The Canadian Radio-television and Telecommunications Commission has issued an Enforcement Advisory regarding the requirements under Canada's anti-spam legislation for keeping records of consent to receive commercial electronic messages.
Canada's anti-spam legislation (commonly known as "CASL") creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties (including personal liability for employers, corporate directors and officers) designed to prohibit unsolicited or misleading commercial electronic messages ("CEMs"), the unauthorized commercial installation and use of computer programs on another person's computer system and other forms of online fraud (such as identity theft and phishing).
For most organizations, the key parts of CASL are the rules for CEMs. Subject to limited exceptions, CASL creates an opt-in regime that prohibits the sending of a CEM unless the recipient has given informed consent (express or implied in limited circumstances) to receive the CEM and the CEM complies with prescribed formalities (including an effective and promptly implemented unsubscribe mechanism) and is not misleading. A person who sends a CEM has the onus of proving that the recipient gave express or implied consent to receive the CEM.
CASL gives the Canadian Radio-television and Tele-communications Commission ("CRTC") regulatory and enforcement authority regarding CEMs and other matters. On July 27, 2016, CRTC issued an Enforcement Advisory to provide guidance on CASL's requirements for keeping records of consent to receive CEMs. Following is a summary:
- Onus: The onus of proving consent remains with the person sending, or causing or permitting the sending of, a CEM, even if the person is relying on implied consent arising from an existing business or non-business relationship.
- Benefits of Good Record Keeping: Good record keeping practices can provide various benefits, including helping a CEM sender: (1) investigate and respond to consumer complaints; (2) identify potential non-compliance issues and the need for corrective action, and demonstrate that corrective action was implemented; and (3) establish a due diligence defense in the case of a CASL violation.
- Recommended Records: CEM senders should consider keeping paper or electronic records of: (1) all evidence of express and implied consents (e.g. audio recordings, copies of signed consent forms and completed electronic forms) to receive CEMs; (2) documented methods through which consent was collected; (3) policies and procedures regarding CASL compliance; and (4) all unsubscribe requests and resulting actions.
The Enforcement Advisory references other CRTC guidance for compliance with CASL's record keeping requirements, including Compliance and Enforcement Information Bulletin CRTC 2014-326, Guidance on Implied Consent and Guidelines to help businesses develop corporate compliance programs and Guidance on Implied Consent.
More information about CASL is available at www.blg.com/en/antispam.