1. No category

Casl anti-spam - Lethbridge Sport Council

Canada Anti-Spam Legislation (CASL)
Information and Resources
for
Not-for-Profits and Registered Charities
This resource was created by the Centre for Public Legal Education Alberta
© 2014
Legal Resource Centre of Alberta Ltd.
This project was made possible through a grant from Alberta Culture
This resource is intended to provide plain language information about the
Canada Anti-spam Legislation (CASL) and is not to be intended as legal
advice or an interpretation of the legislation or regulations. If you need legal
advice, consult a lawyer.
2
Table of Contents
INTRODUCTION ............................................................................................................................................. 4
What is CASL? ........................................................................................................................................... 4
KEY PROVISIONS OF CASL ............................................................................................................................. 5
Commercial Electronic Messages ............................................................................................................. 5
Exception for Registered Charities............................................................................................................ 5
Consent ..................................................................................................................................................... 5
Express Consent ........................................................................................................................................ 5
Implied Consent ........................................................................................................................................ 6
Existing Business Relationship .................................................................................................................. 7
Existing Non-Business Relationship .......................................................................................................... 7
Excluded Messages (1) .............................................................................................................................. 7
Excluded Messages (2) .............................................................................................................................. 8
Third Party Referrals ................................................................................................................................. 8
Unsubscribe Mechanism ........................................................................................................................... 9
Relationships with Third Parties ............................................................................................................... 9
Tracking ................................................................................................................................................... 10
Sample Forms.......................................................................................................................................... 10
Automated Message Distribution ........................................................................................................... 12
PENALTIES ................................................................................................................................................... 13
TIMELINES ................................................................................................................................................... 14
DEFINITIONS................................................................................................................................................ 15
ANTI-SPAM FAQs........................................................................................................................................ 18
ADDITIONAL RESOURCES ............................................................................................................................ 22
APPENDIX A - TIPS and TOOLS ................................................................................................................... 23
3
INTRODUCTION
What is CASL?
CASL stands for Canada's Anti-Spam legislation. This anagram is the unofficial name for a new law
recently passed by the Parliament of Canada. The official name of the law is “An Act to promote the
efficiency and adaptability of the Canadian economy by regulating certain activities that discourage
reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radiotelevision and Telecommunications Commission Act, the Competition Act, the Personal Information
Protection and Electronic Documents Act and the Telecommunications Act (“The Act”)”.
CASL comes into force on July 1, 2014. Because it is a federal law, it will apply to not-for-profit
organizations and, with some limited exceptions, to registered charities across Canada. It is important
that these groups learn about how this law will apply to them. While the unofficial title of the Act
targets spam, it is actually much broader in scope. CASL deals with commercial electronic messages
(CEMs) and it regulates a broad range of activities including:
•
•
•
•
•
unsolicited commercial messages such as emails, texts and tweets;
hacking, malware and spyware;
“phishing” and other fraudulent or misleading practices;
invading privacy through a computer; and
collecting email addresses without consent.
Registered charities and not-for-profit organizations may discover that many of the communication
tools that they have routinely used over many years will now be subject to the provisions of this Act.
This website will provide information to help organizations prepare and cope with the coming changes.
4
KEY PROVISIONS OF CASL
Commercial Electronic Messages
A Commercial Electronic Message or CEM is an electronic message that has as its purpose encouraging
participation in a commercial activity and that is sent from or received by a computer in Canada. A
“commercial activity” means a transaction or act that is of a commercial character, whether or not it is
done with an expectation of profit. This means that many of the emails, electronic newsletters and
other means that registered charities and not-for-profits use to communicate with volunteers, donors,
members and members of the public may now be regarded as CEMs and fall under the provisions of
CASL.
Exception for Registered Charities
There is a limited exception for registered charities. Any electronic message sent by a registered charity
for the primary purpose of raising funds is exempt from the provisions of CASL. However, the definition
of raising funds is unclear at this time. And, if a request for donations is placed within a newsletter, or
