In an effort to enable companies to be proactive about CASL compliance, we are sending out this communication (written by Caravel Law’s own Benjamin Rovet and David Cummings) regarding upcoming anti-spam legislative requirements coming into force this summer:
On July 1, 2014, Canada’s anti-spam law, known as CASL, came into force. CASL is considered the strictest anti-spam law in the world, setting out strict rules for email and text marketing, and for pushing installations of computer programs. This note deals with important components of CASL that are coming into force on July 1, 2017.
The underlying premise of CASL is that a person or organization cannot generally send commercial electronic messages (“Messages”, such as emails and texts) unless two requirements are met:
- the Message includes certain contact information and contains a working unsubscribe mechanism; and
- the organization sending the Message first obtains the express or implied consent of the recipient.
With respect to consent, Messages generally cannot be sent for the purpose of encouraging participation in commercial activity unless the recipient has provided express consent to receive Messages from the Message sender. In limited instances consent may be implied – for example, if there is an active business relationship or if a business inquiry was made within the last six months.
The CRTC is empowered to enforce CASL and to levy severe penalties for non-compliance (up to $10 million per violation). To date, the CRTC has initiated a number of prosecutions, which have resulted in penalties or settlements ranging from $15,000 to $1.1 million. The CRTC has set up a website that allows consumers, businesses and other organizations to report violations of CASL (http://fightspam.ca).
The New CASL Components
On July 1, 2017, two new components of CASL will come into force.
First, the grandfathering period for existing business or non-business relationships will come to an end.
- The legislation had provided a transitional period of three years whereby implied consent was deemed for any Message recipient with whom the Message sender had an existing business or non-business relationship at any point in time prior to July 1, 2014.
- After June 30, 2017, implied consent will no longer be deemed and the Message sender cannot continue to send Messages unless it has obtained express consent from a recipient or the recipient continues to fall under one of the implied consent categories (for example, if the recipient purchased a good or service from the sender within the past two years).
Second, a private right of action comes into effect as of July 1, 2017.
- A Message recipient who believes that they have received a Message in contravention of CASL may apply to a court for an order for compensatory damages, up to a maximum of $1,000,000 for each day the contravention occurred.
- Class action lawyers have already indicated that they will launch a barrage of CASL-related actions pursuant to the private right of action provisions.
- We expect the courts to be barraged with class actions and regular actions once the new provisions come into effect.
Mitigating Exposure to CASL Risks
The CRTC has provided guidance for assisting in establishing a due diligence defence in response to any complaints or private rights of actions. This guidance includes establishing a corporate compliance program that includes the following components:
- senior management involvement;
- risk assessment;
- a written corporate compliance policy;
- establishing record keeping practices and procedures;
- training; and
- auditing and monitoring.
For further information about CASL and how it may affect your business and how to prepare for the legislative changes, including establishing a corporate compliance program to help establish a due diligence defence, please contact: Shari Zinman at 416-348-0313, ext. 108 or email@example.com.