The construction industry – project owners, contractors, subcontractors and trades – might be relaxing, ignoring the hype around Canada's Anti-Spam Legislation (CASL), and thinking it's targeted at "spammers".
But don't get too comfortable; here's how CASL applies to you, why you should care – and the top 5 "Dos and Don'ts" if you didn't prepare for CASL.
What's CASL? CASL is arguably the world's toughest anti-spam law. On July 1, 2014, the "anti-spam" sections took effect, moving Canada to an "opt-in" regime for all electronic-based commercial communications. With few exceptions, if just about any person or business – from sole proprietors and independent contractors, to small businesses and multinational corporations – wants to send a "commercial electronic message" (a CEM) within or into Canada, it needs the recipient's prior consent. With some inclusions and exclusions, a CEM is any electronic message that encourages participation in a "commercial activity" as one of its purposes – and CASL applies equally to one-to-one messages and messages from large mailing lists.
How does CASL apply? Here are five examples where CASL requires construction industry members to change their practices:
- Best Developers Ltd., Best GC Ltd. and Best Subcontractors Ltd. all regularly exhibit in business-to-business and business-to-consumer trade shows, invite attendees to complete a ballot giving their names and email addresses, then later use the email addresses to solicit business from attendees via email.
- Best GC Ltd. and Best Subcontractors Ltd. regularly send emails to developers and/or contractors soliciting work or giving updates about their businesses.
- All regularly get referrals, and contact them providing information and/or soliciting work via email.
- Best Developers Ltd. and Best GC Ltd. invite contractors, subcontractors and/or trades to respond to RFPs or tenders via email.
- Jane Doe Tradesperson does one, some, or all of the above.
Why care? There are significant penalties for violating CASL, including fines up to $10M, personal liability of directors and officers, criminal charges, and starting July 1, 2017, exposure to a civil lawsuit. A CASL violator can argue it exercised "due diligence" – but only if it took reasonable steps to prevent the violation and has tangible evidence to prove it did so.
What now? If you didn't prepare for CASL, here are the top five "Do's and Don'ts":
- DO ensure every
"commercial" email sent from your organization sends
meets CASL's content requirements. Some CEMs are
exempt, but until you're sure which (and maybe even after)
it's safest to ensure that every email that leaves you or your
- the mandated information about the sender(s); and
- a way recipients can "unsubscribe" or indicate they don't consent to receive CEMs or withdraw it.
- DO analyze your
contacts and identify to whom you can continue to send
CEMs. For business purposes, this depends greatly on whether you
have an "Existing Business Relationship" with the
recipient: one that involves or arose from the purchase, lease or
bartering of product, goods, or services within the immediately
preceding two years; a written contract either in force, or that
expired within the immediately preceding two years; or a
recipient's inquiry within the immediately preceding six
months. If the contact doesn't fit in one of these three
buckets, you can't send her any more CEMs until she gives you
Bucket 1. Some CEMs are "exempt" from the consent requirements (some are also exempt from the content requirements). The CEMs exempt from CASL's consent requirements most relevant to the construction industry are those sent to:
- someone with whom the sender has a "family" or a "personal" relationship (CASL defines both)
- someone in response to a request, inquiry, complaint or a CEM the recipient otherwise "solicited"
- between organizations with "a relationship" if it concerns the recipient's activities
- a consumer for the purpose of: providing a requested quotation; facilitating, completing or confirming a commercial transaction that the recipient previously agreed to enter; providing warranty, recall or safety info about a purchase; or providing info about existing employment relationship or related benefits
- a referral by someone with one of these relationships with both the sender and the recipient – but this exception only applies to a single CEM: an "Existing Business Relationship", or an "Existing Non-Business Relationship", a "Family Relationship", or a "Personal Relationship" (all as CASL defines). The CEM must disclose the full name of the person who gave the sender the referral
- you have an "Existing Business Relationship" with her, and for the purposes of this "transitional" section only, the time limits in the definition of "Existing Business Relationship" don't apply and
- that relationship arose before July 1, 2014 and
- it included electronic communication (even if it was one-way)
Bucket 3. You have your contact's implied consent to send her CEMs if you have an "Existing Business Relationship" with her – but the time limits in the definition do apply for this purpose. This impliedconsent expires when the "Existing Relationship" expires, after which you need her express consent or she must be "exempted" (bucket 1 above).
- DON'T send "please consent" emails to all your contacts: since July 1, 2014, even this is a CEM that requires consent. But DO solicit express consents from the contacts to whom you've determined you can continue to send CEMs (bucket (2) above; you can do so electronically for these), and from new contacts going forward (make sure you can send them a CEM before you ask for consent electronically, otherwise resort to another method like mail or telephone). Make sure you get express consent ("I consent to receive commercial electronic messages from Best GC Ltd.") orally or in writing (including electronically, like "subscribing" on a website). Exploit opportunities to get consent. For example, add a subscription page to your website and a link to it in every email; ask people to complete a "subscription" card at tradeshows.
- DO record and deal with all consent responses. Record every "consent" and "no consent" communication you get, however and in whatever form you get it.. You'll have to prove you have consent: whether your records are electronic or manual, have a system to store and access them. You have 10 days to "unsubscribe" a contact who tells you to stop sending CEMs.
- DON'T stop here. Create and implement a CASL compliance plan so you comply with CASL – and if you violate it, you can raise its due diligence defence.
McInnes Cooper prepared this article for information; it is not legal advice. Consult McInnes Cooper before acting on it. McInnes Cooper excludes all liability for anything contained in or any use of this article. © McInnes Cooper, 2014. All rights reserved.