some other form of communication with the public, it may be found that the primary purpose of the
CEM was not to raise funds. This limited exception does not apply to not-for-profit organizations or
Registered Amateur Athletic Associations.
Consent
Consent is really the key concept to be aware of in CASL. The Act creates a permission-based scheme
under which consent is required before a CEM can be sent. Consent can be either express or implied.
Express Consent
Express consent means that a recipient has voluntarily agreed to receive a CEM and this consent is
documented. Consent can be either oral or in writing, and “in writing” includes both paper and
electronic forms of writing. The CRTC has set out guidelines that state the information that must be in a
request for express consent:
•
•
•
•
•
The purpose or purposes for which consent is requested;
The name of the person seeking consent and the name of the person ,if it is different, on whose
behalf consent is asked;
A statement indicating which person is asking for consent and which person on whose behalf
consent is being asked;
If the person seeking consent and the person, if different, on whose behalf consent is sought are
carrying on business under different names, the names of those businesses;
The mailing address, and either a telephone number providing access to a person or a voice
messaging system, an email address or a web address for the person asking for consent, and if
different, the person on whose behalf consent is asked; and
5
•
A statement that the recipient of the CEM can withdraw consent at any time in the future by
using this contact information. This is called the “unsubscribe mechanism”. You will find more
information about the unsubscribe mechanism at the end of this section.
Oral consent can be proven by verification by an independent third party, or where a complete and
unedited audio recording of the oral consent is kept by the person asking for consent or a client of the
person asking for consent.
Once express consent is obtained, it does not expire, unless the person giving consent withdraws it at
any future time.
The CRTC has issued Compliance and Enforcement Bulletin 2012-549 that gives guidance about
obtaining express consent and gives two examples of forms that are acceptable. You will find these
forms at the end of this section. The Bulletin also states that since express consent must be positive or
explicit, an opt-out mechanism is not acceptable, nor is a “toggle box” where permission to send CEMs is
already checked off.
Implied Consent
Under CASL, consent can be implied in three situations:
•
•
•
where there is an existing business relationship, or an existing non-business relationship;
where the recipient has “conspicuously published” their electronic address without saying that
they do not want to receive unsolicited CEMs and the message they receive has to do with their
business, role, functions, or duties in their business or official capacity;
where the recipient has disclosed their electronic address to the person who is sending the
message; again, without saying that they do not want to receive unsolicited CEMs and the
message they receive has to do with their business, role, functions or duties in their business or
official capacity. An example of this could be a person who receives a CEM from a person to
whom they gave their business card, with their email address on the card.
Generally speaking, implied consent lasts for two years, providing an opportunity for organizations to
change an implied consent to an express consent. CASL includes a transition period that allows for
implied consents to remain active until July 1, 2017. In addition, where there is an existing business
relationship, each transaction renews the implied consent, so that the two-year existing business
relationship starts over.
It is important to note that after July 1, 2014 CEMs may only be sent with the explicit or implied consent
of the recipient. Because a message seeking explicit consent is, in itself, a CEM, after July 1, 2014 these
can only be sent to people or organizations with which you have an implied consent relationship.
6
Existing Business Relationship
An existing business relationship between the sender of the CEM and the recipient will be found if,
within the previous two years the recipient has:
•
•
•
•
purchased, leased or bartered a produce, goods, services, land or an interest in land from the
sender;
accepted a business, investment or gaming opportunity offered by the sender;
entered into a written contract or made inquiries about other matters with the sender for
another matter not listed above;
within the previous six months, made an inquiry or an application about any of the matters
listed above.
The existing business relationship is renewed with each transaction, so that the two-year existing
business relationship starts over.
Existing Non-Business Relationship
Existing Non-Business Relationships are of particular importance to registered charities and not-forprofits. A person has an existing non-business relationship with a recipient if the recipient has, within
the previous two years:
•
•
In the case of a registered charity, made a donation or gift, or has performed volunteer work for
the charity;
In the case of a not-for-profit, has been a member of the organization, such as a club or
association.
Each time that a recipient makes a donation or gift, or volunteers, the two-year implied consent period
begins again. It is the same case for not-for-profits. Each time a member renews, the two-year implied
consent period begins again.
Excluded Messages (1)
There are a number of CEMs to which CASL does not apply. These include messages sent:
•
•
•
•
•
•
to someone with whom the sender has a personal or family relationship;
to someone in a commercial activity making an inquiry or application about the activity, such as
quotes or estimates;
to another employee, representative, consultant or franchisee of an organization about the
activities of the organization;
to an employee, representative, consultant or franchisee of another organization, if the
organizations have a relationship and the message is about the activities of the receiving
organization;
in response to a request, question or complaint, or is otherwise initiated by the recipient;
by or on behalf of a registered charity and the message has as its primary objective raising funds
for the charity;
7
•
by or on behalf of a political party or a political candidate for publicly elected office, for the
primary purpose of obtaining a donation or contribution.
Excluded Messages (2)
These types of CEMs are excluded from the provisions of CASL except that they must conform to the
rules about providing sender identity information and an unsubscribe mechanism so that the
recipient can opt not to receive future CEMs. These messages must solely:
•
•
•
•
•
