Pharma in brief - newly released guidance on corporate compliance with anti-spam law

The countdown is on.  The main provisions of Canada’s new anti-spam law¹ will come into effect in less than a week – on July 1, 2014.  With little time remaining, the Canadian Radio-television and Telecommunications Commission recently published six infographics and a new guidance document designed to facilitate the implementation of CASL’s onerous obligations.

The infographics provide pictorial explanations of some of the key provisions of CASL – such as the parameters of the personal relationship exemption, an outline of information to be included in a commercial electronic message, managing consent under CASL, explaining whether express consent gathered before CASL came into effect will continue to be valid (it will), outlining the distinction between express and implied consent and explaining what constitutes a commercial electronic message.

While the infographics had been previously discussed by the CRTC in meetings and seminars designed to outline CASL requirements, the CRTC also issued the third in its series of guidance document.  The first two guidance documents issued by the CRTC related to some of the technical aspects of obtaining consent and the interpretation of theElectronic Commerce Regulations that had been enacted under CASL.²  The new guidance document, however, Compliance and Enforcement Information Bulletin CRTC 2014-326: Guidelines to help businesses develop corporate compliance programs, focuses on compliance mechanisms and encourages all organizations subject to CASL to develop and implement corporate compliance programs to facilitate compliance with CASL.  The CRTC sets out the key elements of a corporate compliance program:

• Senior management involvement and the naming of a chief compliance officer (or compliance point person) to foster a CASL compliant organizations culture;
• Risk assessment – to determine which business activities are at risk for the commission of violations under the Rules and/or CASL;
• Written corporate compliance policy;
• Record keeping;
• Training program – to ensure effective training of staff at all levels;
• Auditing and monitoring – to help prevent and detect misconduct and assess the effectiveness of the corporate compliance program with audit results recorded, maintained and communicated to senior management with appropriate recommendations and follow-up;
• Compliant handling system to enable customers to submit complaints (and providing a mechanism for customer issues to be resolved and, potentially, not escalated; and
• Corrective action to address contraventions of CASL requirements (and demonstrate the organizational due diligence and  commitment to CASL compliance)

Those familiar with corporate competition or privacy law compliance programs will find the CRTC guidance reinforces well-established recommendations concerning regulatory compliance activities.  That being said, the new guidelines are a useful reminder of the work that may yet need to be done by organizations that send commercial electronic messages.

Link to compliance policy

Compliance and enforcement information bulletin CRTC 2014-326