Understanding CASL - Canadian Anti-Spam Email Law
CASL (Canadian Anti-Spam Legislation) applies to commercial electronic messages (CEM) sent to or from a computer system located in Canada, installation of computer programs, and prohibits the unauthorized alteration of transmission data. CASL came into force July 1, 2014. In March 2015, the first penalties for violating CASL were issued for $1.1 M.
Ensuring your programs are compliant is of paramount importance. Even if you don't live in Canada- CASL applies to anyone sending email to Canada as well as Canadian companies that send email from Canada. In order to comply, we recommend that you are capturing a verifiable audit trail for each address added to your database and follow the main points outlined below. For specific guidance on your program, you may want to consult your attorney as this should not be construed as legal advice.
High Enforcement Penalties
CASL violations carry penalties of up to $10 million per violation. Also, a private right of action is included wherein individuals can sue based on CASL violation.
High Standard for Consent
CASL requires express consent, but also allows for implied consent as long as express consent is granted within two years of gaining implied consent OR, for existing databases, CASL includes a transitional provision that effectively extends the existing business and non-business relationships. For example, according to this provision, where a business has had an existing business relationship with a customer, and has been sending CEMs to that customer, consent can continue to be implied until July 1, 2017 or until the customer unsubscribes.
In order to obtain express consent the sender must:
- Clearly describe the purpose(s) for requesting consent
- Provide the name of the person seeking consent and identify on whose behalf consent is sought, if different
- Provide contact information for either of those persons (mailing address and either a telephone number, email address, or web address)
- Indicate that the recipient can unsubscribe
Pre-checked box CANNOT be used to obtain express consent.
CASL provides that consent may be implied in any of the following four circumstances:
- The sender and recipient have an existing business relationship (e.g., the recipient has made a purchase within the past two years or an inquiry within the past two months)
- The sender and recipient have an existing non-business relationship
- The recipient has conspicuously published their electronic address (e.g., on a website), has not expressly stated that they do not wish to receive unsolicited messages, and the message is related to the recipient's professional capacity - or -
- The recipient has disclosed their electronic address directly to the sender, has not expressly stated that they do not wish to receive unsolicited messages, and the message is related to the recipient's business or official capacity
Forward to a friend messages are risky and should not be used to comply with CASL.
Opt-Out
Opt-outs must be processed immediately, whereas CAN-SPAM provides 10 days to do so. An opt-out link must be included in transactional messages.
Messaging Requirements
Under CASL, messages must contain:
- The name of the person sending the message and identify on whose behalf the message is sent, if different
- Contact information for either of those persons (mailing address and either a telephone number, email address, or web address)
- A mechanism that allows the recipient to easily unsubscribe at no cost, which could, for example, consist of a reply to an email address or a web-based unsubscribe page