facilitate, complete or confirm a commercial transaction that the recipient previously agreed to
enter into with the sender;
provide warranty, product recall or safety and security information about a product or service
that the recipient has used or purchased;
provide product, goods or services updates or upgrades that the recipient is entitled to receive;
provide ongoing information about a subscription, loan, membership or account that the
recipient is currently participating or enrolled in;
provide information directly related to an employment relationship or benefit plan in which the
recipient is involved or enrolled.
There is some uncertainty at the moment about the meaning of “solely” at this time. Further
clarification is expected from the CRTC.
Third Party Referrals
There is another limited exemption to the consent provisions of CASL for third party referrals. The CRTC
states that the consent provisions do not apply to the first commercial electronic message that is sent by
an individual for the purpose of contacting a recipient following a referral by someone who has:
•
•
•
•
an existing business relationship;
an existing non-business relationship;
a personal relationship; or
a family relationship with the individual who sends the message as well as these relationships
with the individual to whom the message is sent.
Third Party Referral messages must disclose the full name of the individual or individuals who made the
referral and state that the message is sent as a result of the referral. These messages must also comply
with the sender identity information and unsubscribe mechanism requirements. Only one Third Party
Referral message may be sent under these terms, so it should contain a request for future consent.
8
Unsubscribe Mechanism
The Unsubscribe Mechanism is one of the most important components of the CASL scheme. Every CEM
that an organization sends must provide a way for recipients to unsubscribe from receiving messages in
the future. A Regulatory Policy from the CRTC states that the mechanism must be “readily performed”
meaning that it must be accessed without difficulty or delay and should be simple, quick and easy for
the consumer to use. It must also be free of charge to the user. The means to contact the sender must
be operational for at least 60 days, and the unsubscribe request must be completed within ten business
days. The Commission gives as an example of an unsubscribe mechanism that can be readily performed
as a link in an email that takes the user to a web page where he or she can unsubscribe from receiving
all or some types of CEMs from the sender. It also suggests: “In the case of a Short Message Service
(SMS) the user should have the choice between replying to the SMS message with the word ‘STOP’ or
‘Unsubscribe’ and clicking on the link that will take the user to a web page where he or she can
unsubscribe from receiving all or some types of CEMs from the sender.”
Several examples of unsubscribe mechanisms, including one created by the CRTC can be found at the
end of this section.
It will be very important for registered charities and not-for-profits to set up a system to track and
monitor unsubscribe requests, so that they know what electronic addresses cannot be sent future CEMs.
This could be a system as simple as a spreadsheet or as sophisticated as a fully integrated database.
Note too, that the tracking system should also be set up to watch for the expiration of the two-year
period for implied consents. Failure to do so that results in CEMs being sent to parties who have
unsubscribed or have not been active with the organization for two years could lead to Notices of
Violation from the CRTC, with the possibility of significant fines for the organization, and the officers and
directors. After July 1, 2017, there is also the possibility of lawsuits by private citizens who allege harm
and claim damages.
Relationships with Third Parties
Under CASL organizations must also be aware of what contracts they have entered into that may involve
a third party sending CEMs on their behalf. Some examples of these contracts could include:
•
•
•
•
•
•
•
•
advertising agencies;
social media management companies;
public relations or media advisory companies;
lobbyists;
sales or distribution agents;
professional fundraising companies;
investor services;
suppliers of referral/contact lists.
9
If your organization has contracts with parties such as these, the contracts should be reviewed to make
sure that any CEMs they send on your organization’s behalf are CASL compliant. The contracts should
contain clauses that ensure that the service provider will meet all applicable CASL requirements, will
notify you if it is cited by CRTC for a violation, and will keep your organization indemnified for any costs
or damages arising out of a breach. You should also ask your service provider to inform your
organization of all unsubscribe requests and to keep records of CASL compliance.
Tracking
It is very important that registered charities and not-for-profits begin to track recipient consents.
Depending on the size of the organization, this could be as simple as an Excel spreadsheet for a
small charity or fully integrated databases for a larger entity.
Tracking should cover:
•
•
•
•
express consents;
implied consents;
conversion of implied consents to express consents; and
implementation of unsubscribe requests and the date it was done.
For an example of a simple spreadsheet to track CEMs, see the Sample Tracking Spreadsheet
under Tips and Tools.
Sample Forms
Acceptable express consent mechanisms – Checking a box to indicate consent
10
Acceptable express consent mechanisms – Typing an email address into a field to indicate
consent
NOT ACCEPTABLE: An example of toggling that assumes consent
11
Acceptable wording for unsubscribe request
Automated Message Distribution
If your organization sends out a variety of electronic mailings that may or may not contain CEMs or your
mailing lists are just too large for your organization to manually manage, here are a few options to
automate message distribution that may be of interest to you:
Constant Contact is an online marketing company offering e-mail and social media marketing services
primarily to small businesses, non-profit organizations, and membership associations. It offers nonprofit rates and a free trial period. It’s Safesubscribe feature is helpful in automating the subscribe /
unsubscribe process so critical to CASL compliance requirements.
A second option to look at is MailChimp. Mailchimp markets itself as an online email marketing solution
to manage contacts, send emails and track results. For organizations with smaller electronic mail
subscriber lists MaillChimp offers a package that allows organizations to send up to 12,000 emails to
2,000 subscribers for free. Other packages are also available if your organization has a larger subscriber
list.
12
PENALTIES
