By Maanit Zemel
In July 2014, Canada established an anti-spam regulatory regime, often referred to as CASL (pronounced “castle”). CASL is arguably one of the harshest anti-spam regimes in the developed world. In fact, prior to enacting CASL, Canada had no anti-spam laws, making it known as a “haven” for spammers and hackers. That is no longer the case.
Businesses and not-for-profit organizations that are located inside and outside of Canada may be subject to CASL’s requirements, if they communicate electronically with Canadians, or if they conduct e-commerce activities with Canadians. Why should these businesses care about CASL? There are several reasons.
Note: For more information on CASL and creating a CASL compliance policy, listen to episode #025 of The Crisis Intelligence Podcast.
Why your business should care about CASL, no matter where you’re located in the world
1. CASL Applies to all Commercial Electronic Messages
CASL does not regulate what most of us would consider to be “spam”. Rather, it regulates all “commercial electronic messages” (CEM), sent from or to anyone in Canada. CEMs are defined in CASL very broadly to include all forms of electronic messages (e.g., emails, texts, IMs, social media in-messages) that, directly or indirectly, encourage participation in “commercial activity”. CASL goes even further by defining “commercial activity” so broadly, it could conceivably apply to any electronic messages sent in the course of carrying out the activities of the business or non-profit organization (including fundraising emails sent by charities).
In practice, this means that any business or non-profit organization that communicates electronically with Canadians needs to familiar itself with CASL and ensure it complies with its relatively stringent requirements.
2. The CEM Compliance Requirements Are Relatively Unique
CASL is an “opt-in” regime. In general terms, it prohibits anyone from sending a CEM without having first received informed consent from the person on the receiving end of the CEM. For example, a particular business cannot send an email to someone who has not previously consented to receiving email from that business. This differentiates CASL from some of the other anti-spam regimes, such as the US’ anti-spam laws, which are for the most part “opt-out” regimes (i.e. you can send “spam” emails to a person, unless he / she asks you to stop). In addition, CASL requires the sender to include very specific information in each and every CEM.
CASL imposes the onus of proving that consent had been given on the sender of the CEM. This requires organizations that communicate electronically with Canadians to collect and track consents. The larger the organization, the more elaborate and complex this process may need to be.
3. CASL Carries very Hefty Fines
CASL imposes very serious consequences on those who violate it. For example, the regulators may impose fines of up to $1 million on an individual and $10 million on an organization, per each violation (this can theoretically apply to one email sent to one person). CASL also imposes personal liability on directors and officers of corporations that violate its requirements. In addition, beginning in July 2017, anyone may commence a civil action for violations of CASL, raising the very real possibility of a whole new slew of class actions.
4. CASL’s Other Requirements Are Also Relatively Unique
In addition to the above requirements respecting CEMs, CASL imposes other regulatory requirements that are relatively unique in the Western world. For example, CASL imposes specific consent requirements on anyone who causes a computer program to be installed on a device in Canada (e.g., apps, games, software and other computer code). Anyone who develops, distributes or markets such applications to Canadians must comply with CASL’s consent requirements, which will come into force on January 15, 2015.
In addition, CASL imposes specific requirements regarding the collection of email addresses online (i.e., email harvesting) and the advertisement and marketing to Canadians online. These laws also carry with them very serious consequences to those who violate them.
Make sure your business is CASL compliant
A business and organization that communicates electronically with Canadians, or which engages in e-commerce with Canadians, should ensure it complies with CASL. There are a number of steps that you can do to ensure compliance, including developing and implementing an effective CASL compliance policy. As CASL is a relatively complex regulatory regime, it is recommended that you consult with a Canadian lawyer with expertise in the area to obtain advice on CASL compliance.
Maanit Zemel is a lawyer and the founder of MTZ Law, an internet law and commercial litigation boutique law firm in Toronto. Ms. Zemel has substantial experience and expertise in internet law, including Canada’s Anti-Spam Legislation (CASL), online defamation, and cyberbullying. Ms. Zemel also has substantial experience in commercial litigation involving domestic and international disputes. In addition, Ms. Zemel is an adjunct professor at Ryerson University in Toronto, where she teaches business law. Connect with her on LinkedIn and follow her on Twitter.