Canada’s Anti-Spam Legislation (CASL): The Top 3 Lessons Businesses Can Learn from Year 1
September 29, 2015
By Trent Skanes, at McInnes Cooper
The anti-spam sections of Canada’s Anti-spam Legislation (CASL) took effect on July 1, 2014 amidst hype, controversy and dire warnings. Were they justified? Maybe. Here are the top three lessons that organizations can learn with the first year of CASL under our belts:
- Take it Seriously. Between March 5 and June 29, 2015, the Canadian Radio and Telecommunications Commission (the main agency administering and enforcing most of CASL) dealt with 3 CASL violations, and clearly sent the message that it’s serious about enforcing CASL – so organizations are well advised to take it seriously too, and comply:
- March 2015. The CRTC imposed the first CASL penalty against Compu-Finder: a whopping $1.1M fine. Read more about it here, and at McInnes Cooper’s Legal Alert: No Messing Around – $1.1M First Penalty For Canada’s Anti-Spam Legislation (CASL) Violations By Compu-Finder.
- March 2015. In the same month, the CRTC entered an “undertaking” (essentially, a voluntary settlement agreement) with Plenty Of Fish: it agreed to pay a $48,000 penalty, get compliant with CASL, and implement more CASL training. Read more about it here.
- June 2015. The CRTC entered an undertaking with Porter Airlines: similar to Plenty of Fish, it agreed to pay a $150,000 penalty, get CASL compliant, and implement more CASL training. Read more about it here.
- The Basics Matter. In each of these three cases, the offending business violated the most basic of CASL’s requirements. So double-check your compliance program, or if you don’t have one, then start right now with the basics:
- Consent. CASL’s broad objective is to move Canada to a “permission-based” regime for all electronic-based commercial communication. Recipient consent is the most fundamental CASL requirement. And you don’t just need to have it; you need to be able to prove you have it. So ensuring you have a method to record how and when you collected consents is important. Compu-finder didn’t bother to get consent from recipients at all; Porter might have – but it couldn’t prove it.
- Content. Senders must include two things in every commercial electronic email: an “unsubscribe” feature that is prominent and easy-to-use, and particular contact information about the sender. All three of Compu-Finder, Plenty of Fish and Porter failed to meet CASL’s unsubscribe requirements; one didn’t even include the required contact information. The unsubscribe mechanism doesn’t need to be complicated or fancy – but it does need to work.
- Respond. Be responsive to recipients. CASL requires the senders of commercial electronic mail to act on a recipient’s “unsubscribe” request within 10 days. Both Compu-finder and Porter failed on this one.
- Bigger Consequences to Come. These three cases give organizations a benchmark for what to expect if they violate CASL. But CASL has significant consequences for individuals and organizations that don’t comply, and there’s still alot of room to move. The longer CASL is in effect, the tougher the consequences could get – so comply sooner, not later. CASL authorizes:
- Monetary Penalties of up to $1M on individuals and $10M on other entities for a CASL contravention. Minor breaches by organizations that subsequently cooperate with the CRTC seem to attract smaller penalties. It looks like Plenty of Fish and Porter tried to comply with CASL but missed the mark; when they learned of their violations, they took action to correct their mistakes. The undertakings reflect this, and the general consensus is they are proportional to the violations. In contrast, it seems like Compu-finder didn’t even try to comply with CASL (the CRTC described the violations as “flagrant”). The higher penalty reflects this – but even though it’s substantially higher than those imposed on Plenty of Fish and Porter, it’s still a far cry from the maximum penalty CASL authorizes. That leaves the CRTC with lots of room to up the ante for those organizations who saw the Compu-Finder warning – and still do nothing to comply.
- Potential Liability of employers for certain employee violations, and personally for corporate directors and officers for a corporation’s violation. To learn how to help limiting the personal liability exposure of directors and officers for CASL violations, read McInnes Cooper’s: Complying With Canada’s Anti-Spam Legislation (CASL) – Protecting Directors And Officers From Personal Liability.
- Criminal charge of obstruction of a CASL investigation.
- Effective July 1, 2017, a person or corporation affected by a CASL violation will have the ability to sue in a civil court based on that violation – and that’s when things could get very interesting for organizations that violate CASL.
Organizations can (and should) learn from these three lessons – but there are still many unanswered questions about how the CRTC will enforce CASL going forward. For example, it still hasn’t imposed any sanctions or penalties for violating the CASL software installation requirements that came into effect in January 2015; to learn more about those requirements, read McInnes Cooper’s Legal Update: Canada’s Anti-Spam Legislation (CASL) Software Installation Sections Effective January 15, 2015 – 10 FAQs. The amount of those penalties – whether in line with, less, or more than the electronic messaging penalties we’ve seen during CASL’s first year – remains a mystery. And we also don’t yet know the practical impact of CASL on not-for-profit organizations, which are at equal risk of sanction but often have difficulty dedicating sufficient resources to implementing CASL-compliant procedures.
To learn more about CASL, including whether it affects you and how to comply if it does, visit McInnes Cooper’s CASL Knowledge Page at http://www.mcinnescooper.com/services/privacy/casl/.
Please contact your McInnes Cooper lawyer or any member of our McInnes Cooper CASL Team to discuss this topic or any other legal issue.
McInnes Cooper has prepared this document for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this information. McInnes Cooper excludes all liability for anything contained in this document and any use you make of it.
© McInnes Cooper, 2015. All rights reserved. McInnes Cooper owns the copyright in this document. You may reproduce and distribute this document in its entirety as long as you do not alter the form or the content and you give McInnes Cooper credit for it. You must obtain McInnes Cooper’s consent for any other form of reproduction or distribution. Email us at email@example.com to request our consent.
- Share with others
- Stay informed with our legal updates by subscribing.