Planning an email marketing campaign in Canada? You should be aware of CASL before you begin.
Canada’s Anti-Spam Legislation (CASL) was enacted in 2014 to promote best practices in email marketing while combating spam and related issues, including identity theft, phishing, and the spread of malware, such as viruses, worms, and trojans. CASL is designed to protect Canadians’ electronic transmissions while ensuring Canadian businesses remain competitive in the global marketplace.
In short, CASL prohibits the:
- Sending of commercial electronic messages without the recipient’s consent (permission), including messages to email addresses, social networking accounts, and text messages to cellular phones,
- Alteration of transmission data in an electronic message that results in the message being delivered to a different destination without express consent,
- Installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee,
- Use of false or misleading representations online in the promotion of products or services,
- Collection of personal information through accessing a computer system in violation of federal law (e.g., the Criminal Code of Canada), and
- Collection of electronic addresses via computer programs or the unauthorized use of such addresses (address harvesting).
CASL is enforced by three government agencies – the Canadian Radio-television and Telecommunications Commission (CRTC), who can issue monetary penalties for violating specific sections of CASL; Canada’s Competition Bureau, who can issue administrative monetary penalties and/or criminal sanctions under the Competition Act; and the Office of the Privacy Commission of Canada, which focuses on violations such as illegally collecting personal information via spyware and harvesting email addresses.
While enforcement agencies can use negotiated agreements and warning letters to ensure CASL compliance, infractions do result in a monetary penalty, the amount of which is determined by the nature of the violation, previous infractions, whether the company benefited financially from the violation, and its ability to pay. Fines for serious CASL breaches can range from $1 million for individuals to $10 million for businesses.
With so much communication performed via email, businesses will want to ensure their messages avoid trouble. CASL’s sections 6 through 9 outline the requirements and prohibitions for unsolicited messages, specifically demanding that they include the sender’s valid contact information as well as a clear ‘unsubscribe’ option.
‘Consent’ is at the core of CASL. Businesses and individuals must obtain a customer’s consent before sending commercial electronic messages and will need to provide proof of that consent when requested. CASL deals with two types of consent: express and implied. Definitions and requirements for both can be found here. (Note that implied consent includes record-keeping; more on that can be found here.)
Although much of CASL is consumer-focused, businesses are not immune to cyber threats. The Government of Canada’s CASL website also includes resources for companies wanting to protect their businesses from vulnerabilities.
We recommend reading the CASL site and understanding the requirements, to ensure your digital marketing campaign is compliant – and free of unnecessary impediments.
Want more Canada market updates? Sign up for our monthly newsletter!