In the months leading up to July 1, you likely received emails from a variety of organizations asking for your consent to receive electronic communications. These organizations were running a so-called “consent campaign” in order to get ready for Canada’s new anti-spam legislation (known as “CASL”), which came into force on July 1. CASL imposes new rules on the sending of “spam” or commercial electronic messages and affects any person or organization that uses email as a marketing or promotional tool. One of the requirements is that recipients expressly consent to receiving commercial electronic messages (“CEMs”), which is why there were so many emails requesting consent.
Since July, the CRTC (the government agency responsible for enforcing CASL) has received over 100,000 complaints to its Spam Reporting Centre and sources say that investigations are ongoing. Curiously, there has been a recent surge of enforcement action in a law similar to CASL, the Do-Not-Call Legislation, which applies to telemarketers who make soliciting phone calls. We will likely hear more about enforcement action for CASL in the coming months.
Now that the CASL panic has calmed down somewhat, there are a number of things to keep in mind when sending commercial electronic messages:
- Don’t forget the content/unsubscribe mechanism – Starting July 1, subject to a few exceptions, all CEMs sent from a computer in Canada or to a computer in Canada need to contain: (a) prescribed contact information about the sender, and (b) an unsubscribe mechanism that complies with CASL. While many organizations were focused on the task of obtaining consent prior to July 1, it is important to remember that even where a recipient has given his/her consent to receive CEMs, the required content still needs to be in the CEM.
- Policies and procedures – It is important for organizations to have a spam or email communication policy in place that sets out how it intends to comply with CASL. Since it may be difficult for many organizations to control the email practices of all of its employees and agents, having a policy could help the organization defend itself in case of a complaint or enforcement action. You also need to have procedures for how to respond to complaints. Training of staff on the basic rules of CASL would also be recommended.
- Privacy and other laws – While CASL introduces new requirements that apply to the sending of CEMs, it is important to remember that there are privacy and other laws that apply to email marketing as well. Organizations should also consider reviewing their privacy policies to make sure they are consistent with CASL.
- CASL’s next wave – In addition to “spam”, there are other provisions in CASL that apply to the installation of computer programs and the alteration of transmission data in an electronic message. These provisions come into force January 15, 2015. These provisions will impact on organizations that provide software and apps. Given the short timeframe, there is not a lot of time to get ready for this second wave of CASL.
As we receive more guidance and information on enforcement action taken by the CRTC, we will gain a better understanding of how CASL should be interpreted and applied. In the meantime, it is critical to make sure your organization is in compliance with CASL, as there are very significant penalties (the fine per violation is up to $1 million for individual and up to $10 million for organizations) possible under the law. If your organization provides software, apps, or other computer programs, you also need to be aware of the CASL provisions that take effect January 15, 2015.