Canada’s Anti-Spam Law - A Practical Guide for Business The provisions of Canada’s Anti-Spam Law (known as “CASL”) dealing with commercial electronic


Canada’s Anti-Spam Law - A Practical Guide for Business

The provisions of Canada’s Anti-Spam Law (known as “CASL”) dealing with commercial electronic messages will come into force on July 1, 2014. Organizations doing business in Canada need to take notice of the requirements of this legislation and to prepare for and implement its requirements into their day to day practices and procedures. Businesses must ensure that they have the appropriate legal and business policies, procedures and technical infrastructure in place, and perform ongoing monitoring to ensure compliance and avoid the significant penalties that can arise from failing to observe the law.

Key Provisions

In brief, CASL provides that:
1. It is illegal to transmit any commercial electronic message unless there is express or implied consent to do so, or the message benefits from a permitted exemption. The definition of "commercial electronic message" is very broad and includes any message sent by telecommunications (including e-mail, text messages etc.) if the purpose of that message is to encourage participation in a commercial activity. There are specific rules on how to obtain consent. There are some limited exceptions to the consent requirement.
2. All commercial electronic messages must, from July 1, 2014:
a. identify the person who sent the message (and if different, the person on whose behalf it was sent);
b. provide accurate contact information for these parties; and
c. set out a mechanism through which the recipient may unsubscribe. The recipient must be able to unsubscribe using the same means by which the message was sent. There are specific rules and time limits for complying with unsubscribe requests.
3. It is illegal as part of a commercial activity to install any computer program – good or bad- onto someone’s computer unless there is express consent. It is also illegal as part of a commercial activity to install any computer program onto someone’s computer that transmits data of any kind from that computer unless there is express consent.

Penalties for violation of the provisions of CASL are hefty. Violations of CASL may be punished by administrative monetary penalties of up to $1,000,000 for an individual and $10,000,000 for a corporation or other business entity. These fines are imposed per violation, and a violation is defined as being separate for each day that it continues. In addition, CASL provides private rights of action for breaches of its core provisions, although this right of action will not come into force until July, 2017. As well, the provisions respecting the installation of computer programs do not come into force until January 15, 2015.

What Does Your Business Need To Do?

Organizations should take immediate steps to:
* Become familiar with the requirements of CASL.
* Obtain express consent to send commercial electronic messages by sending a commercial electronic message requesting same prior to July 1, 2014. The request should, i) explain the purposes for which the consent is being sought, ii) contain proper identifying information about the sender, and, iii) include the necessary unsubscribe information as required by CASL. Please note that after July 1, 2014 such a request will itself be considered a “commercial electronic message” under CASL and therefore cannot itself be sent without the requisite consent.
* Conduct a “current state” assessment to identify what commercial electronic messages are being sent by persons within your organization. Identify to whom these commercial electronic messages are being sent, who is sending them, whether consent has been obtained, the form of the consent, how/where is that consent stored, what unsubscribe mechanisms are in place, etc. Organizations should be aware that CASL requires that consent be obtained separate and apart from the terms and conditions which apply to the purchase of a product or service. In addition, consents previously obtained under federal or provincial privacy legislation are not grandfathered.
* Inventory your organization’s computer program installation activities.
* Compare your current practices with requirements under CASL.
* Develop a plan to identify gaps and close them.
* Develop an anti-spam policy and review your privacy and other business and legal policies to make any necessary amendments to reflect CASL requirements. Regularly review and update your organization’s anti-spam policy.
* Develop procedures which implement the anti-spam policy and the requirements of CASL, e.g. develop a standard email template for permitted commercial electronic messages (e.g. where consent has been obtained or where there is an exception to the requirement to obtain consent) containing prescribed identification requirements and an unsubscribe mechanism.
* Develop standard consent templates compliant with CASL requirements
to send commercial electronic messages; and if applicable, to install computer programs on another person’s computer system.
* Devise a process to store and retrieve consents received.
* Establish an “unsubscribe” mechanism compliant with CASL requirements and keep a record of all unsubscribe requests and their disposition. Develop a process for removing persons who have unsubscribed from your subscription lists.
* Establish a record-keeping system to record the lifecycle of “existing business relationships”. Note that consent to send a commercial electronic message may be implied where there is an “existing business relationship”. An "existing business relationship" is defined as “purchase, barter or contract within the last two years. A transitional provision provides that where a sender has an existing business relationship on July 1, 2014, and the relationship included the sending of commercial electronic messages, implied consent to send commercial electronic messages to the recipient would continue until July 1, 2017. Use this transitional period to convert implied consents into express consents.
* Establish a measurement and reporting regime to audit, measure, manage and report on CASL compliance on an ongoing basis.
* Consider the CASL implications of each new business initiative.
* Train your staff regarding the requirements of this legislation and require third party service providers to comply with the CASL requirements when contracting with them. Develop standard CASL language to be included in all contracts with third party service providers and agents.
* Engage a qualified professional legal advisor to assist you to develop and implement your CASL compliance plan.

How We Can Help

Gillman Professional Corporation can assist you to ensure that you are in compliance with Canada's Anti-Spam legislation. For more information, contact Gary Gillman at 416-496-3340 Ext. 133 or Libby Gillman at 416-418-7204.