The main provisions of Canada's anti-spam legislation, generally known as CASL, came into effect on July 1, 2014. The key component: you cannot send a commercial electronic message ("CEM") unless you have consent, whether express or implied, and the CEM contains certain content about the sender and the right to stop getting CEMs. The advent of CASL caused great discussion and concern and, for many organizations, significant cost as they struggled to get compliant mailing lists and processes in place. You can read more about the background of CASL at http://blog.blg.com/nfp/Lists/Posts/Post.aspx?ID=213. The government website http://fightspam.gc.ca/eic/site/030.nsf/eng/home contains useful tips and FAQs.

New rules about installing computer programs came into force on January 15, 2015. The next big date for CASL watchers is July 1, 2017, when the sections of CASL that deal with private right of action come into force. That means that at that time individuals will be able to sue. Until then, the CRTC has a range of options available to enforce the legislation, including financial penalties. There have been several fines issued so far, including a $1.1 million fine levied against Compu-Finder for various violations of CASL, including sending CEMs without consent and failing to have a working unsubscribe feature.

It may not be on many people's lists of "favourite laws ever" but we continue to get questions around the applicability of CASL to certain situations. One thing we have noticed is that the processes and practices people worked so hard to put into place before July 1, 2014 may have evolved over the last two years and, in some cases, are no longer in compliance with the legislation. Perhaps CASL's second anniversary is a good time to review what you are doing around CASL compliance to ensure your organization is not the next one under review by the CRTC or Office of the Privacy Commissioner of Canada.