Canada: Canada's Anti-Spam Legislation (CASL) Compliance Checklist For Business Transactions

DUE DILIGENCE PHASE

• Does the Target send commercial electronic messages (CEMs) from Canada and/or to recipients in Canada? CEMs include any email, text message or other direct electronic message that wholly or partly encourages participation in a commercial activity. Not limited in scope to bulk messages.
• Does the Target send CEMs based on express or implied consent?
• If the Target sends CEMs based on express consent, review the Target's express consent language and process to ensure they meet CASL's prescriptive requirements.
• If CEMs are sent based on implied consent, the basis upon which consent is claimed to be implied should be verified.
• Does the Target ever rely on an exemption from CASL to send CEMs? If yes, confirm that the exemption applies and whether it is a full or partial exemption.
• How is evidence of consent (express or implied) maintained? Recall that the sender bears the burden of proving they had consent to send a CEM.
• Review all template CEM footers to ensure that the required identification and contact information is included along with a valid unsubscribe mechanism that meets prescribed requirements.
• Verify how the unsubscribe mechanism works and how unsubscribe requests are recorded and implemented by the Target to ensure compliance with prescribed requirements (including timing requirements).
• Does the Target have a CASL policy?
• Are employees trained on CASL compliance?
• Has the Target ever received a complaint relating to its CEMs?
• Has the Target ever been the subject of a regulatory inquiry, investigation, notice or enforcement action relating to its CEMs?
• If the Target sends CEMs or collects electronic addresses on behalf of others, has the Target complied with all contractual obligations relating to these activities?

PURCHASE AGREEMENT

• Where a purchase involves the transfer of personal information from Target to Purchaser, privacy implications will need to be carefully considered in addition to CASL-compliance issues.
• For asset purchases, ensure that:
  
  
  • Any express consents from Target's customers, suppliers, vendors or others form part of the purchased assets
  • Purchaser acquires or has access to records sufficient to demonstrate compliance with CASL (e.g., evidence of consent, records of unsubscribes, etc.).
• Carefully consider which implied consents arising from Target's existing business relationships will transfer with the purchased business pursuant to CASL, s. 10(12).
• Obtain representations and warranties from the Target relating to the absence of CASL-related complaints, or regulatory investigations, inquiries, notices or enforcement action.
• Obtain representations and warranties from Target relating to CASL compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.