What Does CASL Mean to You?
An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act. Believe it or not, that is the official title of the new Canadian anti-spam legislation. Not surprisingly, commentators on the subject commonly refer to the legislation as CASL. The legislation was passed in 2010 and the majority of it will come into force on July 1, 2014.
You might wonder, “why should I care about CASL?” Confidently declaring that you are not a sender of spam.
Well, despite the euphemistic moniker, CASL covers more than what one might consider spam. CASL deals with spam and other electronic threats. One of the focuses of CASL is on the sending of commercial electronic messages (“CEM”).
The definition of “commercial electronic message” is an electronic message that one could reasonably conclude to have as its purpose (or one of its purposes), the encouragement of participation in a commercial activity, including an electronic message sent to someone requesting his or her consent to be sent CEM. Therefore, if you are in business and you send out any CEM, CASL may apply to you.
If that hasn’t grabbed your attention, you might be interested to know that a violation carries a maximum penalty of $1 Million in the case of an individual, and $10 Million in the case of any other person (corporations, organizations, etc.).
Under CASL, it is prohibited to send, or cause or permit to be sent, to an electronic address a CEM, unless the person to whom the message is sent has consented to receiving it; and the message complies with certain prescribed requirements. People who think that compliance merely involves the obtaining of a generic consent from someone to receive electronic messages generally would be in for a rude awakening. The compliance requirements are rather technical and a detailed discussion is beyond the scope of this article.
However, to give you a sense of some of the technical requirements, here are some examples of the requirements that you might not be aware.
You might be aware that a CEM must contain information to identify the sender, but did you know that the sender must ensure that such identification information is valid for a minimum of 60 days after the message has been sent?
You might have surmised that a CEM must contain an unsubscribe mechanism, but did you know that such mechanism must specify an electronic address or link to a web page to which the unsubscribe indication may be sent and the sender must also ensure that such address or link is valid for a minimum of 60 days after the message is sent?
Did you know that a person’s indication to unsubscribe or withdraw consent must be effected within 10 business days after such indication or withdrawal is received?
In addition, there are certain exceptions to the prohibitions under CASL. Not surprisingly, these exceptions are also more technical than they may appear at first glance.
Compliance with CASL is not merely a legal exercise; it is also a technically challenging exercise. The technical challenge is proportionate to the size of your customer and prospect database. Unless you have planned for compliance with CASL, it is likely that you will need to create and monitor new data points to enable compliance with CASL. Given the technical aspects of compliance with CASL, one is well advised to obtain expert advice and guidance in complying with CASL.