Overview of Canada’s CASL

CASL

Thursday, March 21st, 2013

:: Announcements

Canada’s Anti-Spam Legislation (CASL) was passed in December of 2010, and will come into force once it is approved by the Governor General – while the date is pending, the new expected date of enforcement is early 2014. This legislation is meant to regulate all forms of commercial electronic messaging including, email and text messages. CASL provides a framework for protecting electronic commerce in Canada.

THE ENFORCING BODIES

Canadian Radio-television and Telecommunications Commission (CRTC)

As the primary enforcers of the CASL legislation, the CRTC will be responsible for investigation, taking action against, and issuing administrative monetary penalties for the following:

  • Sending messages without the receivers’ permission
  • Changing transmission data without consent of the user
  • Installing computer programs on systems or networks without consent, including: malware, spyware, and viruses that redirect the user to infected websites through hidden or downloaded links
  • Competition Bureau

    An independent law enforcement agency, safeguards fair practices and healthy competition in Canadian business. The CASL legislation will allow the Bureau to further encourage marketing best practices in the electronic marketplace and address false and misleading representations through monetary penalties or criminal sanctions as defined by the Competition Act.

    Office of the Privacy Commissioner of Canada

    Protecting Canadians’ personal information is the main purpose of the Office. CASL will allow the Office of the Privacy Commissioner to exercise new powers under an amended Personal Information Protection and Electronics Documents Act (PIPEDA). It will be key in enforcing the following two points:

  • The collection of personal information through access to computer systems contrary to an act of parliament;
  • Electronic address harvesting where bulk email lists are compiled through mechanisms; including the use of computer programs that automatically mine the Internet for addresses.
  • HOW CASL WILL AFFECT YOU AND YOUR BUSINESS

    In general, CASL will prohibit the following:

  • Sending of commercial electronic messages without the recipient’s consent (expressed or implied), including messages to email addresses, social networking accounts, and text messages;
  • Alteration of transmission data in an electronic message, which results in the message being delivered to a different destination than was intended without express consent;
  • Installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee (express consent considered to have been given with computer programs such as cookies, HTML code, and Java Scripts, where it is reasonable to believe the person wants to run these on their computer);
  • Use of false or misleading representations online in the promotion of products or services, with respect to header information, subject lines, URLs, and message content;
  • Collection of personal information through accessing a computer system in violation of federal law (e.g. the Criminal Code of Canada); and
  • Collection of electronic addresses by the use of computer programs or the use of such addresses, without permission (address harvesting, through the use of web crawlers for example, then selling the obtained email addresses to spammers).
  • BEST PRACTICES & POTENTIAL PENALTIES

    Although the specifics of CASL have yet to be refined, the broad requirements involve sending messages that: clearly identify the sender, allows recipients to readily contact the sender, and provides an electronic means for recipients to unsubscribe. As always, and especially due to the impact of CASL on permission and consent of all electronic commercial email, Upaknee recommends employing robust list management tools and practices. For example, a double opt-in approach assures consent beyond CASL compliance requirements, and further confirms that subscribers wish to receive these electronic commercial communications. It is important to note that CASL consent requirements are specific to commercial messages. As such, these requirements do not apply to transactional communications, providing the recipient with requested information, providing information regarding a recipient’s account or subscription information, and other electronic communications of this nature. Providing a simple and conspicuous opt-out (unsubscribe) mechanism is crucial to comply with CASL unsubscribe requirements. A link should take the subscriber to a web page where the unsubscribe process can be completed or a reply-to email address should be provided with instructions to unsubscribe. Keep the unsubscribe process short and simple and include a page to confirm the unsubscription.

    Senders outside of Canadian borders sending messages to Canadians are also required to comply with CASL. Similarly, Canadians sending messaging from Canada to other countries are required to comply. Anyone who aids, induces, or procures a breach of this law can be held liable. Penalties for negligence can equate to $1 million per day for certain violations, and $1 million per act of other violations including aiding, inducing, or procuring certain breaches.

    To prepare for the enforcement of CASL, it is wise to review all marketing activities in detail – review existing consents and the consent process, review the unsubscribe process, adopt Canadian-specific practices if not already done so, review vendor contracts and compliance obligations, and purge contact lists from previous mass mailing efforts.

    EXEMPTIONS

    Draft regulations have been developed to provide relief to businesses through targeted exemptions, in which the broad application of CASL would otherwise impede business activities. Since the legislation applies broadly to commercial electronic messages, CASL captures some regular business communication not intended within its scope. The regulations include business to business exemptions for commercial electronic messages sent within a business, or between businesses already in a business relationship. This involves messages sent by sent by an employee, representative, contractor or franchisee, and are relevant to the business, role, function or duties of the recipients. These proposed exemptions address the most serious concerns raised by the application of CASL to ordinary, transactional business communications.

    If you are a legitimate email marketer who complies with both PIPEDA and CAN-SPAM legislations, you are already following industry best practices and should not be worried about the effects of CASL. In the meantime, our team at Upaknee will keep you posted on the legislation details and when CASL will come into force.

    Cheers,
    The Upaknee Team

    Related posts:

    Comments

    Upaknee Commitment