In May 2013, we advised that it was merely a matter of time for
Canadaʼs new Anti-Spam law to come into force. Now, after much
anticipation, most of the Canadian Anti-Spam Legislation and its
regulations (collectively, “CASL”) is
set to come into force on July 1, 2014.
Provisions of CASL related to the unsolicited installation of
computer programs will come into force on January 15, 2015 and the
provisions of CASL providing for a private right of action are set
to come into force on July 1, 2017.
This newsletter recaps the major points about CASL and its
impact on the business community. Take note of CASL and its
requirements if your business markets to or communicates with
customers through email or other electronic means, whether directly
or through third-party service providers.
1. The Crux of CASL
CASL prohibits sending a “commercial electronic
message” (CEMs) without obtaining the recipient’s prior
express or implied consent. The definition of
“commercial electronic message” captures many different
types of electronic communication, including emails, text messages,
and instant and social media messages. CASL also regulates the
alteration of transmission data in an electronic message and the
installation of computer programs. In both cases, transmission data
cannot be altered and a computer program cannot be installed
without the user’s prior express or implied consent, subject
to certain exceptions. The focus of this newsletter is on CEMs.
Certain exceptions do apply where a recipient’s consent
may not be required. A CEM either (i) must have been sent with the
recipient’s express or implied consent, or (ii) must rely on
one of the exceptions.
In addition to obtaining consent (or fitting into one of the
exceptions), CEMs must set out prescribed information. Essentially,
the CEM must identify the sender and the person on whose behalf the
message is sent (if different from the sender), provide the
sender’s contact information and provide a means for the
recipient, at no cost, to unsubscribe and avoid receiving future
CEMs from the sender.
2. What are the Penalties for Non-compliance?
Penalties for non-compliance can be severe. Once in force, a
CASL violation could result in administrative monetary penalties of
up to one million dollars ($1,000,000) per violation for an
individual and up to ten million dollars ($10,000,000) per
violation for a corporation. The amount of the penalty will depend
on certain prescribed factors.
CASL violations by corporations could also result in
directors’ and officers’ liability. Employers can also
be vicariously liable for the violations of their employees. This
type of liability may be avoided if the director, officer or
employer can successfully establish that they exercised due
diligence to prevent the commission of a violation. Once completely
in force, CASL’s private right of action provisions will also
expose companies to the risk of law suits for non-compliance,
The CRTC, Competition Bureau, Privacy Commissioner of Canada and
the courts will be primarily responsible for enforcing CASL’s
provisions. CASL’s reach is broad and affects many uses of
electronic communication that businesses rely on every day.
4. How can your Business get ready for Compliance?
Businesses should take steps now to prepare for compliance with
CASL. These should include the following:
Compile and review CEMs previously sent to your customers to
determine whether they contain the required information and a
functioning unsubscribe mechanism
Review your customer email or distribution lists to determine
whether consent is required or if one of the statutory exceptions
Review business agreements with service providers and strategic
partners to ensure appropriate compliance requirements are
If required, obtain the express consent from your customers to
receive CEMs from your business and keep a record of all consents
received. Ensure your request for consent complies with
Develop a system to ensure that you keep a record of consents
received from your customers.
Develop or revise your internal communication policies and
procedures to address CASL’s requirements.
Train your employees on CASL and best practices for sending
If you require assistance with any of the above, the members of
our Privacy Law Group would be pleased to assist you.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).