Tomorrow is July 1, 2014. It is a day that marks Canada’s “birthday”. It is also the date of the coming into force of Canada’s Anti-Spam Legislation (CASL). While most Canadians will be out celebrating Canada Day with their families and friends, they should also be in compliance with CASL. But are they?
The head in the sand phenomena
Despite the fact that CASL has been around for a while (since 2010 to be exact), many Canadians (and foreign entities that do business in Canada), are either ignorant of CASL’s implications, or ambivalent over its application. I estimate that tomorrow a large proportion of businesses and not-for-profit organizations are likely not going to be compliant with CASL.
I characterize this lack of compliance as the “head in the sand phenomenon” – if we do not know about it, or assume it does not apply to us, then we do not have to comply with it, right? Wrong. As the saying goes, ignorance of the law is no excuse. And it is particularly so when it comes to CASL.
The importance of a comprehensive CASL compliance policy
Every business and not-for-profit organization should have a CASL compliance policy. There are several reasons for this. First, if you are not in compliance with CASL’s rules regarding the transmission of commercial electronic messages, you can face very significant consequences. As of July 1, 2014, the CRTC (the regulatory body tasked with enforcing CASL) may impose penalties of up to $1 million for an individual (per violation) and up to $10 million for a corporation (per violation). There is also potential for personal liability of officers and directors of corporations (including of not-for-profits organizations).
If a complaint is launched against you and the CRTC commences a regulatory proceeding, one of the only defences available to you is the “due diligence” defence. However, without having developed and implemented a reasonable CASL compliance policy, which is tailored to your business’ or organization’s communication practices, you may not be able to rely on the “due diligence” defence. Indeed, in a recent Information Bulletin, the CRTC has indicated that it would take into consideration the existence of a reasonable compliance policy when enforcing CASL. In that publication, the CRTC has also provided some suggestions for what should be included in a CASL compliance policy.
Since CASL will be in force as of tomorrow, there is no time to wait. It is time to develop and implement a reasonable CASL compliance policy that meets your business’ or organization’s needs. Given CASL’s complexity, it is recommended that you seek help from the experts when developing this policy, such as legal counsel, IT professionals and compliance specialists.
Happy Canada and CASL Day!
- The new privacy tort – Another victory for victims of cyberbullying - February 16, 2016
- Canadian cyberbullying laws – Where are they now? - January 18, 2016
- My website allows users to post comments – can I be liable for defamation? - November 18, 2015