The penalties under CASL can be quite severe. They include:
•
•
•
Administrative Monetary Penalties (AMPs) consisting of fines of up to $1million for individuals
and up to $10 million for corporations per violation.
Vicarious liability. This means that corporate directors can be found to be liable for the wrongful
acts of a corporation or organization, and the corporation can be found to be liable for the
wrongful acts of its employees.
Private rights of action. This means that after July 1, 2017 individuals can sue another individual
or organization for damages after proving actual harm or loss after receiving an unsolicited and
unwanted CEM. An individual cannot sue an organization if the CRTC has already taken action
against it.
Most of the responsibility for enforcing the Act will be carried out by the Canadian Radio-television and
Telecommunications Commission, or CRTC. The CRTC is given investigative powers under CASL and may
obtain search and seizure orders and ask the courts for injunctions to “cease and desist.” The CRTC will
issue a Notice of Violation with the AMP amount indicated. The organization can then challenge the
Notice about both the violation and the amount of the AMP.
However, the CRTC has indicated that it intends to educate the public about the Act and will seek
opportunities for compliance before imposing substantial penalties.
Due Diligence is a defence to any violations of CASL. Due Diligence is defined as the degree of prudence
and carefulness that a reasonable person would take in similar circumstances. It allows a person to
prove on a balance of probabilities that he or she exercised reasonable care and was not negligent.
It is very important for directors to realize that they could be found to be personally liable for the acts of
their organizations.
13
TIMELINES
There are two very important “beginning and ending” timelines that all registered charities and not-forprofit organizations need to keep in mind.
1.
July 2, 2014: Canada’s Anti-Spam Legislation comes into force and consent to send commercial
electronic messages must be obtained; and
2.
July 1, 2017: the transition period for implied consent to receiving commercial electronic
messages ends.
In between? There are a number of other important timelines to observe. Please see Tips and Tools for
a helpful chart for these timelines.
14
DEFINITIONS
Spam: The government’s website states: “ spam generally refers to the use of electronic messaging
systems to send unsolicited, bulk messages. Spam messages may contain deceptive content, support
illegal activities or can also be used to deliver electronic threats such as spyware and viruses.”
Electronic Message is a message sent by any means of telecommunication, including a text, sound,
voice or image message.
Commercial Electronic Messages (CEMs): A CEM is a message sent by an electronic means, such
as an email, instant message, tweet, voicemail, or text to another electronic address with, as its
purpose or as one of its purposes, to encourage participation in a “commercial activity”.
Commercial Activity: A transaction, act, or conduct that is of a commercial character, whether or
not the person who carries it out does so in the expectation of profit. The Act lists possible
commercial activities as including:
•
•
•
•
offers to purchase, sale, barter or lease goods, a service, land or an interest or right
in land;
offers to provide a business, investment, or gaming opportunity;
advertising or promoting these activities; or
promoting a person as doing or intending to do any of these activities.
In practical terms, commercial activities that might apply to registered charities and not-forprofit organizations could include selling lottery tickets for a dream home, tickets to a gala
dinner, selling sponsorships for a fundraising golf tournament, electronic newsletters that
contain a donation option, and advertising or promotion of these activities.
Consent: Under CASL, CEMs cannot be sent (or caused or permitted to be sent) unless the recipient
expressly or implicitly consents to receiving the message. The Act sets out two types of consent:
express and implied.
15
Express Consent: Express consent means that a recipient has voluntarily agreed to receive a CEM
and this consent is documented. Under CASL a person who seeks express consent to send a CEM
must:
•
•
•
•
state clearly and simply the purpose or purposes for which the consent is being
sought;
provide information that identifies the person seeking consent and, identifies any
third party recipient;
give contact information for (about) the person sending the CEM, such as a mailing
address and a telephone number to an agent or voice mailbox, or an email or web
address of the sender or person on whose behalf the message is sent; and
state that consent can be withdrawn at any time.
Look for samples of express consent forms in Key Provisions. The recipient may give express
consent by checking a box on the form they receive, or by entering their email address in
response to an invitation to do so. You cannot provide the recipient of a CEM with a prechecked box nor can you bundle consent for different products into one express consent box.
Note: it is up to the sender to prove consent.
Implied Consent. There are three categories of implied consent. Consent will be implied if:
•
•
•
there is an existing business relationship between the sender and the recipient;
there is an existing non-business relationship between the sender and the recipient;
or
the recipient has , through “conspicuous disclosure or publication” disclosed their
email address without stating that they do not want to receive a commercial email.
Publication of an email on a business card or a website out fit into this category.
“existing non-business relationship”. This relationship is of particular significance for registered
charities and not-for-profit organizations. An existing non-business relationship exists where:
•
•
the sender is a registered charity and the recipient of the commercial electronic
message has donated or performed volunteer work for the registered charity in the
preceding two years; or
the sender is a nonprofit organization (as defined as in the Income Tax Act) and the
recipient has been a member in the preceding two years. This includes clubs,
associations, or voluntary organizations. The Act has a three-year transition period,
which will begin with the coming into force of CASL on July 1, 2014. During this
three-year transition, there will be implied consent for parties who are already in an
existing non-business relationship. This means that charities and not-for-profit
organizations have until July 1, 2017 to obtain express consent from new donors,
volunteers and members or convert implied consent to express consent.
16
Personal Relationship: CASL states that there is implied consent for the sending of a CEM if there is
