On July 1, 2014, the anti-spam sections of Canada's
Anti-Spam Legislation (aka "CASL") will take effect. CASL
- Broad. It applies to just about every person and organization sending commercial electronic messages (CEM) – which isn't as clear as you'd hope.
- Complicated. It moves Canada to a permission-based regime for electronic marketing – and imposes a tricky consent management process and mandatory disclosure and unsubscribe functions.
- Coming soon. The countdown to CASL is on. If you're not ready, it's time to act now – there's a lot to do, and a price to pay if you don't comply.
Here are 10 reasons why you should care about – and act on – CASL right now.
It Probably Applies to You or Your Business.
CASL will apply to just about every business – from sole
proprietors and independent contractors, to multinational
corporations – and every person sending just about every form
of "commercial electronic message" (called a
"CEM") to, from or within Canada.
It Takes Effect Soon. CASL (and its
Regulations) will be phased in, taking effect on these
- July 1, 2014. Most of CASL – including the "anti-spam" sections and the Regulations
- January 15, 2015. The CASL sections dealing with the unsolicited installation of computer programs or software
- July 1, 2017. The "private right of action" – the ability to sue – for people or corporations affected by a CASL contravention.
Move to Permission-Based Regime. CASL will
implement a significant paradigm shift in Canada's
electronic-based marketing regime. Canada currently functions in an
"opt-out" regime: anyone can send an electronic message
to anyone else – without their permission – unless the
recipient "opts-out". CASL will move Canada to an
"opt-in" regime for all electronic-based
commercial communications: with few exceptions, if a person or
business wants to send a "commercial electronic message"
within or into Canada, the sender needs the recipient's prior
Broad Coverage. CASL only covers
"commercial electronic messages" (CEMs), so understanding
what a CEM is crucial to CASL compliance – and it's not
as clear as you might hope. There are some inclusions and
exclusions, but essentially a CEM is any electronic message that
it's reasonable to conclude has encouragement of participation
in a "commercial activity" (broadly, any transaction, act
or conduct of a commercial character – whether or not carried
out for profit) as one of its purposes, considering:
- the message content;
- hyperlinks in the message to content on a website or other database; or
- contact information in the message.
Tricky Consent Management. CASL is a
permission-based regime, providing extreme protection of consumers
against organizations in the business of compiling and selling
email lists to third parties – and catches all CEM senders in
the process. The regime imposes a tricky consent management process
on organizations, requiring complex coordination of all the users
of any one e-mail list: if an electronic message falls into the
definition of a CEM, the sender must obtain the recipient's
consent before she can deliver it. The consent can be express or
– in certain specified circumstances – implied.
Fresh Consent Required. If a sender already
obtained a recipient's express consent under the Personal
Information Protection and Electronic Documents Act (PIPEDA
for short), that consent will satisfy CASL – but other forms
of PIPEDA consent (such as implied consent) won't.
Mandatory Content. Even if you have
"consent", every CEM must still contain:
- Clear disclosure of specified information about the sender – or where a person or entity sends it on another's behalf, detailed information about that other person or entity; and
- A working unsubscribe mechanism with the specified functions.
No Grandfathering. There is no grandfathering:
every CEM sent after July 1, 2014 must comply with CASL and its
Penalties for Non-Compliance. Individuals and
organizations that don't comply with CASL risk significant
- Monetary Penalties of up to $1M on individuals and $10M on other entities;
- Vicarious liability of employers for violations by employees acting in the scope of employment;
- Personal Liability of corporate directors and officers for a corporation's violation if they directed or participated in it – though there is a due diligence defence available;
- Criminal Charge of Obstruction of CASL Investigation for failing to comply with a demand to preserve transmission data or produce documents when required; and
- Private Right of Action by a person or corporation affected by a CASL contravention effective July 1, 2017 – with remedies including monetary compensation and expenses, with maximum penalties of $200 for each CEM contravention (maximum $1M/day), and $1M for each day on which a software contravention occurs.
There's A Lot To Do. The countdown to CASL
is on right now: individuals and organizations only have until July
1, 2014 to create, implement or update their CASL compliance
program. It's time to act now:
- Determine whether CASL and its Regulations cover your electronic communications (and which ones).
- Determine whether your current processes comply.
- If they don't, determine what changes you must make – and get them made.
- An electronic message asking for consent to a CEM is a CEM – so ask early.
If you're not ready for CASL, the countdown is on. It's time to act now.
McInnes Cooper prepared this article for information; it is not legal advice. Consult McInnes Cooper before acting on it. McInnes Cooper excludes all liability for anything contained in or any use of this article. © McInnes Cooper, 2014. All rights reserved.