Deadline looms for Canada’s anti-spam law – but there’s still (barely) time to comply
In less than six weeks, the e-communications landscape in Canada will undergo a seismic shift. On July 1, 2014, Canada’s anti-spam law (CASL) comes into force. Many businesses have assumed, incorrectly, that it simply won’t apply to them, or that their existing practices are just fine; or even that the emails they’re sending aren’t “spam.”
CASL, however, is not your garden-variety anti-spam law; its measures extend far beyond what many expected. CASL applies to numerous routine business communications, specifies precise form and content requirements for messages, and its reach extends beyond Canada.
The good news is that there is still time to comply with CASL – but only just. Businesses that have been on the fence, or in denial, should use this opportunity to take a hard look at their practices and the law...and take action while they still can.
More and more clients are approaching us for assistance as the deadline nears. In some cases, we are advising on the enterprise-wide rollout of a CASL compliance program; in other cases, we are assisting with risk assessment and a staged triage of e-communications to ensure that liability hotspots are addressed before the deadline. We’ve also worked with U.S. companies and their Canadian affiliates to ensure that customers on both sides of the border can continue to receive commercial electronic messages.
McCarthys has been working with clients for over a year, helping to prepare them for the new e-communications landscape. We are experienced counsel in CASL matters and are well placed to bring solid value to clients as we help them become compliant efficiently (and before the July 1, 2014 deadline).
Some of the key points that are driving clients to contact us now are the following:
- CASL creates an opt-in, not opt-out, regime. This means businesses must have consent from everyone to whom they send commercial electronic messages, unless the message falls into an exempt category. Pre-checked boxes for consent and other already-completed forms are not acceptable.
- Sending an electronic message to ask for consent after July 1, 2014 is prohibited. While businesses can send e-communications asking for consent now, these messages are prohibited after July 1, 2014 unless certain types of relationship requirements are satisfied.
- Global consents are not permitted. In other words, just because one affiliate has consent (express or implied) from the intended message recipient doesn’t mean that other affiliates can send commercial electronic messages to that recipient. Requests for consent must be carefully constructed if affiliates want to send commercial electronic messages to each other’s contacts.
- Fines can be significant. Imposed by the CRTC, these can be up to $1 million for an individual, or $10 million for businesses, per violation.
- Officers and directors may be subject to personal liability. Officers, directors, agents and mandataries of corporations are personally liable for CASL violations committed by those corporations, if they direct, authorize, assent to, acquiesce in or participate in the commission. Employers are vicariously liable for the acts of employees.
- Class actions may be commenced. CASL will permit aggrieved individuals a private right of action commencing July 1, 2017 – presumably this will be in the form of class actions. This will likely shape CASL compliance significantly.
We can assist our clients with the compliance aspects of CASL, and with laying the groundwork for a due diligence defence by helping businesses demonstrate that they have established policies, procedures and processes to address CASL compliance.
Please call anyone listed below.