from the business, including
emails and texts, need to be reconfigured to ensure compliance.
They should include the identifying information required by the
CASL. They should also include an "unsubscribe"
mechanism, allowing the receivers to "click" on a link in
order to opt-out from future correspondence. This may also require
a business to acquire and implement new software and server
Businesses in the IT industry may have additional requirements
that must be met to ensure CASL compliance. For example, the CASL
prohibits a computer program from being installed on a computer in
Canada, unless express consent is obtained and specific
requirements are met. So, for example, if you develop software or
Apps, you must include a mechanism in your program for compliance
with CASL requirements. It should be noted that the sections of the
CASL dealing with computer programs will come into force on January
15, 2015, just shy of one year away. However, steps need to be
taken sooner rather than later to ensure compliance.
Putting into place proper compliance procedures may avoid
potential violations of the CASL. Furthermore, if the unfortunate
situation arises whereby an employee honestly but mistakenly sends
out an email that violates the CASL, a proper compliance policy
allows the business to invoke the "Due Diligence" defence
in response to an enforcement procedure by the Regulator.
When preparing compliance policies, I strongly recommend that
you consult with lawyers and IT professionals with expertise in the
area, as the requirements of the CASL are very specific.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).