On January 15, 2015, the software provisions in Canada's
Anti-Spam Legislation (CASL) will come into force, creating
significant prohibitions and requiring consent to, among other
things, install software, change device settings, collect personal
information and update existing software.
In a corporate environment, bring-your-own-device (BYOD)
policies and IT use policies will need to be re-visited given the
nexus of CASL prohibitions and industry practices in managing
enterprise technology and communication infrastructure. Broadly
speaking, under CASL, the authorized user or owner of a device (for
example, a laptop, smart phone, tablet, etc.) must consent to
software installations that are not self-initiated. In certain
circumstances, consent will be required even where an installation
is self-initiated. Further, the law imposes specific notification
and disclosure obligations. Failure to comply with CASL could
result in fines of up to $10,000,000 for organizations, or
$1,000,000 for individuals, with employers being held liable for
actions of employees.
Where a program is capable of certain "special
functions", defined in CASL to include:
collecting personal information;
changing or interfering with settings, preferences or commands
of the computer system without knowledge of the user;
restricting or interfering with access of data;
causing a computer system to communicate with any other device
without consent of the owner or authorized user; or
installing a computer program that can be activated by a third
consent and notification requirements are more onerous.
What is noteworthy is that these functions need not be
malicious. In fact many such functions are carried out by many
CASL requires that the installer of the program give notice of
and obtain a separate express consent from the owner or authorized
user of the device for each of these functions. Such special
functions must be disclosed and described to the user separately
or a license agreement.
In light of these notification and consent requirements under
CASL, most organizations will need to review and update their IT
policies. Many corporations operate remote help desk type
assistance services, offer laptop loaners, or allow users to
download content on their computers. Accordingly, IT policies must
account for corporations installing programs, modifying or
controlling data, or accessing computer systems belonging to
employees; all contemplated as "special functions" under
CASL. Organizations must notify users of the program functions, the
impact of such programs or policies, and whether an employee's
ability to uninstall programs has been limited. We advise
organizations to ensure that consents should contemplate future
program updates that may include special functions under the
Additionally, BYOD policies will need to be reviewed and revised
to ensure BYOD participants are formally consenting to, among other
things, the organization installing security policies, encryption
keys, remote-assistance software and automatic program updates on
their mobile devices. In addition, CASL may require an
acknowledgement that such programs include one or more of the
"special functions" described above, along with an
explanation of how these special functions may work on the
user's device. Policies should allow for BYOD participants to
revoke consents, and organizations should be mindful of tracking
consents in light of the complex nature of employment matters and
uncertainties surrounding enforcement of CASL to corporate actions
on employees' computer systems.
For a more complete look at Canada's Anti-Spam Legislation
and what it means for you and your business, please visit our
Anti-Spam Learning Centre.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).