1. No category

Canada`s Anti-Spam Legislation: What It Means to Hit Send

Canada’s Anti-Spam
Legislation:
What It Means to Hit Send
Tuesday, April 1, 2014
INDEX
Canada’s Anti-Spam Legislation: What It Means to Hit Send
Tuesday, April 1, 2014
TAB
Presentation Slides ..................................................................................................... 1
Speaker Profile .......................................................................................................... ..2
Kristi Lalach
Alice Tseng
Wendy Mee
Skye Friessen
Bulletin ................................................................................................................... ......3
The Waiting Game is Over: Canada’s Anti-Spam Legislation Will Change the
E-Communication Landscape.
Co-authors: Tricia Kuhl, Kaitlin Macdonald, Wendy Mee and Alice Tseng
Tab 1
Canada’s Anti-Spam Legislation:
What It Means to Hit Send
Presented by:
Kristi Lalach (FGL Sports and Mark’s Work
Wearhouse) and
Alice Tseng, Wendy Mee and Skye Friessen
(Blake, Cassels & Graydon LLP)
April 1, 2014
Overview
• Key Dates
• Overview of the Law
• Liability and Penalties
• Compliance Strategies
• Pop Quiz
Overview of the Law
• Key prohibitions
–
sending unsolicited commercial electronic messages (CEMs) to
an electronic address
–
altering transmission data without express consent
–
installing computer programs without express consent
–
making false and misleading representations in e-message
–
collecting e-addresses using computer programs without
consent
–
collecting personal information through unauthorized access to
a computer system
A. CEM Prohibition
• What is prohibited?
– sending a commercial electronic message to an electronic
address, unless:
Consent (express or implied) has been obtained and
Form and content requirements are met
A. CEM Prohibition (cont’d)
• What is a CEM?
– message sent by any means of telecommunication (e.g., text,
sound, voice or image) that has as its purpose, or one of its
purposes, to encourage participation in a commercial activity
– CEMs include electronic messages that request consent to
send a CEM
A. CEM Prohibition (cont’d)
• What qualifies as an “electronic address”?
– an email account
@
– an instant messaging account
– a telephone account
– any similar account
• social media?
…
B. Consent Requirements
• How is express consent obtained?
– requires active “opt-in”
– may be obtained orally or in writing
– request for express consent must set out clearly and simply:
• purpose(s) for which consent is being sought
• specific information about the person seeking consent and, if
applicable, the person on whose behalf consent is being
sought
• statement that the person can withdraw their consent
B. Consent Requirements (cont’d)
Example used in Compliance and Enforcement Information Bulletin
CRTC 2012-549
B. Consent Requirements (cont’d)
• Consent must be “sought separately” for each of the
following acts:
– sending CEMs
– alteration of transmission data
– installation of a computer program
B. Consent Requirements (cont’d)
Example used in Compliance and Enforcement Information Bulletin
CRTC 2012-548
B. Consent Requirements (cont’d)
• When is consent implied?
–
–
–
–
existing business relationships
existing non-business relationships
conspicuous publications
voluntary disclosures
C. Form and Content Requirements
• What information must be provided in a CEM?
– specific information that identifies the sender or person on
whose behalf the CEM is sent
– statement indicating which person is sending the CEM and
which person on whose behalf the message is being sent, if
applicable
– information enabling the recipient to contact the sender of the
CEM, valid for 60 days
– a functional unsubscribe mechanism that meets prescribed
requirements
C. Form and Content Requirements
(cont’d)
Example used in Compliance and Enforcement Information Bulletin
CRTC 2012-548
D. Full Exemption from CASL
• What types of messages are generally exempt from the
application of the law?
– personal and family relationships
– inquiries sent to a person engaged in a commercial activity in
relation to such activity
– intra-business messages as long as certain conditions are met
– inter-business messages as long as certain conditions are met
– responses to individual requests, inquiries or complaints
– messages sent to satisfy certain legal obligations
D. Full Exemption from CASL
(cont’d)
– messages sent and received on an electronic messaging service
as long as certain requirements are met
– messages sent to a limited-access secure and confidential account
where messages can only be sent by the person who provides the
account
– messages that the sender reasonably believes will be accessed in
a listed foreign state and that comply with the foreign law that
addresses substantially similar conduct
– messages sent by a registered charity for primary purpose of
fundraising
– messages sent by a political party, organization or candidate for the
primary purpose of soliciting a contribution
E. Exemption from Consent
• Certain messages are exempt from the requirement of
obtaining consent (must still comply with form and content
requirements) if they solely:
provide a requested quote or estimate
facilitate or confirm a previously agreed-upon commercial
transaction
provide warranty/safety information
provide factual information about an ongoing
subscription/membership etc…
provide information related to an employment relationship etc…
deliver a product, good or service under a prior transaction
E. Exemption from Consent (cont’d)
• First messages sent through a third-party “referral” are
exempt if certain conditions are met
F. Transitional Provision
• Three-year transitional provision if:
existing business relationship or existing non-business relationship
exists (without regard to the time limits that normally apply)
relationship includes the communication of CEMs
Liability and Penalties
Violation
Sending unsolicited CEMs
(or aiding and abetting)
Penalty
Private Right of Action
Maximum per breach:
Maximum:
C $1-million for individuals
C $200 per breach, not to
exceed C $1-million per day
C $10-million for
corporations
Liability and Penalties (cont’d)
• Note:
– an officer, director or other mandatory of a corporation can be
held liable for a violation if they directed, authorized, assented to,
acquiesced in or participated in the commission of the violation
– a person can be held liable for a violation by their
employee/agent acting within the scope of their
employment/authority
• Due diligence is a defence
Compliance Strategies
• Self audit
• Review consents
• Review form
• Technical impact assessment
• Training
Self Audit
Goal: Understand your risk early so you can create an
action plan:
• Inventory of CEMS
–
–
•
Include social media, mobile applications etc.
Third party CEM including service providers and co-branded
Consider the trigger requirements and whether
exceptions apply
Review Consents
•
•
•
•
Express consent or implied?
Storage requirements met?
Tracking mechanism to ensure refresh as required to
meet 3 year existing business relationship deadline
Need to obtain express prior to July 1, 2014
Review Form
• Do current CEMs meet form requirements?
– Is the information required prominent enough?
– Is the sender identified (careful with subsidiary /
banner relationships)
– Develop precedents
– Be specific on subject lines
Technical Impact Assessment
• Do unsubscribe mechanisms meet CASL? Is a
technology upgrade required?
• Is there a process in development to send CEMs and
apply a CEM footer?
• Is there IT infrastructure in place to store consents?
Training
• Inform executives about CASL requirements, deadlines
and potential fines for non-compliance
• Create a formal training program for other employees
who send out CEMs or have oversight to storage
• Consider a CASL compliance policy or amendment to
existing policy
Pop Quiz
10
1. Historically, your organization has used an opt-out form
of consent to send marketing communications. Will these
consents continue to be valid once CASL comes into force?
ee
th
r
op
t
Ye
s,
th
e
0%
0%
ye
a.
..
ou
tc
on
se
nt
No
co
ns
,o
...
nl
yo
pt
in
ex
pr
es
sc
...
0%
,d
ur
in
g
c.
Yes, during the three-year transitional period.
Yes, opt-out consent constitutes express consent, so it
continues to be valid once CASL comes into force.
No, only opt-in express consents continue to be valid
once CASL comes into force. Plus, the organization can
continue sending CEMs as long as consent can be
implied (e.g., an EBR exists, business card exception
applies, etc.).
Ye
s
a.
b.
Pop Quiz (cont’d)
10
2. A customer purchases a product from your online store.
During the checkout process, the customer provides his or
her email address for the purpose of obtaining an ereceipt. Can you add this customer to your marketing list?
c.
...
pr
nl
y
cu
st
o
m
st
om
er
No
,t
he
cu
,t
he
0%
er
o
.. .
ica
lly
ch
n
te
is
Ye
s
(b
)
0%
bo
ug
h.
..
0%
er
b.
Answer (b) is technically correct, but from a customer
relations perspective, a customer that did not agree to
receive marketing emails when purchasing a product online
may be annoyed to receive marketing emails (as opposed to
receiving a request to receive marketing emails).
Yes, the customer bought something so you have an EBR
with them and, under CASL, you have implied consent to
send them marketing emails.
No, the customer only provided their email address for the
purpose of obtaining an e-receipt, and not for the purpose of
receiving marketing emails.
An
sw
a.
Pop Quiz (cont’d)
10
3. A customer bought a sweater from you 10 years ago. Do
you have implied consent to send a CEM to that customer
during the transitional period?
0%
,b
ut
d
on
l
yi
gh
im
fy
ou
ha
pl
ie
d
co
. ..
se
..
0%
Ye
s
alt
ho
u
d
co
ns
en
tb
as
e.
..
Ye
s,
c.
0%
m
pl
ie
b.
No, implied consent based on an EBR is only available if the
purchase occurred in the last two years.
Yes, although implied consent based on an EBR is generally only
available if the purchase occurred in the last two years, during the
transitional period, the two year time period does not apply.
Yes, but only if you had sent electronic communications to the
customer before CASL comes into force. Although the implied
consent based on an EBR is generally only available if the
purchase occurred in the last two years, for the purposes of the
transitional period, the two year time period does not apply.
No
,i
a.
Pop Quiz (cont’d)
10
4. You are an investment advisor and would like to send a
CEM to John, who was referred to you by Mary. Can you?
c.
0%
d.
..
in
clu
an
sM
sy
ou
ar
y
ar
y
sM
on
,a
sl
Ye
s
Ye
s,
as
l
on
ga
ga
ga
on
0%
d.
..
fir
st
...
0%
Ye
s
b.
Yes, as long as Mary first asked John whether he consents
to her providing his information to you.
Yes, as long as Mary and you have a prescribed relationship
(i.e. , EBR, ENBR, personal relationship, family relationship)
and Mary and John have a prescribed relationship and you
only send one CEM to John, and that CEM states that you
were referred by Mary and otherwise complies with CASL’s
form and content requirements.
Yes, as long as you include an unsubscribe mechanism in
your CEM, since you were referred to John by someone.
,a
sl
a.
Pop Quiz (cont’d)
10
5. A customer bought a camera from your store and optedout of receiving CEMs. The customer subsequently bought
a camera bag from you. Can you send a CEM to this
customer based on implied consent?
0%
..
se
nd
s in
ce
aC
.
ou
t.
ou
ca
n
ye
ar
s,
Le
ga
lly
,y
2
op
t
ed
Ye
sf
or
he
0%
ea
c. .
.
0%
es
c.
No, since she opted-out of receiving CEMs.
Yes for 2 years, since each time a customer buys a product
from you, you have a new EBR and you can rely on that for
implied consent to send a CEM even if the customer had
previously opted out of receiving CEMs.
Legally, you can send a CEM to the customer since each
time a customer buys a product, an EBR is created.
However, from a customer relations perspective it may be
preferable not to send CEMs to customers who previously
opted-out of receiving CEMs.
No
,s
in
c
a.
b.
Pop Quiz (cont’d)
10
6. A U.S. company wants to send a CEM to a recipient in
Canada. Does CASL apply?
0%
o.
..
0%
nl
y
Lo
No
,C
AS
ss
um
in
ap
gt
he
U.
S.
pl
ie
st
...
ne
v.
.
sw
he
lie
No
,a
c.
0%
CA
SL
ap
p
b.
Yes, CASL applies whenever the computer system used to
send or receive the CEM is located in Canada.
No, assuming the U.S. company is sending the CEM to the
recipient in Canada in compliance with the U.S. CAN-SPAM
Act.
No, CASL only applies to Canadian businesses.
Ye
s,
a.
Pop Quiz (cont’d)
10
7. Your website offers visitors the option of sending links to
content on your website to third parties. The message will come
from the visitor and you will not collect any email addresses or
send the message. Are you at risk?
0%
0%
CA
..
ye
s,
lly
nt
ia
Po
te
Ye
s
,b
ec
au
se
se
yo
u
th
e
ha
ve
sin
ce
p.
..
m
es
sa
ge
..
0%
ec
au
No, because the message is sent by the visitor.
Yes, because you have permitted the message to be sent.
Potentially yes, since CASL prohibits aiding in a violation of
CASL. The risks could be mitigated by asking visitors to only
send messages to recipients with whom they have a
personal or family relationship, since such messages are
exempt from CASL.
No
,b
a.
b.
c.
Pop Quiz (cont’d) 10
8. A Canadian company wants to send CEMs to recipients
in the US and Mexico. U.S. is listed in the Schedule, but
Mexico is not. Does CASL apply?
c.
st
pp
lie
yt
o
No
,C
AS
no
oe
s
Ld
CA
S
Lo
ta
nl
ya
pp
l
Ca
n
th
e
in
g
0%
...
0%
...
ad
...
0%
ss
um
b.
No, assuming the Canadian company is sending the
CEM to the recipients in the U.S. and Mexico in
compliance with the foreign countries’ laws governing
substantially similar conduct.
CASL does not apply to the CEM being sent to the US
resident if the CEM is being sent in compliance with the
U.S. CAN-SPAM Act but CASL does apply to the CEM
being to the resident in Mexico.
No, CASL only applies to Canadian recipients.
No
,a
a.
Contact Us
Alice Tseng
[email protected] 416-863-3067
Wendy Mee
[email protected] 416-863-3161
Skye Friesen
[email protected] 403-260-9691
Tab 2
Speaker Profiles
Kristi Lalach, Vice-President, leads both the legal and compliance
teams at FGL Sports Ltd. and Mark’s Work Wearhouse, Ltd., both
wholly owned subsidiaries of Canadian Tire Corporation, Limited.
During her nine year tenure Kristi has played a key role in
numerous projects critical to the growth of both companies and
sits on both executive leadership teams advising on both risk
mitigation and legislative compliance.
Kristi Lalach
Vice-President
FGL Sports Ltd. & Mark’s
Work Wearhouse Ltd.
Dir: 403-717-1453
[email protected]
Kristi’s practice includes general corporate and commercial
transactions, enterprise wide employment strategies, competition
compliance and privacy. She also provides counsel on marketing
initiatives, intellectual property, risk management as well as
product stewardship and legislative compliance.
Alice is a Partner and the National Leader of the Regulatory and
Marketing Group at Blakes. She has extensive experience
advising clients, especially those in the pharmaceutical, medical
device and food industries, on advertising and marketing, privacy
(including personal health information), CASL, access to
information, product safety and regulatory (including
reimbursement, and health care compliance) matters.
Alice Tseng
Partner
Toronto
Dir: 416-863-3067
[email protected]
Wendy Mee
Wendy is a Blakes Associate focusing primarily on privacy and
data protection issues. She provides privacy advice in connection
with corporate transactions, outsourcing arrangements, trans
border data flows, cloud computing and online and offline
marketing and advertising activities. Wendy also assists clients
with the preparation of privacy policies and consents, including in
respect of websites and mobile applications. She also helps
clients understand and comply with Canada’s Anti-Spam
Legislation.
Associate
Toronto
Dir: 416-863-3161
[email protected]
Skye Friesen
Associate
Calgary
Dir: 403-260-9691
[email protected]
Skye is a Blakes Associate focusing primarily on employment and
privacy law issues. She assists clients with the development and
implementation of privacy policies and consents, and advises on
privacy law compliance in a variety of areas, including corporate
transactions, employment, the processing and storage of
personal information outside of Canada and requests for access.
Skye also assists clients in understanding and implementing
compliance measures in respect of Canada’s Anti-Spam
Legislation.
Tab 3
THE WAITING GAME IS OVER: CANADA'S ANTI-SPAM LEGISLATION WILL
CHANGE THE E-COMMUNICATION LANDSCAPE
12/10/2013
Anti-Spam Legislation
Tricia Kuhl, Kaitlin Macdonald, Wendy Mee and Alice Tseng
On December 4, 2013, the Government of Canada announced that most of Canada's Anti-Spam
Legislation (CASL), including the provisions applicable to commercial electronic messages (CEMs), will
come into force on July 1, 2014. Many had expected that the government would provide a longer grace
period for businesses to develop compliance programs to comply with CASL once the Industry Canada
Regulations were finalized. Instead, the government has balanced this shorter coming into force period
with a delay as to when the private right of action provisions come into force (discussed at the end of this
bulletin).
Considered one of the most stringent anti-spam regimes in the world given its breadth, scope and
penalties, CASL will have a significant impact on the electronic communication practices of businesses
operating in the Canadian marketplace. This bulletin focuses on what businesses need to know to
comply with CASL's anti-spam provisions. CASL also contains provisions related to the unsolicited
installation of computer programs or software but those provisions do not come into force until January
15, 2015, and are not addressed in this bulletin.
BACKGROUND
CASL was enacted in December 2010, but significant concerns raised by Canadian stakeholders
regarding the potential impact of the legislation resulted in multiple rounds of public consultation and
lengthy delays. The Canadian Radio-television and Telecommunications Commission's Electronic
Commerce Protection Regulations (CRTC) (CRTC Regulations) were finalized in March 2012. Final
Industry Canada Electronic Commerce Protection Regulations (IC Regulations) were announced on
December 4, 2013, along with CASL's coming into force dates, but will not be officially published in the
Canada Gazette until December 18.
ANTI-SPAM PROHIBITION
Subject to limited exceptions, CASL prohibits the sending of a CEM to an electronic address unless:
(1) the person to whom the message is sent has consented to receiving it; and (2) the message
complies with prescribed form and content requirements. An electronic message that is sent for the
purposes of obtaining consent to send CEMs is itself considered a CEM, which may not be sent without
consent (subject to the exceptions discussed below). This is a significant distinction from the CAN-SPAM
Act in the U.S.
A CEM is defined broadly as an electronic message (e.g., email, text message, social media message)
that has as its purpose, or one of its purposes, to encourage participation in a commercial activity.
Commercial activity includes any transaction, act or conduct or any regular course of conduct that is of a
commercial character, whether or not the person who carries it out does so in the expectation of profit.
THE CONSENT REQUIREMENT
In general, consent to receive a CEM must be express. However, CASL also permits implied consent in
certain limited circumstances, which are discussed in more detail below.
Guidance documents published by the CRTC have made it clear that "a positive or explicit indication of
consent is required" to comply with the express consent requirements of CASL. This impacts a common
industry practice of using an opt-out or negative option method of obtaining consent for marketing, such
as a pre-checked consent box that a consumer has to un-check to signify they do not want to receive
marketing messages. Instead, a consumer must take an active step (e.g., checking a box) to indicate his
or her consent. The guidelines also state that requests for consent cannot be "subsumed in or bundled
with requests for consent to the general terms and conditions of use or sale" but rather must be clearly
and separately identified.
To be valid, a request for express consent under CASL must set out "clearly and simply":
• The purpose for which consent is being sought
• The name (or if different, business name) of the person seeking consent
• If the consent is sought on behalf of another person, the name (or if different, business name) of
the person on whose behalf consent is sought and a statement indicating which person is seeking
consent and which person on whose behalf consent is sought
• The mailing address, and one of a telephone number providing access to an agent or voice
messaging system, an email address or a web address of the person seeking consent or, if
different, the person on whose behalf consent is sought
• A statement that the person can withdraw their consent.
Although CASL generally requires express consent, consent will be implied in the following
circumstances:
• Where the recipient and the sender have an "existing business relationship" or an "existing nonbusiness relationship."
An existing business relationship exists where the sender and recipient have engaged in
certain specified types of business together in the two years preceding the date on which
the CEM is sent (for example, a purchase or lease of a product, or entering into or
continuing a written contract) or where the recipient of the CEM has made an inquiry to the
sender in the previous six months.
An existing non-business relationship exists where an individual has made a donation or gift
in the last two years, or performed volunteer work in the last two years, to or for a registered
charity or political party, organization or candidate or where the individual is a member of
certain clubs, associations or voluntary organizations.
• Where a recipient has "conspicuously published" his or her electronic address, the publication is
not accompanied by a statement that the recipient does not wish to receive unsolicited CEMs, and
the CEM is relevant to the person's business, role, functions or duties in a business or official
capacity.
• Where a recipient has disclosed his or her electronic address to the sender without indicating that
the recipient does not wish to receive unsolicited CEMs and the CEM is relevant to the person's
business, role, functions or duties in a business or official capacity. This is sometimes dubbed the
"business card" exemption.
EXEMPTIONS
CASL exempts the following types of CEMs from its anti-spam prohibition altogether:
• CEMs sent by an individual to an individual recipient with whom the sender has a personal or
family relationship ("personal relationship" and "family relationship" are specifically defined in the
IC Regulations).
• CEMs sent to a person engaged in a commercial activity and consist solely of an inquiry or
application related to that activity.
The IC Regulations also add the following exemptions from the anti-spam prohibition:
• CEMs sent by an employee, representative, consultant or franchisee of an organization to another
employee, representative, consultant or franchisee of the same organization (i.e., intra-business)
which concern the activities of the organization.
• CEMs sent by an employee, representative, consultant or franchisee of an organization to an
employee, representative, consultant or franchisee of another organization (i.e., inter-business),
as long as the organizations have a relationship and the message concerns the activities of the
organization to which the message is sent.
This exemption is intended to address concerns regarding the potential application of CASL
to ordinary business-to-business communications, and has been slightly broadened from
the last draft of the IC Regulations. In particular, the requirement in the last draft for a
"business relationship" between the two organizations is now only a requirement for a
"relationship".
• CEMs sent in response to an individual's request, inquiry or complaint or where the CEM was
otherwise solicited by the person to whom the CEM is sent.
• CEMs sent to satisfy a legal obligation or to enforce or provide notice of existing or pending legal
rights or actions.
• CEMs sent and received on an electronic messaging service, such as one provided through a
social media platform, if the information and unsubscribe mechanism that are required under
CASL are conspicuously published and readily available on the user interface through which the
message is accessed, and the person to whom the message is sent consents to receive it either
expressly or by implication.
• CEMs sent to a limited-access secure and confidential account, such as a message centre in an
online banking account, to which messages can only be sent by the person who provides the
account to the person who receives the message.
• CEMs sent by a person who reasonably believes the message will be accessed in a foreign state
that is listed in the schedule to the IC Regulations and the message conforms to the law of the
foreign state that addresses conduct that is substantially similar to conduct prohibited under
CASL's anti-spam prohibition.
• CEMs sent by or on behalf of a registered charity as defined in the Income Tax Act and the
message has as its primary purpose raising funds for the charity.
• CEMs sent by or on behalf of a political party or organization, or a person who is a candidate for
publicly elected office, and the message has as its primary purpose soliciting a contribution as
defined in the Canada Elections Act.
CASL also exempts the following CEMs from the consent requirement (though these CEMs must still
comply with CASL's form and content requirements), if the CEM solely:
• Provides a quote or estimate for the supply of a product, good or service, if the quote or estimate
was requested by the recipient
• Facilitates, completes or confirms a commercial transaction between the parties where the
recipient previously agreed to enter into such a transaction
• Provides warranty, product recall, safety or security information about a product, good or service
that the recipient uses, has used or has purchased
• Provides notification of factual information about the ongoing use or purchase by the recipient of a
product, good or service offered under a subscription, membership, account, loan or similar
relationship
• Provides notification of factual information about an ongoing subscription, membership, account or
loan
• Provides information directly related to an employment relationship or benefit plan in which the
recipient is currently involved, participating or enrolled, or
• Delivers a product, good or service, including updates or upgrades further to a transaction that has
been previously entered into.
The IC Regulations also set out an additional exemption that applies only to the first CEM sent to an
individual following a referral, provided the referral is from an individual who has an existing business,
non-business, personal or family relationship with both the recipient and the sender. The CEM must
disclose the full name of the referring party and state that the CEM is sent as a result of the referral.
CONDITIONS FOR USE OF CONSENT OBTAINED ON BEHALF OF A PERSON WHOSE IDENTITY WAS
UNKNOWN
CASL provides that a person may, on behalf of an unknown third party, obtain the express consent of
another person to receive CEMs from the third party, as long as certain conditions set out in CASL and
the IC Regulations are met. The IC Regulations set out somewhat burdensome conditions for the use of
this type of consent by third parties.
FORM AND CONTENT REQUIREMENTS
In addition to the consent requirement, CASL sets out specific form and content requirements for CEMs.
In particular, each CEM must identify the sender, provide prescribed contact information for the sender,
and set out an "unsubscribe" mechanism. The prescribed contact information includes:
• The name of the person sending the message
• If the message is being sent on behalf of another person, the name of the person on whose behalf
the message is being sent
• A statement indicating which person is sending the message and which person on whose behalf
the message is being sent
• The mailing address and one of a telephone number providing access to an agent or voice
message system, or an email address, or a web address of the person sending the message or
the person on whose behalf the message is sent.
The unsubscribe mechanism that must be included in each CEM must enable the recipient to indicate, at
no cost to them, that they no longer wish to receive CEMs from the sender. The unsubscribe mechanism
must be valid for at least 60 days after the CEM is sent, and effect must be given to the unsubscribe
mechanism without delay, and without limitation in no more than 10 business days.
AIDING AND ABETTING CLAUSE
Under CASL, it is an offence "to aid, induce, procure or cause to be procured the doing of any act
contrary to" certain sections, including the provisions relating to sending CEMs. Accordingly, refer-afriend promotions must be carefully structured to take into account requirements under CASL.
PENALTIES
The potential penalties for non-compliance under CASL are significant and include administrative
monetary penalties of up to C$1-million for individuals and C$10-million for corporations.
CASL also creates a private right of action for persons who have been affected by a contravention of any
number of CASL's provisions, including the anti-spam provisions. The provisions of the statute providing
for a private right of action will not come into effect until July 1, 2017. This three-year delay is welcome
news for industry, which has been very concerned about class action lawsuits being instituted while both
industry and the regulators are trying to navigate the new regime. Despite the private right of action not
coming into force for another three years, industry should be aware that risks of claims nonetheless exist
and should strive to achieve compliance with the statute.
COMPLIANCE
Given the shorter-than-expected grace period, organizations will need to act swiftly to build and
implement compliance programs that meet the strict standards of CASL. In order to get onside with the
law, organizations should:
• Identify their current practices for sending electronic messages and assess which ones will be
covered by CASL.
• Seek express consents in accordance with CASL's requirements. Since requests for consent will
constitute CEMs after the law comes into force, requests for consent should be sent out before
July 1, 2014.
• Track and document implied consents and ensure there are systems in place to identify when an
implied consent expires. Consider requesting express consent, which is not time limited and
remains valid until consent is withdrawn.
• Render fully operational unsubscribe mechanisms that meet the requirements of the legislation.
• Develop and implement policies and procedures for compliance with CASL.
• Train employees on applicable CASL policies and procedures.
• Review contracts with vendors and service providers that send CEMs on behalf of the
organization to ensure they are contractually obligated to comply with CASL.
For more information, please contact:
Montréal
Toronto
Calgary
Marie-Hélène Constantin
Tricia Kuhl
Catherine Beagan Flood
Dara Lambie
Wendy Mee
Alice Tseng
Laura Weinrib
Brian Thiessen
514-982-4031
514-982-5020
416-863-2269
416-863-2541
416-863-3161
416-863-3067
416-863-2765
403-260-9616
Vancouver
Dana Siddle
604-631-3331
or any member of our Marketing & Health Regulatory, Privacy or Technology groups.
For more on Canada's Anti-Spam Legislation resources, please visit our microsite.
Blakes periodically provides materials on our services and developments in the law to interested
persons. If you do not wish to receive further Blakes Bulletins, please click here. For additional
information on our privacy practices, please contact us at [email protected]. Blakes Bulletin is
intended for informational purposes only and does not constitute legal advice or an opinion on any issue.
We would be pleased to provide additional details or advice about specific situations if desired.
For permission to reprint articles, please contact Blakes Client Relations & Marketing Department at
416-863-3173 or [email protected]. ©2014 Blake, Cassels & Graydon LLP

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz