Last fall, I provided an overview of sections of the upcoming Canada Anti-Spam Legislation (“CASL”) and explained why every business, large or small, must begin preparing for it.
Since then, there have been some developments in the area, most significantly, the announcement that the CASL will be coming into force on July 1, 2014. It is important that every business begin preparing for the CASL now, as, a few months from now, it will have a profound impact on how businesses engage in electronic communication and marketing.
How to prepare for the CASL?
All businesses must make CASL compliance a priority. Policies need to be put into place to ensure compliance, and employees need to be educated on those policies.
In drafting compliance policies, consideration must be given to how the business markets itself and how it communicates electronically with clients and potential clients. A list of all clients and potential clients should be compiled. Emails need to be sent out to those individuals asking for their consents to receive future correspondence from the business. A database of consenting clients or potential clients should then be maintained and managed. This may or may not require a business to acquire additional software and server space, depending on its existing IT applications.
All future electronic messages from the business, including emails and texts, need to be reconfigured to ensure compliance. They should include the identifying information required by the CASL. They should also include an “unsubscribe” mechanism, allowing the receivers to “click” on a link in order to opt-out from future correspondence. This may also require a business to acquire and implement new software and server space.
Businesses in the IT industry may have additional requirements that must be met to ensure CASL compliance. For example, the CASL prohibits a computer program from being installed on a computer in Canada, unless express consent is obtained and specific requirements are met. So, for example, if you develop software or Apps, you must include a mechanism in your program for compliance with CASL requirements. It should be noted that the sections of the CASL dealing with computer programs will come into force on January 15, 2015, just shy of one year away. However, steps need to be taken sooner rather than later to ensure compliance.
Putting into place proper compliance procedures may avoid potential violations of the CASL. Furthermore, if the unfortunate situation arises whereby an employee honestly but mistakenly sends out an email that violates the CASL, a proper compliance policy allows the business to invoke the “Due Diligence” defence in response to an enforcement procedure by the Regulator.
When preparing compliance policies, I strongly recommend that you consult with lawyers and IT professionals with expertise in the area, as the requirements of the CASL are very specific.
Good luck!
Maanit Zemel
Partner
Miller Thomson LLP
- The new privacy tort – Another victory for victims of cyberbullying - February 16, 2016
- Canadian cyberbullying laws – Where are they now? - January 18, 2016
- My website allows users to post comments – can I be liable for defamation? - November 18, 2015