a “personal relationship”. The regulations define this as “the relationship, other than in relation to a
commercial activity, between an individual who sends the message and the individual to whom the
message is sent, if they have had an in-person meeting and, within the previous two years, a twoway communication.”
Unsubscribe Mechanism: This is a feature that allows the person receiving the CEM to easily,
quickly and at no cost to them, indicate that they no longer wish to receive any commercial
electronic messages or some class of electronic messages from the sender. See Key Provisions for
examples of wording for the unsubscribe feature.
17
ANTI-SPAM FAQs
1. What is CASL?
CASL is the working name for the Government of Canada’s new anti-spam law. The initials stand for
Canada’s Anti-Spam Legislation. However, the new Act does not only apply to spam. It regulates all
commercial electronic messages (CEMs) that businesses and organizations send out. It also covers
other electronic threats such as the installation of computer programs and the alteration of
transmission data without express consent, and the installation of malware, such as computer
viruses.
2.
Who is in charge of regulating CASL?
CASL is regulated by the Canadian Radio- television and Telecommunications Commission (CRTC),
the Competition Bureau and the Privacy Commissioner of Canada. Primary responsibility for
regulation and enforcement rests with the CRTC.
3. Does CASL apply to registered charities and not-for-profit organizations?
Yes. All of the provisions of CASL apply to not-for-profit organizations. There is an exception for
registered charities but it is very narrow. A commercial electronic message (CEM) sent by a
registered Canadian charity for the “primary purpose of raising funds” is excluded from the
requirements of CASL. All other CEMs sent by registered charities must comply with the Act. Also,
this narrow exception does not apply to Registered Canadian Amateur Athletic Associations
(RCAAAs).
4. What is a commercial electronic message?
A Commercial Electronic Message is any electronic message, such as emails, newsletters or
information bulletins that encourage participation in a commercial activity whether or not there is
an expectation of profit.
5.
What is a commercial activity?
The Act defines a “commercial activity as “any particular transaction, act or conduct that is of a
commercial character whether or not the person who carries it out does so in the expectation of
profit.” Some examples include donation requests and advertising or promoting a charitable
fundraiser or lottery.
18
6.
What are the requirements for CEMs to meet CASL’s provisions?
After the Act comes into force, CEMs can only be sent to recipients who have previously consented
to receive them (with a few exceptions). The CEM must:
•
•
•
•
clearly identify the name and address of the sender, and either a telephone number, or an
email or web address;
include a statement that the recipient may withdraw consent at any time and must include
a mechanism for the recipient to opt out of receiving any further messages. This is called an
unsubscribe mechanism;
contain a readily available unsubscribe mechanism, which the CRTC defines as “a link in an
email that takes the user to a web page where they can unsubscribe from receiving all or
some types of CEMs from the sender”; and
act on the unsubscribe request within 10 business days.
7. When does the Act come into force?
Most of the Act comes into force on July 1, 2014. On January 1, 2015 the sections dealing with the
unsolicited installation of computer programs come into force and on July 1, 2017 it will be possible
for consumers to sue in their own names for violations of the Act.
There will be time for charities and not-for-profits to transition into compliance with the Act with
regard to obtaining consent. There is a 3-year transition period from July 1, 2014 during which time
consent is implied in cases of pre-existing business and non-business relationships. However, the
transition period ceases as soon as a recipient indicates that he/she does not want to receive further
messages.
8.
How does our charity obtain express consent?
Requests for express consent may be oral or in writing. “In writing” includes both paper and
electronic forms of writing. Note however, that after July 1, 2014, an electronic message asking for
express consent will, itself, be a CEM, so that after this date, these can only be sent to people or
organizations with whom you already have an implied consent relationship. Requests for express
consent must set out:
•
•
•
•
The purpose or purposes set out “clearly and simply” for which the consent is sought;
The name of the person asking for consent and the name of the person on behalf of whom
consent is asked, if they are different;
The mailing address and either a telephone number providing access to a voice messaging
system, an email address or a web address of the person asking for consent, and if different,
the person on whose behalf consent is asked; and
a statement indicating that the recipient can withdraw consent at any future time by using
the contact information.
19
Note that the CRTC has published two information bulletins that provide its interpretation of the
requirement to obtain consent. These can be found at:
9. How does an organization prove that it has obtained express consent?
The onus is on the senders of CEMs to prove that they have consent. A CRTC Guidance Bulletin states
that an acceptable means of obtaining consent would be an icon or an empty toggle box that needs to
be actively clicked or checked. The date, time, purpose, and manner of the consent should be stored in a
database. An opt-out mechanism and pre-checked boxes are not sufficient. The CRTC suggests that
following the receipt of express consent, confirmation of the receipt should be sent to the person whose
consent was being sought.
10. How does an organization prove oral consent?
CRTC guidelines state that oral consent can be proven by verification by an independent third party, or
where a complete and unaudited audio recording of the consent is kept by the person seeking consent
or a client of the person seeking consent. Examples of obtaining oral consent could be the use of call
centres or point of sale purchases.
11. What is implied consent?
Consent can be implied if the recipient of the CEM has:
•
•
•
•
•
•
•
conspicuously published their electronic address (e.g. a “contact us” button on a website) and
has not stated that they do not want to receive unsolicited CEMs; and
the message is relevant to their business, duties or functions;
provided contact information to the sender , for example by giving the sender their business
card;
for registered charities, if the recipient has made a donation or performed volunteer work
within the previous two years;
