On July 1, 2014, Canada's Anti-Spam Legislation
("CASL") will come into force. CASL is one of the
toughest anti-spam laws of its kind in the world and has the
potential to significantly impact any individual or organization
that e-mails, texts, messages, or communicates electronically with
a recipient, whether they are an organization or an individual.
With little time remaining until this legislation comes into
force, are you and your organization ready?
What can you do, between now and July 1, 2014, to help ensure
compliance with CASL?
1. Get Consent!
Send an email to everyone in your contact list
requesting express consent. Do this now. Remember, once CASL comes
into force, it will become an offence to request express consent by
sending an electronic message.
After July 1, 2014, before you can send an electronic message,
even one merely asking for consent, you will first need to receive
consent. Therefore, you will have to seek consent by phone, fax, or
Canada Post after July 1, 2014.
2. Conduct a preliminary audit to understand what electronic
messages your organization sends.
The first step of any CASL compliance plan is to audit your
organization's current electronic communication practices. It
may be necessary to survey various departments to get a full
picture of the organization's activity.
3. Appoint a CASL Compliance Leader for your organization.
This is a large project. You are going to want to consider
appointing one person within your organization to take the lead on
this project. Decide now who the best person for this task is and
encourage them to become as knowledgeable as possible about
4. Create a CASL Compliance Team for your organization.
Completing your CASL compliance plan is going to involve a need
to engage a broad group within your organization including IT,
marketing, management, accounting, and others. You may want to
consider creating a core team responsible for ensuring compliance
with your CASL Leader coordinating their efforts.
5. Make sure everyone in your organization knows about CASL and
understands the requirements for compliance.
CASL imposes vicarious liability on corporations for acts of
their employees and D&O liability on officers and directors for
corporate violations. It is imperative that you educate yourself
and your employees about the requirements of CASL, do your due
diligence and come up with a plan to ensure compliance.
6. Ensure you are keeping a record of each consent you receive
prior to July 1, 2014, and after.
Under CASL, the onus of proving sufficient consent rests with
the sender of the commercial electronic message. Your IT department
will need to track consent, archive how the consent was
7. Ensure you are keeping a record of any unsubscribe requests
you receive prior to July 1, 2014, and after.
It is imperative that you create a system for keeping track of
consents and unsubscribe requests. Under CASL you have 10 days to
comply with an unsubscribe request and ensure that the unsubscribe
request is honoured.
8. Review your contracts and agreements and revise them to
include a CASL consent.
Do not rely on previous consent – get a new consent. Even
where you have received consent in the past from your contacts,
such consent will not be valid after July 1, 2014 if you do not
have a copy of the consent. Start revising your contracts and other
documents now so that you will ready to receive express consent on
a go forward basis.
9. Make sure your contact lists contain up-to-date
CASL will force you to return to the phone calls, faxes and
Canada Post in cases where you are prohibited from contacting
people electronically. You can still promote or advertise your
organization through these means. So make sure you have the correct
Contacting people to update their contact information will also
provide you with an opportunity to inform them that you need
consent to communicate with them electronically. Inform them that
they will be receiving a consent request from you and ask that they
return it as soon as possible.
10. We can help.
If you are unsure of what you need to do to ensure your
organization is compliant with CASL, please do not hesitate to call
us. We have been assisting clients across the country and can
provide as little or as much assistance as you need. We would be
happy to discuss the services we can provide. How can you ensure
that you are in compliance with CASL?
Three words - CONSENT,
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Peerenboom v Marvel Entertainment (2016 NY Slip Op 31957(U)) is drama-driven case in which the New York County Supreme Court afforded Toronto businessman Harold Peerenboom the right to obtain the private emails...
The Supreme Court of Canada released a landmark decision today giving important guidance on how Canada's federal privacy law, the Personal Information Protection and Electronic Documents Act, should be interpreted.
The Ontario Superior Court of Justice recently approved a settlement agreement in the Lowanski v The Home Depot class action, a decision that highlights adequate protection and a sufficient response can significantly reduce the legal risks after a data breach.
The October 19, 2016 judgment of the European Court of Justice in the matter brought by Patrick Breyer against the Federal Republic of Germany (the "EU Decision") raises the issue of whether an IP address is personal information under the EU Directive 95/46/EC and provides an interesting comparison with the Canadian perspective.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).