Things You Should Know About CASL

This blog post is not intended to replace the need for legal counsel and there is a lot more to CASL than what I have covered here. The purpose of this post is to raise awareness of the July 1 deadline and give a general idea of what the journey to compliance might entail.

It’s a good idea to inventory the sort of communications your company sends out, study the CASL and how it may apply to your business communications, and retain legal counsel to answer your questions.

If you live in or do business in Canada you may have heard the buzz about Canada’s Anti-Spam Legislation (CASL), which goes into effect July 1, 2014.

No Spam

Brian Curial, Miller Thomson’s Alberta Privacy Officer and the firm’s Prairie Province CASL Compliance Officer, shared valuable information about CASL at the May Social Media Breakfast Edmonton (SMBYEG). You can view the slides from his presentation at the SMBYEG website. Here are some key points I gleaned from his presentation:

What does CASL regulate?

CASL regulates a broad range of activities including:

  • the sending of commercial electronic messages (CEMs)
  • the installation of a computer program on another persons’ computer system
  • altering of transmission in an electronic message

The first bullet point will apply to most businesses, and individuals. A CEM is defined as, an electronic message that, having regard to:

  • the content of the message,
  • the hyperlinks in the message to a website, or
  • the contact information contained in the message,

it would be reasonable to conclude the CEM has, as one of its purposes, to encourage participation in a commercial activity, including marketing, advertising, or promotions.

Because CASL focuses on the message, not the sender, if you are a charity that solicits for donations (non-commercial), you’d be fine but if you are a charity selling tickets (commercial) to a fundraiser, your emails would need to be CASL-compliant. It will be up to you to figure out if your electronic message is commercial or not.

CEMs could be:

  • an electronic mail account,
  • an instant messaging account,
  • a telephone account,
  • or any similar account.

This means there are also, potentially, some social media that would be regulated by CASL.

What makes a message compliant with CASL?

According to Brian, there are three key requirements:

  1. Consent requirements
  2. Information requirements
  3. Unsubscribe mechanism

Consent requirements puts the burden of proof on the sender of a CEM to prove they have consent to contact the recipient. You may not use an opt-out consent. Previous consents are not enough to fulfill CASL requirements. Express consent must be “sought separately* for each act contemplated under CASL which means you cannot bundle the request for consent with terms and conditions of use or sale or other types of consent.

Because the burden of proof is on the sender, the sender will need to prove they had expressed consent to contact the recipient. This may be as simple as a field on a newsletter sign-up form that saves the date and consent that was agreed to or as complicated as an unaltered recording of verbal consent that is stored on an internal server somewhere. Please take a look through CASL for more ways to gain consent and how to store it.

Information requirements stipulate that you have to include the following in your CEMs; the purpose of consent, it has to clearly identify the sender and any party it is sent on behalf of, it must have the Sender’s contact information (name, company, mailing address, phone number, and e-mail), and it must clearly inform the recipient of their right to unsubscribe from receiving future messages.

The unsubscribe mechanism has to be clear and prominent in the CEM. If a recipient un-subscribes you have 10 days to comply and the un-subscription must be free of charge to the recipient who requested it. Most big newsletter/mailing list companies already have this in place thanks to our American neighbours and their anti-spam laws. However, how this looks for email/text communications is another matter.

How long do I have to comply?

The majority of CASL comes into force July 1, 2014. Check out Brian’s excellent slides for all of the relevant dates.

More links:

Canada’s Law on Spam and other Electronic Threats
Canada’s Anti-Spam Legislation
Compliance and Enforcement Information Bulletin CRTC 2012-548