for not-for-profits, if the recipient has been a member of the organization within the previous
two years;
within the previous two years, purchased, leased, bartered a product, goods, services, land or
an interest in land; accepted a business, gaming or investment opportunity offered by the
sender; or entered into a written contract with the sender.
12. What if our registered charity has already obtained consents under the Personal Information
Protection and Electronic Documents Act (PIPEDA? Is that sufficient to meet the requirements of
CASL?
In most cases, the consents obtained from donors, volunteers, subscribers and members under PIPEDA
will not be sufficient to comply with CASL. These consents were often obtained through opt-out
mechanisms, where the recipient agreed to receive information from a registered charity or to share
their information with 3rd parties unless they opted out from doing so. Opt-out mechanisms are not
allowed under CASL.
20
13. Are there any CEMs that are exempt from CASL?
Yes, there are quite a few exceptions. Some examples include CEMs sent to:
•
•
•
•
•
someone with whom the sender has a personal or family relationship;
employees of the same business or organization and the content is about the recipient’s role
within the organization;
between businesses or organizations that have an existing relationship and the content is about
the recipient’s role;
sent in response to a request, inquiry or complaint;
sent by a political party for the primary purpose of soliciting funds;
There are also some CEMs that are partially exempted from CASL. These include CEMs sent to:
•
•
•
•
provide warranty, product recall or safety information about a product, goods or services the
recipient has purchased or used;
provide ongoing information about a subscription, membership, or loan;
provide information directly related to an employment relationship or a related benefit plan
affecting the recipient; and
provide upgrades or updates on products, goods or services the recipient may be entitled to.
These CEMs must still comply with the CASL requirements for identification of the sender and the
provision of an unsubscribe mechanism.
For registered charities, the most important exception is contained in the Regulations (paragraph 3 (g))
to CASL, which states that there is an exception for a CEM “that is sent by or on behalf of a registered
charity as defined in subsection 248 (1) of the Income Tax Act and the message has as its primary
purpose raising funds for the charity. Unfortunately for charities, what exactly is meant by “primary
purpose” and if there is a difference between the Income Tax Act’s definition of” raising funds” and
CASL’S use of the term “fundraising” is not clear at this time.
14. What are the penalties if a registered charity or not-for-profit violates CASL?
The penalties can be quite severe. There can be fines of up to $l million per violation for individuals and
up to $10 million for organizations. Also, board members can be held liable for the actions of an
organization’s employees, and officers and directors of a corporation can be held liable for wrongful acts
done by a corporation. Also, beginning in 2017, recipients of unwanted CEMs will have the ability to
bring a private right of action against the sender, with up to $1 million in damages per individual.
15. How does someone report an unsolicited and unwanted CEM?
Consumers, businesses and other organizations will be able to report CEMs sent without consent or
containing fraudulent or misleading information to the Spam Reporting Centre at fightspam.gc.ca once
CASL comes into force on July 1, 2014.
21
ADDITIONAL RESOURCES
The Government of Canada and a number of Canada’s major law firms have developed excellent
resources to help with understanding and complying with CASL. In addition to the specific
resources listed here, other helpful material can be found on their websites.
Government of Canada
•
fightspam.gc.ca
o Infographic: 4 Tips for Contacting Clients Electronically
o Infographic: 3 Things to Think About When Sending Messages
•
Canadian Radio-television and Telecommunications Commission (CRTC)
o CRTC: Frequently Asked Questions
o CRTC: Compliance and Enforcement Information Bulletins
 2012-548
 2012-549
•
Competition Bureau
•
Office of the Privacy Commissioner of Canada
Non-profit Sector
•
Imagine Canada
o Navigating Canada's New Anti-Spam Laws for Charities and Nonprofit Organizations
(a recorded Webinar)
Law Firms
•
McCarthy Tetrault LLP
o Anti-Spam Toolkit, February 2014
•
Miller Thomson
o Canada’s Anti-spam Law (CASL) is coming into force on July 1, 2014 – Some suggestions
for compliance preparation, Charities and Not-for-Profit Newsletter, December 2013
•
Davis LLP
o Getting Ready for Canada’s Anti-Spam Legislation (CASL), Privacy Law Bulletin March 7,
2013
o Exceptions to Anti-Spam Rules (PowerPoint Slides)
o Third Party Contracts (PowerPoint Slides)
22
APPENDIX A - TIPS and TOOLS
Top Ten Tips
Registered Charity Decision Tree
Not-for-Profit Decision Tree
Sample Tracking Spreadsheet
Timelines Checklist
23
CASL for Charities and Not-for-Profits
Top Ten Tips
List of top 10 things charities and not-for-profits need to do to get ready for Canada's Anti-Spam
1. Obtain a copy of the new Act and the regulations. You can download these documents at:
http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00211.html
2. Appoint a person on your staff or a member of your organization who will be responsible for getting
your organization ready for the implementation of CASL and will take all the necessary steps to be
sure that your organization is in compliance with the new law.
3. Conduct an inventory of all of the forms of electronic communications that your organization
currently uses. It will be very important to have your IT staff or person work on CASL readiness.
4. Begin an analysis of the electronic messages that your organization sends to determine if they are
commercial electronic messages.
5. Arrange to have a meeting of your organization’s staff and/or members and your Board of Directors
so that everyone understands the implications of the new Act and what steps they must take to help
bring your organization into compliance. It will be important to emphasize that any email or electronic
communication sent from your organization by an employee, even a personal message, has the potential
to violate the Act.
6. Arrange for training sessions for current staff on the requirements of the Act and put a plan in place
so that new employees and Directors are educated about the Act.
7. At your next board meeting, inform your Board of Directors that there is the possibility that they could
be personally liable for fines levied for violations of the Act. There is even the very remote possibility for
prison sentences.
8. Under the Act, it is mandatory to obtain express consent. Your organization should develop a form
