Planning an email marketing campaign in Canada? You should know about CASL before you start.
Canada’s anti-spam legislation (CASL) was created in 2014 to reinforce best practices in email marketing while fighting spam and spam-related issues, including identity theft, phishing, and the spread of malware such as viruses, worms, and trojans. CASL is designed to protect Canadians’ electronic transmissions while ensuring Canadian businesses remain competitive in the global marketplace.
In short, CASL prohibits the:
- Sending of commercial electronic messages without the recipient’s consent (permission), including messages to email addresses, social networking accounts, and text messages to cellular phones,
- Alteration of transmission data in an electronic message which results in the message being delivered to a different destination without express consent,
- Installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee,
- Use of false or misleading representations online in the promotion of products or services,
- Collection of personal information through accessing a computer system in violation of federal law (e.g., the Criminal Code of Canada), and
- Collection of electronic addresses via computer programs or use of such addresses without permission (address harvesting).
CASL is enforced by three government agencies – the Canadian Radio-television and Telecommunications Commission (CRTC), who can issue monetary penalties for violating specific sections of CASL; Canada’s Competition Bureau, who can issue administrative monetary penalties and/or criminal sanctions under the Competition Act; and the Office of the Privacy Commission of Canada, which focuses on violations such as illegally collecting personal information via spyware and harvesting email addresses.
While the enforcement agencies can use negotiated agreements and warning letters to ensure CASL compliance, infractions do result in a monetary penalty with the amount determined by the nature of the violation, previous infractions, whether the company benefited financially from the violation, and it’s ability to pay. Fines for serious CASL breaches can run as high as $1 million for individuals, and $10 million for businesses.
With so much communication performed via email, businesses will want to ensure their messages avoid trouble. CASL’s sections 6 through 9 lists the requirements and prohibitions for unsolicited messages, and specifically demands that they include the sender’s valid contact information as well as a clear ‘unsubscribe’ option.
‘Consent’ is at CASL’s core. Businesses and individuals must obtain a customer’s consent before sending commercial electronic messages, and will need to provide proof of that consent, when asked. CASL deals in two kinds of consent – express and implied. Definitions and requirements for both can be found here. (Note that implied consent includes record-keeping; more on that can be found here.)
Although much of CASL is consumer-focused, businesses are not immune from cyber threats. The Government of Canada’s CASL website also includes resources for companies wanting to protect their businesses from vulnerabilities.
We recommend reading the CASL site and understanding the requirements, to ensure your digital marketing campaign is compliant – and free of unnecessary impediments.