On July 1, 2014, the anti-spam sections of Canada's Anti-Spam Legislation (aka "CASL") will take effect. CASL is:
 

  • Broad. It applies to just about every person and organization sending commercial electronic messages (CEM) – which isn't as clear as you'd hope.
  • Complicated. It moves Canada to a permission-based regime for electronic marketing – and imposes a tricky consent management process and mandatory disclosure and unsubscribe functions.
  • Coming soon. The countdown to CASL is on. If you're not ready, it's time to act now – there's a lot to do, and a price to pay if you don't comply.

Here are 10 reasons why you should care about – and act on – CASL right now.

  1. It Probably Applies to You or Your Business. CASL will apply to just about every business – from sole proprietors and independent contractors, to multinational corporations – and every person sending just about every form of "commercial electronic message" (called a "CEM") to, from or within Canada.
      
  2. It Takes Effect Soon. CASL (and its Regulations) will be phased in, taking effect on these dates:  
    • July 1, 2014. Most of CASL – including the "anti-spam" sections and the Regulations
    • January 15, 2015. The CASL sections dealing with the unsolicited installation of computer programs or software
    • July 1, 2017. The "private right of action" – the ability to sue – for people or corporations affected by a CASL contravention.
  3. Move to Permission-Based Regime. CASL will implement a significant paradigm shift in Canada's electronic-based marketing regime. Canada currently functions in an "opt-out" regime: anyone can send an electronic message to anyone else – without their permission – unless the recipient "opts-out". CASL will move Canada to an "opt-in" regime for all electronic-based commercial communications: with few exceptions, if a person or business wants to send a "commercial electronic message" within or into Canada, the sender needs the recipient's prior consent.
      
  4. Broad Coverage. CASL only covers "commercial electronic messages" (CEMs), so understanding what a CEM is crucial to CASL compliance – and it's not as clear as you might hope. There are some inclusions and exclusions, but essentially a CEM is any electronic message that it's reasonable to conclude has encouragement of participation in a "commercial activity" (broadly, any transaction, act or conduct of a commercial character – whether or not carried out for profit) as one of its purposes, considering: 
    • the message content;
    • hyperlinks in the message to content on a website or other database; or
    • contact information in the message.
  5. Tricky Consent Management. CASL is a permission-based regime, providing extreme protection of consumers against organizations in the business of compiling and selling email lists to third parties – and catches all CEM senders in the process. The regime imposes a tricky consent management process on organizations, requiring complex coordination of all the users of any one e-mail list: if an electronic message falls into the definition of a CEM, the sender must obtain the recipient's consent before she can deliver it. The consent can be express or – in certain specified circumstances – implied.
      
  6. Fresh Consent Required. If a sender already obtained a recipient's express consent under the Personal Information Protection and Electronic Documents Act (PIPEDA for short), that consent will satisfy CASL – but other forms of PIPEDA consent (such as implied consent) won't.
      
  7. Mandatory Content. Even if you have "consent", every CEM must still contain: 
    • Clear disclosure of specified information about the sender – or where a person or entity sends it on another's behalf, detailed information about that other person or entity; and
    • A working unsubscribe mechanism with the specified functions.
  8. No Grandfathering. There is no grandfathering: every CEM sent after July 1, 2014 must comply with CASL and its Regulations.
      
  9. Penalties for Non-Compliance. Individuals and organizations that don't comply with CASL risk significant penalties:  
    • Monetary Penalties of up to $1M on individuals and $10M on other entities;
    • Vicarious liability of employers for violations by employees acting in the scope of employment;
    • Personal Liability of corporate directors and officers for a corporation's violation if they directed or participated in it – though there is a due diligence defence available;  
    • Criminal Charge of Obstruction of CASL Investigation for failing to comply with a demand to preserve transmission data or produce documents when required; and
    • Private Right of Action by a person or corporation affected by a CASL contravention effective July 1, 2017 – with remedies including monetary compensation and expenses, with maximum penalties of $200 for each CEM contravention (maximum $1M/day), and $1M for each day on which a software contravention occurs.
  10. There's A Lot To Do. The countdown to CASL is on right now: individuals and organizations only have until July 1, 2014 to create, implement or update their CASL compliance program. It's time to act now: 
    • Determine whether CASL and its Regulations cover your electronic communications (and which ones).
    • Determine whether your current processes comply.
    • If they don't, determine what changes you must make – and get them made.
    • An electronic message asking for consent to a CEM is a CEM – so ask early.

If you're not ready for CASL, the countdown is on. It's time to act now.

Click here to read CASL

Click here to read the CASL Regulations

McInnes Cooper prepared this article for information; it is not legal advice. Consult McInnes Cooper before acting on it. McInnes Cooper excludes all liability for anything contained in or any use of this article. © McInnes Cooper, 2014. All rights reserved.