that follows the specific requirements in the Act for obtaining express consent and begin the process
for obtaining express consent. This is extremely important because after July 1, 2014 you will not be able
to use electronic messages to obtain express consent, because it will be deemed to be a commercial
electronic message!.
9. Under the Act, it is mandatory that your organization develop an unsubscribe mechanism so that
individuals and organizations who do not wish to receive further electronic communications from
your organization can opt out. Review the specific requirements that must be present in your opt out
feature.
10. Develop a system whereby you can track the responses that you receive, including express consents
and opt outs and keep these responses up to date.
www.law-faqs.org/wiki/index.php/Canada_Anti-Spam_CASL
1
© 2014
CASL DECISION TREE for Registered Charities
Is the message a
CEM?
CASL does not
apply
N0
Yes
CASL does not
apply
Yes
Is the primary
purpose of the
CEM to raise
funds for your
charity?
No or
Unsure
Go to next step
Do other
exemptions
apply?
Is the CEM sent because of ...
Is the CEM?
A personal/family relationship
Organization to organization
communications
Inquiries or applications
Communications between
employees, representatives,
etc.
To a foreign jurisdiction (must
comply with foreign laws)
Legal obligations or to enforce a
legal right
A response to a request, inquiry
or complaint
A third party referral (first CEM after referral only)
A quote or estimate in response to a request
Providing a warranty, recall or product safety
information, updates and/or upgrades
Facilitating or confirming a transaction
Providing information about:
- an ongoing subscription, membership, accounts,
purchases, loans
- employment relations or benefits plans for employees
If yes….
CASL does not
apply
Yes
NO
Exemptions do not apply
Yes
Do you have
consent to
send the CEM?
No consent required but
CEM must:
identify the sender
and provide
contact
information
Provide an
unsubscribe
mechanism
Yes
NO
Implied
The recipient has:
an existing business relationship or
an existing non-business relationship in that he/
she has been a donor, volunteer or member in
the preceding 2 years or
“conspicuously published” their electronic
address or provided that address to the sender,
without indicating that they do not wish to
receive unsolicited CEMs and the message is
relevant to the recipients business, role, duties or
functions.
Go ahead
send the message
Do not send
the CEM
Express
Go ahead
send the message
REMEMBER:
Implied consent is only good for 2 years
from the date of the last transaction.
Best practice is to obtain express
consent before 2 years expires
©2014
Centre for Public Legal Education Alberta
This resource is provided for informational purposes only, and is not intended as legal advice.
CASL DECISION TREE for Not-for-Profits
Is the message a
CEM?
CASL does not
apply
Yes
N0
Do exemptions
apply?
Is the CEM sent because of ...
Is the CEM?
·
·
A personal/family relationship
Organization to organization
communications
Inquiries or applications
Communications between
employees, representatives,
etc.
To a foreign jurisdiction (must
comply with foreign laws)
Legal obligations or to enforce a
legal right
A response to a request, inquiry
or complaint
·
·
·
·
·
·
·
·
·
·
A third party referral (first CEM after referral only)
A quote or estimate in response to a request
Providing a warranty, recall or product safety
information, updates and/or upgrades
Facilitating or confirming a transaction
Providing information about:
- an ongoing subscription, membership, accounts,
purchases, loans
- employment relations or benefits plans for employees
If yes….
CASL does not
apply
Yes
NO
Exemptions do not apply
No consent required but
CEM must:
v
Yes
Do you have
consent to
send the CEM?
Yes
v
NO
Do not send
the CEM
Implied
The recipient has:
v an existing business relationship or
v an existing non-business relationship in that he/
she has been a donor, volunteer or member in
the preceding 2 years or
v “conspicuously published” their electronic
address or provided that address to the sender,
without indicating that they do not wish to
receive unsolicited CEMs and the message is
relevant to the recipients business, role, duties or
functions.
Go ahead
send the message
identify the sender
and provide
contact
information
Provide an
unsubscribe
mechanism
Express
Go ahead
send the message
REMEMBER:
Implied consent is only good for 2 years
from the date of the last transaction.
Best practice is to obtain express
consent before 2 years expires
©2014
Centre for Public Legal Education Alberta
This resource is provided for informational purposes only, and is not intended as legal advice.
ABC Society
This spreadsheet is provided as an example only. Your organization may want to create a separate spreadsheet for each type of commercial electronic messaging it sends.
Recipient
Last Name
Email address
Exemption
Yes/No
Express
Consent
[email protected]
[email protected]
No
No
Yes
Date Express Consent received
Form of
consent
First Name
Example
Public
Doe
Implied
Consent
Yes
John Q.
Jane Ann
Date consent
received
01/04/2014
©2014 Centre for Public Legal Education Alberta
Form of
consent
Phone
Date of Renewal for
Implied Consent
1-Apr-16
Upgraded to
Express
Consent
No
4/17/2014
Unsubscribe
Request
Email
Date of Request
Unsubscribe
Request
Completed
Important Timelines for CASL
There are a number of significant dates and times to keep in mind when dealing with the
requirements of CASL. Shaun Brown, a lawyer with NNovation LLP in Ottawa, Ontario
has created an excellent resource to help. As he states: “Understanding the various timelines
under CASL is somewhat complicated as CASL contains a transitional provision that extends
the time period for obtaining express consent under certain circumstances.
Fortunately, we have come up with a convenient tool that makes it easy to understand the
various deadlines under CASL. Use this CASL Database Checklist as a guide to assessing
existing databases and determining what subscribers, if any, will require reconfirmation before
or after CASL comes into force on July 1, 2014.”
Mr. Brown has kindly given us permission to reproduce his Checklist. “Reconfirmation” refers
to a request for express consent from existing subscribers. He can be reached at
[email protected] or (613) 656.1297.
C A N A D A 'S A N T I- S P A M L E GI S L A T IO N - D A T A BA S E C HE C KL I S T
Use this Checklist as a guide to assessing existing databases for compliance with Canada's Anti-Spam Legislation (CASL).
This will assist in determining what subscribers, if any, will require reconfirmation 2 before or after CASL comes into force
on July 1, 2014. This document is provided for informational purposes only, and is not intended as legal advice.
Status of Subscriber
Deadline for Reconfirmation
1.
Reconfirmation not
necessary

