In the months leading up to July 1, you likely received emails
from a variety of organizations asking for your consent to receive
electronic communications. These organizations were running a
so-called "consent campaign" in order to get ready for
Canada's new anti-spam legislation (known as
"CASL"), which came into force on July 1. CASL imposes
new rules on the sending of "spam" or commercial
electronic messages and affects any person or organization that
uses email as a marketing or promotional tool. One of the
requirements is that recipients expressly consent to receiving
commercial electronic messages ("CEMs"), which is why
there were so many emails requesting consent.
Since July, the CRTC (the government agency responsible for
enforcing CASL) has received over 100,000 complaints to its Spam
Reporting Centre and sources say that investigations are ongoing.
Curiously, there has been a recent surge of enforcement action in a
law similar to CASL, the Do-Not-Call Legislation, which applies to
telemarketers who make soliciting phone calls. We will likely hear
more about enforcement action for CASL in the coming months.
Now that the CASL panic has calmed down somewhat, there are a
number of things to keep in mind when sending commercial electronic
Don't forget the content/unsubscribe
mechanism – Starting July 1, subject to a few
exceptions, all CEMs sent from a computer in Canada or to a
computer in Canada need to contain: (a) prescribed contact
information about the sender, and (b) an unsubscribe mechanism that
complies with CASL. While many organizations were focused on the
task of obtaining consent prior to July 1, it is important to
remember that even where a recipient has given his/her consent to
receive CEMs, the required content still needs to be in the
Policies and procedures – It is
important for organizations to have a spam or email communication
policy in place that sets out how it intends to comply with CASL.
Since it may be difficult for many organizations to control the
email practices of all of its employees and agents, having a policy
could help the organization defend itself in case of a complaint or
enforcement action. You also need to have procedures for how to
respond to complaints. Training of staff on the basic rules of CASL
would also be recommended.
Privacy and other laws – While
CASL introduces new requirements that apply to the sending of CEMs,
it is important to remember that there are privacy and other laws
that apply to email marketing as well. Organizations should also
consider reviewing their privacy policies to make sure they are
consistent with CASL.
CASL's next wave – In
addition to "spam", there are other provisions in CASL
that apply to the installation of computer programs and the
alteration of transmission data in an electronic message. These
provisions come into force January 15, 2015. These provisions will
impact on organizations that provide software and apps. Given the
short timeframe, there is not a lot of time to get ready for this
second wave of CASL.
As we receive more guidance and information on enforcement
action taken by the CRTC, we will gain a better understanding of
how CASL should be interpreted and applied. In the meantime, it is
critical to make sure your organization is in compliance with CASL,
as there are very significant penalties (the fine per violation is
up to $1 million for individual and up to $10 million for
organizations) possible under the law. If your organization
provides software, apps, or other computer programs, you also need
to be aware of the CASL provisions that take effect January 15,
2015. We will be issuing more bulletins on this topic in the coming
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).