1. I do not send out spam. Do I need to comply with Canada’s anti-spam legislation (CASL)?
Yes. Contrary to popular belief, CASL does not only regulate “spam”. It regulates all commercial electronic messages (“CEM”), which virtually all businesses and organizations send out.
2. Why do I need to comply with CASL?
There are significant consequences for non-compliance:
- Fines of up to $1,000,000 for individuals and $10,000,000 for corporations for each violation
- Civil lawsuits and class actions
- Liability of corporations / organizations for acts of their employees
- Personal liability of directors and officers for violations committed by their business / organization
3. When should I begin preparing for CASL?
If you have not already begun preparing for CASL, you should begin now. That is because the sections of CASL that regulate CEMs come into force on July 1, 2014.
4. In a nutshell – What are CASL’s requirements regarding CEMs?
CASL is an “opt in” regime. It prohibits anyone from sending out CEMs to a Canadian recipient unless the recipient of the CEM had previously consented to receiving it (with a few exceptions). In addition, CASL requires all CEMs to include prescribed information, including the names and contact information of the sender(s) and the organization(s) on whose behalf the CEM is sent, a statement that the recipient may withdraw his/her consent at any time, and an “unsubscribe” mechanism.
5. Does CASL apply to charities and not-for-profit organizations?
Yes. The definition of a “commercial electronic message” makes it clear that it applies to commercial electronic messages sent without the expectation of profit. This would include messages sent on behalf of charities and non-profits.
In addition, the Regulations that accompany CASL have excluded from its compliance requirements commercial electronic messages sent for the “primary purpose of raising funds” for a Canadian registered charity. That means that Canadian registered charities must still comply with CASL for CEMs that are not sent for the “primary purpose of raising funds”.
6. What CEMs are exempt from CASL’s requirements?
There are limited forms of CEMs that are exempt from CASL’s requirements. I recommend consulting with a lawyer before deciding to rely on those exemptions. Some examples include:
- CEM sent to someone with whom the sender has a “family” or “personal” relationship
- CEM sent between employees of the same business / organization and the content of the CEM relates to the recipient’s role within the business / organization
- CEM sent between businesses / organizations that have an existing relationship and the content of the CEM relates to the recipient’s role within that business / organization
- CEM sent in response to a request, inquiry or complaint
- CEM sent by a registered charity for the primary purpose of raising funds
- CEM sent by a political party for the primary purpose of soliciting contributions
7. Does CASL apply to newsletters and information bulletins?
Yes, in certain circumstances, CASL may apply to those types of electronic messages.
8. I have already obtained consents for the purposes of complying with privacy laws. Can I rely on those consents for the purpose of complying with CASL?
Not necessarily. CASL has specific requirements regarding the manner in which you must obtain consent. If those requirements were not met when you obtained consent, you would not be able to rely on those consents.
9. When a customer purchases a product from my website, he / she can uncheck a pre-checked box that states that he / she consents to receiving electronic messages from me. Can I send CEMs to those costomers who did not uncheck the box?
No. Pre-checked boxes are unacceptable for the purposes of obtaining CASL consent. You must require the customer to check an empty box when providing his / her consent.
10. Does CASL apply to non-Canadian businesses, such as U.S. companies?
Yes. Foreign businesses that send commercial electronic messages to Canadian recipients must comply with CASL.
CASL is a complicated regulatory regime requiring a multi-faceted compliance strategy. I recommend contacting a lawyer with expertise in the area to obtain legal advice on CASL compliance.
- Breaking the “glassdoor” – Dealing with online reviews by employees - August 29, 2023
- The unreliability factor of using AI in the workplace - June 27, 2023
- The new privacy tort – Another victory for victims of cyberbullying - February 16, 2016