(i) the recipient has made a purchase, accepted a business opportunity, or
bartered for something from the sender any time in the past;
July 1, 2017

(ii) the recipient has been party to a written contract with the sender any time
in the past; or
July 1, 2017

(iii) the recipient made an inquiry or application in respect of anything referred
to in (i) any time in the past.
July 1, 2017

Before expiry of 24 month
time period

Express consent
Express consent exists if a subscriber has indicated that they would like to receive
Commercial Electronic Messages (CEMs) in response to a request made
accordance with CASL and related regulations, bearing in mind the following
considerations:
•
•
2.
The Canadian Radio-television and Telecommunications Commission
(CRTC) and Industry Canada have indicated that they consider express
consent obtained in accordance with the Personal Information Protection and
Electronic Documents Act (PIPEDA) before CASL comes into force to be
compliant with CASL.
CASL states that any person claiming to have consent bears the burden of
proving it. Thus, even if you have consent, consider whether you would have
the ability to prove the existence of consent in response to an enforcement
action.
Implied Consent
(a) Existing business relationship that arises before CASL comes into force1
(b) Existing business relationship that arises after CASL comes into force
(i) the recipient has made a purchase, accepted a business opportunity, or
bartered for something from the sender in the past 24 months;
DATABASE CHECKLIST (cont'd)
Status of Subscriber
Deadline for Reconfirmation
(ii) the recipient has been party to a written contract with the sender in the past
24 months; or
Before expiry of 24 month
time period

(iii) the recipient made an inquiry or application in respect of anything referred
to in (i) in the past 6 months.
Before expiry of 6 month
time period

(i) the recipient has made a gift or donation to, has volunteered for, or has
attended a meeting organized by the sender any time in the past, and the
sender is a registered charity, political party or organization, or a political
candidate for publicly elected office3; or
July 1, 2017

(ii) the recipient has had a membership4 any time in the past in the sender
organization, where the sender is a club, association or voluntary
organization.5
July 1, 2017

(i) the recipient has made a gift or donation to, has volunteered for, or has
attended a meeting organized by the sender in the past 24 months, and the
sender is a registered charity, political party or organization, or a political
candidate for publicly elected office; or
Before expiry of 24 month
time period

(ii) the recipient has had a membership in the past 24 months in the sender
organization, where the sender is a club, association or voluntary
organization.
Before expiry of 24 month
time period

(e) The recipient has conspicuously published their electronic address, which is
not accompanied by a statement that the recipient does not wish to receive
unsolicited messages, and the message is related to the professional or
official capacity of the recipient.
Reconfirmation not
necessary

(f) The recipient has disclosed their address to the sender without indicating a
wish not to receive unsolicited messages, and the message is related to the
professional or official capacity of the recipient.
Reconfirmation not
necessary

No consent
Before July 1, 2014.
Reconfirmation may not be
necessary if you are only
sending messages that are
excluded from CASL.

(c) Existing non-business relationship that arises before CASL comes into
force2
(d) Existing non-business relationship that arises after CASL comes into force
3.
1
This is based on the transitional provision in s. 66 of CASL, which establishes that an existing business relationship or existing nonbusiness relationship that arises before CASL comes into force, without regard to the time periods that normally apply under those
relationships, is deemed to exist for a period of three years after CASL comes into force (unless the recipient unsubscribes). Note that for
the transitional provision to apply, a sender must have sent at least one CEM to the recipient based on this relationship before CASL comes
into force.
2
See note 1.
As defined in federal or provincial legislation.
4
"Membership" is defined in subsection 7(1) of the Electronic Commerce Protection Regulations (Industry Canada).
5
"Club, association or voluntary organization" is defined in subsection 7(2) of the Electronic Commerce Protection Regulations (Industry
Canada)
3
© nNovation LLP  Barristers & Solicitors
World Exchange Plaza  45 O'Connor Street, Suite 1150 Ottawa, ON K1P 1A4
p. 613.225.2906  f. 888.314.5997
Canada Anti-Spam Legislation (CASL)
Information and Resources for Not-for-Profits and Registered Charities
CPLEA
The Centre for Public Legal Education Alberta is a non-profit organization
whose purpose is to provide Albertans with reliable information about their
rights and responsibilities under the law.
#800, 10050 – 112 Street
Edmonton, AB T5K 2J1
Ph: 780.451.8724
Fax: 780.451.2341
Email: [email protected]
www.cplea.ca
May 2014
24

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz