Navigating Canada’s New Anti-Spam Laws (CASL) – Part 1

It might not seem obvious as you review the bucket-loads of spam that arrive in your email inbox every day, but sending unsolicited email is largely an illegal activity in most countries. Canadian businesses conducting ethical email campaigns that have included customers in the United States have long been familiar with that country’s CAN-SPAM legislation. Until recently, however, we actually had nothing similar in Canada, making us the only G8 country where unsolicited email was not regulated.

That’s all about to change with the imminent introduction of Canada’s Anti-Spam Legislation (CASL). In this post and a subsequent one, I will show you how to conduct ethical and effective email marketing campaigns that comply with these new regulations.

What is CASL?
Originally passed by Parliament fully three years ago, much of the law will come into force on July 1, 2014. On January 15, 2015, additional sections covering the unsolicited installation of computer programs or software will come into force. The full name of the legislation is an unwieldy, 52-word mouthful so calling it Canada’s Anti-Spam Legislation, or CASL for short, is rather helpful.

Less helpful is the general air of confusion and uncertainty that has dogged the legislation in the three-and-a-half years between its passage by Parliament and its becoming law. Much of that time was spent thrashing out amendments as various business and consumer groups pointed out ways in which the law, as it was originally stated, would have prevented ordinary business practices that were both ethical in nature and well-accepted by consumers.

Now that we know exactly what the law requires, and when, businesses can confidently start preparing for it.

What does CASL entail?
CASL is fairly broad in its application, covering virtually all Canadian businesses and regulating all sorts of activities. Under CASL, it will be illegal to:

• Send commercial electronic messages without the recipient’s permission. This includes emails, some text messages sent to cell phones and may even include some messages sent to social media accounts.
• Alter the transmission data in an electronic message so it gets delivered to a different destination without express permission by, for example, directing Internet users to a website they did not intend to visit.
• Use an application to harvest email addresses or to use addresses collected that way.
• Use false or misleading representations in the online promotion of products or services.
• Install computer programs without the express permission of the computer’s owner.

The law will be administered by three different federal agencies. The Canadian Radio-Television and Telecommunications Commission, or CRTC, will administer CASL itself and apply penalties for violations of it. CASL also amended the Competition Act and the Personal Information Protection and Electronic Documents Act, or PIPEDA, so the two agencies that oversee those laws, the Competition Bureau and the Office of the Privacy Commissioner, both have new powers under CASL. The three agencies will be able to share information with their peers in other countries to help those foreign states take action against Canadian companies.

CASL also gives individuals and organizations private rights of action, meaning they can sue businesses that they believe are in violation of the act.

What’s the penalty for not complying?
Steep. Violations of CASL can incur penalties of up to $1 million for individuals and up to $10 million for businesses. Officers and directors of a company can be held personally liable. In addition, when the private right of action section comes into force in 2017, individuals who believe they have been the object of a CASL violation can sue, with penalties of up to $200 for each non-compliant message.

The bottom line
Although ethical marketers and businesses have always been careful with how they have interacted with consumers, less credible businesses have really had a free ride for a long time now when it comes to regulations prohibiting unsolicited email and other unpleasant online behaviours. Even the most scrupulous business is going to have to pay attention to the new rules and make some significant changes to make sure they’re not in violation. In my next post, I’ll set out the steps you’ll need to take.

Even though CASL is still months away from becoming law, many companies have already started preparing. What have you done? Share your experiences in our comments section below.

By Francis Moran
The Bell Blog Team