For many organizations in the charitable and not-for-profit sector (collectively, NFPs), the road to compliance may seem like a daunting task. Here are some last-minute compliance tips to consider as your organization prepares for CASL.
ASSESS AND CATEGORIZE YOUR EXISTING CONTACTS
An organization should conduct an audit of the types of electronic communications it currently sends and to whom these communications are sent. If all of the individuals in an organization's contact database expressly opted in to receiving electronic communications from that organization, then the organization has consent to send these contacts CEMs. Once obtained, express opt-in consent can continue to be relied on until the recipient unsubscribes. However, if an organization's contact-capture process has relied on some other form of consent, it will need to consider whether it is permissible to continue sending emails to its contacts as of Canada Day.
The anti-spam provisions of CASL apply sending commercial electronic messages (CEMs) to an electronic address. As a result, to the extent an organization sends purely informational messages that do not contain content that may encourage commercial activity, these messages would not be regulated under CASL. However, care should be taken when conducting this analysis, as the definition of CEM is quite broad. For example, an electronic newsletter that includes advertising for sponsors may be considered to be a CEM.
Organizations should also consider whether any of the CEMs that it sends fall within the scope of one of the full exemptions under CASL. For registered charities, messages that have as their primary purpose raising funds for the charity are exempt. CASL includes many other exemptions that apply to for-profit and NFP entities equally. For example, a message that is sent in response to a request, inquiry or complaint by the recipient will be exempt. In addition, a message that is sent from an employee of one organization to an employee of another organization is also exempt if the organizations have a relationship and the message concerns the activities of the recipient organization.
An organization should also consider whether it can benefit from one of the situations in which consent can be implied. If an organization had an "existing business relationship" or "existing non-business relationship" (each of which is defined prescriptively under CASL) with a recipient prior to July 1, 2014, the period for relying on this implied consent may be extended under the transitional provision. For example, if the sender is a registered charity and the recipient has made a donation or a gift, performed volunteer work or attended a meeting organized by the sender, in each case prior to July 1, 2014, then the organization has implied consent to send that person CEMs until July 1, 2017 (unless the recipient unsubscribes earlier), so long as that relationship included communication by CEMs. Similarly, if the sender is a club, association or voluntary organization (as defined under CASL), and the recipient has been accepted as a member in accordance with the sender's membership requirements prior to July 1, 2014, then the organization has implied consent to send CEMs to that member until July 1, 2017 (unless the recipient unsubscribes earlier), so long as that relationship included communication by CEMs. When relying on implied consent, remember that the CEM will still have to comply with the form and content requirements set out under CASL.
CONSIDER YOUR OPTIONS
Each organization should tailor its CASL compliance approach based on the unique circumstances of that organization. Some organizations have large databases of contacts that were obtained from a variety of different sources and using a variety of methods, in which case, it may wish to consider seeking express consent. The benefit of express consent is that, once obtained, it is valid indefinitely until the person unsubscribes. On the other hand, if an organization relies on implied consent, these consents may be time-limited, in which case the organization will need to keep track of when those implied consents expire. Do keep in mind that, as of July 1, 2014, electronic requests for consent are themselves CEMs and should not be sent unless the organization has implied consent (as defined under CASL) to send the CEM in the first place and the CEM complies with CASL's form and content requirements, including requirements specific to requests for consent. Under CASL, the onus is on the sender to demonstrate that it has consent (either express or implied) to send a CEM. If an organization is unable to determine whether it has express or implied consent to send CEMs to a particular contact, the safest approach would be to remove that contact from its database.
IMPLEMENT AND MONITOR RECIPIENT RESPONSES
Once an organization has decided on a path to CASL compliance, it should ensure that it is consistent in its approach. If CASL applies, we recommend developing a template email signature or footer that complies with the form and content requirements. Organizations should also consider whether any sign-up features, including on its website or at events, are CASL compliant. Creating a multidisciplinary approach that includes representatives from senior management in the marketing department and the development team will assist to create cost-effective targeted solutions to comply with CASL.
Members of the NFP sector should ensure that their practices are aligned with both CASL requirements and the expectations of its stakeholders. We have been advised by the regulators that enforcement is likely to be on a complaint basis. Therefore, going forward, organizations should monitor stakeholder take-up of opportunities to further engage with them and should also have an effective method for dealing with complaints about their e-communication practices.
ENSURE CONTINUOUS COMPLIANCE
A few weeks ago, the Canadian Radio-television and Telecommunications Commission (CRTC) published a Compliance and Enforcement Information Bulletin CRTC 2014-326: Guidelines to help businesses develop corporate compliance programs (Compliance Bulletin). The Compliance Bulletin provides general guidelines and best practices for businesses on the development of corporate compliance programs under CASL and is also useful for NFPs. The CRTC has stated that it recognizes that each organization is different and that not all of the components of a corporate compliance program described in the Compliance Bulletin may be appropriate for all organizations, depending on the organization's size and risk exposure. In particular, some of the best practices set out in the Compliance Bulletin may not be suitable to smaller organizations with limited resources. Therefore, while compliance is required regardless of an organization's size and whether or not it is a for-profit business, smaller NFPs with fewer resources are not expected to have the same types of compliance programs as larger organizations.