Tomorrow is July 1, 2014. It is a day that marks Canada’s “birthday”. It is also the date of the coming into force of Canada’s Anti-Spam Legislation (CASL). While most Canadians will be out celebrating Canada Day with their families and friends, they should also be in compliance with CASL. But are they?
The head in the sand phenomena
Despite the fact that CASL has been around for a while (since 2010 to be exact), many Canadians (and foreign entities that do business in Canada), are either ignorant of CASL’s implications, or ambivalent over its application. I estimate that tomorrow a large proportion of businesses and not-for-profit organizations are likely not going to be compliant with CASL.
I characterize this lack of compliance as the “head in the sand phenomenon” – if we do not know about it, or assume it does not apply to us, then we do not have to comply with it, right? Wrong. As the saying goes, ignorance of the law is no excuse. And it is particularly so when it comes to CASL.
The importance of a comprehensive CASL compliance policy
Every business and not-for-profit organization should have a CASL compliance policy. There are several reasons for this. First, if you are not in compliance with CASL’s rules regarding the transmission of commercial electronic messages, you can face very significant consequences. As of July 1, 2014, the CRTC (the regulatory body tasked with enforcing CASL) may impose penalties of up to $1 million for an individual (per violation) and up to $10 million for a corporation (per violation). There is also potential for personal liability of officers and directors of corporations (including of not-for-profits organizations).
If a complaint is launched against you and the CRTC commences a regulatory proceeding, one of the only defences available to you is the “due diligence” defence. However, without having developed and implemented a reasonable CASL compliance policy, which is tailored to your business’ or organization’s communication practices, you may not be able to rely on the “due diligence” defence. Indeed, in a recent Information Bulletin, the CRTC has indicated that it would take into consideration the existence of a reasonable compliance policy when enforcing CASL. In that publication, the CRTC has also provided some suggestions for what should be included in a CASL compliance policy.
Act now
Since CASL will be in force as of tomorrow, there is no time to wait. It is time to develop and implement a reasonable CASL compliance policy that meets your business’ or organization’s needs. Given CASL’s complexity, it is recommended that you seek help from the experts when developing this policy, such as legal counsel, IT professionals and compliance specialists.
Happy Canada and CASL Day!
- Swinging the privacy rights pendulum – The recent proposed amendments to Canada’s privacy law regime - November 28, 2023
- Breaking the “glassdoor” – Dealing with online reviews by employees - August 29, 2023
- The unreliability factor of using AI in the workplace - June 27, 2023
Judy Collins says
thanks for clarifying. I will do that.
Maanit Zemel says
Thank you for your comment.
The thought that fines will not be imposed until July 1, 2017 is one of the common misconceptions. I implore you to read my article on the myths and misconceptions.
To clarify, there is no 3 year grace period for implementation of CASL. Fines may be imposed as of tomorrow July 1, 2014. The 3 year transitional period only applies to those with whom there already is implied consent under CASL, which is a narrow application.
Maanit
Judy Collins says
In a webinar that I took part in this week, the indication was that there is a 3 year implementation period for CASL, and fines will not be imposed until after July 1, 2017.
My experience this week is that many companies, that I receive information from, are complying and requesting authorization to continue to communicate with me.
Hopefully this will be the trend and July 1, 2017 will come and go with few “heads in the sand”, and few fines.