Canada’s anti-spam legislation (CASL), enacted in 2014, requires businesses and individuals to obtain either express or implied consent to send commercial electronic messages (CEMs) to recipients. As the onus of proving consent is on the individual or business sending the CEMs, the maintenance of adequate consent records is imperative to responding to CRTC production notices in a satisfactory manner and avoiding possible enforcement proceedings for failure to do so.
The CRTC has shed light on what it considers to be adequate proof of consent in an Enforcement Advisory released on July 27, 2016. In particular, it encourages senders of CEMs to consider keeping a hard copy or an electronic record of, among other things:
- All evidence of express and implied consent (e.g., audio recordings, copies of signed consent forms, completed electronic forms) from consumers who agree to receive CEMs
- Documented methods through which consent was collected
- Policies and procedures regarding CASL compliance
- All unsubscribe requests and resulting actions
The CRTC also outlines what it considers to be benefits of proper record keeping, including the ability to:
- Identify potential non-compliance issues
- Investigate and respond to consumer complaints
- Identify the need for corrective actions
- Demonstrate that these corrective actions were implemented
- Establish a due diligence defense in the case of a violation of CASL
Though this Enforcement Advisory is not binding, it would be foolhardy to disregard the guidance contained therein, especially as the CRTC explicitly connects these record keeping practices to the successful establishment of a due diligence defense in the case of a CASL violation. In addition to proper record-keeping, it is clear that businesses should have proper CASL Compliance Programs in places, including CASL-specific policies and procedures, training and audits to ensure that internal practices align with those policies and procedures.