How Canada's Anti-Spam Legislation Will Affect Your Business
On July 1, 2014, most sections of Canada’s new anti-spam legislation (“CASL”) came into effect. Among other things, CASL sets out new requirements for continuing to use e-mail and other electronic messages for “commercial” purposes. Some examples of what would meet the definition of “commercial” purposes include messages that:
- offer to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
- offer to provide a business, investment or gaming opportunity;
- promote a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so.
In most cases, businesses and other persons disseminating such commercial electronic messages or “CEM’s” will need the consent of the recipient. You may already have seen messages from many organizations that send you electronic messages requesting your express consent in order to continue to send you such messages.
Businesses that fail to obtain the consent of recipients of their CEM’s or otherwise violate the CASL can be exposed to very substantial administrative monetary penalties (up to $1 million per offence for individuals and $10 Million for businesses). The CASL sets out a list of factors to be considered in determining the amount of the penalty and also provides for personal liability of directors, officers and agents of corporations if they authorized, assented to, acquiesced in or otherwise participated in the offence. Sections of the CASL which provide for a private right of action for both actual and statutory damages for violations of the CASL will come into force on July 1, 2017. This is likely to result in a number of class action lawsuits against organizations that have violated the CASL requirements.
The CASL is not strictly limited to e-mail and other CEM’s. It also impacts the alteration of transmission data (such as where a link embedded in an e-mail re-directs the recipient to a website that is different from what the recipient expected), address harvesting (e.g. using webcrawlers and dictionary attacks) and unsolicited installation of computer programs and software.
Three different federal agencies are responsible for enforcing and administering different parts of the CASL and related legislation: the CRTC, the Competition Bureau and the Office of the Privacy Commissioner.
We strongly encourage all businesses and other persons that are engaged in disseminating electronic messages via e-mail, text, social media, etc., operating websites and/or distributing software via the Internet to review and familiarize themselves with the information on the CASL provided by the federal government at fightspam.gc.ca/eic/site/030.nsf/eng/home and to monitor that site for updates and additional information in the coming months. Businesses that are members of an industry organization may wish to contact their industry organization to determine if the organization has published any protocols, recommendations or best practices guidelines specifically for that industry group.