THE EMPLOYERS' EDGE
Are you Ready for Canada’s Anti-Spam Legislation? A Primer on Commercial Electronic Messages
As business and commerce have become more interconnected and reliant on electronic communications, there has arisen a need to monitor and regulate types of communication. On July 1, 2014, Canada’s Anti-Spam Legislation (“CASL”) will come into effect, instituting strict compliance measures and hefty penalties for violators.
115 countries have already enacted their own anti-spam legislation, and Canada’s is widely regarded as the strictest of any country’s to date. CASL deals with technological issues including the installation of computer programs, spyware, malware, viruses, and alteration of transmission data.
CASL is not simply dealing with annoying junk emails. Rather, part of the legislation regulates “Commercial Electronic Messages”, or CEMs. The legislation gives a very broad definition of CEM: “… an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, …”
CASL notes that an “electronic message” can be sent by any means of telecommunication, and will be sent to an “electronic address”, which includes an email account, instant messaging account, telephone account, or other similar account. That means using the message function on Facebook or LinkedIn, or sending a direct message on Twitter, may in fact be contrary to CASL, if the functions are used for a commercial activity.
The “commercial activity” which characterizes a CEM includes any act or conduct of a commercial character, including offer to purchase, sell, or lease goods or services, offer to provide business, or advertising or promoting the same. It is also important to note that there does not have to be any expectation of profit, and even if the electronic message only contains internet links to a web page that promotes commercial activity, CASL will still consider that a CEM.
CASL prohibits sending CEMs unless three broad conditions are met:
- The sender of the CEM must have consent from the recipient.
Consent can be either express or implied. Express consent must be opt-in rather than opt-out. In order to secure express consent, a recipient has to take some positive action to consent to receive your CEMs, such as checking off a toggle box requesting receipt of CEMs, or providing an electronic address for the express purpose of receiving CEMs. You cannot presume consent until and unless a recipient withdraws, and remember that consent to receive CEMs must be explicit and cannot be bundled with any other consent or agreement. Express consent never expires unless the recipient withdraws consent. Implied consent exists in only three instances. First, if there is an existing business relationship or existing non-business relationship as defined in CASL. This form of implied consent will only be available until July 1, 2017. The second type of implied consent is when a recipient has a conspicuously published electronic address (such as on a personal or company web page), and the CEM pertains to their business or role. The third and final form of implied consent occurs when a recipient provides you with an electronic address (such as a business card) and the CEM you send pertains to the business or role.
- The sender complies with the information requirements in CASL.
CASL requires that the sender include, in the CEM, information identifying the sender or the person on whose behalf the CEM is sent. It further requires that the CEM include current contact information for the sender or the person on whose behalf the CEM is being sent. Also, the CEM must explicitly set out the purpose for which the CEM is being sent to the recipient.
- The CEM must include an Unsubscribe Mechanism.
Each CEM must contain a mechanism by which the recipient can withdraw their express or implied consent to receive your CEMs. The unsubscribe mechanism must be clearly and prominently included in every CEM, and unsubscribing must be free of cost to the recipient and must take effect within ten days from when it is chosen.
Some people are caught off guard by the breadth of CASL’s application. For example, there are no general exemptions for charities or non-profit organizations, though certain consent exemptions exist. However there are full exemptions for CEMs sent between family members or friends, or to make or respond to an inquiry or application for some commercial activity.
Penalties for breach of CASL are severe, capping at $1,000,000 per contravention for an individual and $10,000,000 for a company. Further, as of July 1, 2017, there will be a private right of action for individuals who can seek damages in court for up to $1,000,000 per day of contraventions.
With the deadline for compliance looming, what can you do to protect your business? The obvious answer is to prepare to be compliant. You may wish to conduct an audit of your company’s electronic communications and determine what meets the definition of a CEM. Then, ensure that your CEMs are delivered only to those people who have provided express consent, or from whom you have implied consent. Further, you can incorporate requests for express consent into all new client or customer agreements. Next, ensure that your CEMs comply with CASL’s information requirements by ensuring that proper identifying information and an unsubscribe mechanism are prominently and clearly displayed. You may wish to have all company email signature lines revised for these purposes.
CASL has a built-in due diligence defence for any contraventions that occur despite the sender’s prudent best efforts. Accordingly, since an employer may be responsible for an employee’s breach of CASL if it occurs in the course of their duties, plan to institute a company technology and communication policy, or revise your existing one. Ensure your employees are aware of their obligations under CASL, and that they know how to be compliant on your company’s behalf if sending CEMs. If your company uses a third party provider, ensure that your service contracts build-in CASL compliance by requiring your provider to be familiar and compliant with CASL when sending any CEMs on your company’s behalf.
For more information about the new legislation*, please feel free to contact one of the lawyers at CCP.
* An Act to Promote the Efficiency and Adaptability of the Canadian Economy by Regulating Certain Activities that Discourage Reliance on Electronic Means of Carrying out Commercial Activities, and to Amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010, c 23
Please Note: This blog has been prepared as an informational service for our clients and other interested parties. It is not intended to constitute legal advice, a complete statement of the law or opinion on any subject. Although we endeavour to ensure the accuracy of the content, no one should act upon the information provided without a thorough examination of the law after the facts of a specific situation are fully considered.