An Update: Canada’s Anti Spam Legislation

Warning: There is a lot of information heading your way but before you skip it over does your business have $10 million to lose over an email? 

Canada

On Friday, May 30th I had the privilege of attending a seminar put on by Bishop & McKenzie LLP about Canada’s upcoming Anti-Spam Legislation (CASL). Prior to the seminar I thought I knew the gist of what was in store starting July 1st but by the end I realized I barely knew the tip of the iceberg. This regulation is going to significantly change the way we do business in Canada from the largest corporations to our smallest proprietorships.

 

In less than a month the way businesses are able to exchange commercial electronic messages (CEMs) is going to be altered drastically. Many of you are probably thinking, “CEM… What’s that?” Well the scary thing is a CEM is anything that is sent by any means of telecommunications including text, sound, voice or image. This means emails, texts, tweets and anything in between.

 

CASL’s main aim starting July 1st is to prevent the transmission of CEMs without consent and without proper formalities. This means that you will need to prove that not only do you have the consent to send someone an email or a text in regards to your business but also you will have to be able to prove that you have that consent.  In this situation there are two types of consent:

  • Express – someone actively gives you his or her permission to send a CEM.
  • Implied – reasonable to assume you have permission based on prior relationships.

 

Moving forward express consent is always preferred because implied consent is much harder to establish and prove. Express consent can be done through sign-up on a website, sign-up at point of sale, snail mail consent form or something similar. A pertinent example is the feature like an email asking for your permission to continue to send you commercial messages. Getting express consent now is at the utmost importance because after July 1st you will not be able to ask for it through the use of a CEM.

 

Beyond consent, all CEMs must have certain information in them in order to comply with CASL. All CEMs must contain the following information:

  • The name of the business seeking consent and identify on whose behalf consent is sought if it is different.
  • Contact information (physical mailing address and either phone number or email address) of the party seeking consent.
  • A mechanism that allows the recipient to unsubscribe easily at no cost.

 

The best practice moving forward is to ensure that in all email signatures or other similar features that this information be included in your CEMs.

 

The reason that CASL is getting so much attention is the penalties. The administrative monetary penalties are a maximum of  $1 million for individuals and $10 million for organizations. While these numbers are turning heads due diligence is a defence so developing and implanting a compliance program is essential.

 

Here are some key points for the compliance program:

  • Review your processes as they are right now.
    • Who are you sending messages to?
    • Do you have the proper consents?
    • Can you prove that you have the proper consents?
  • Get consent for your current mailing list if you are not sure they’re covered.
  • Keep records of consent and determine how these will be managed.
  • Appoint a lead or a team to manage compliance.
  • Start including prescribed information in your CEMs.
  • Stop sending electronic messages as a first point of contact.
  • Stop sending CEMs without consent.

 

Again, I would like to thank Bishop & McKenzie and especially Tara Hamelin for putting on such an informative session. For more information please give us a call and we’d be happy to go over this in a little more detail. It seems like a lot because it is a lot. Let us help you out!

Leave a Reply