Wishart Law Firm Anti-Spam Presentation
Upcoming SlideShare
Loading in...5
×
 

Wishart Law Firm Anti-Spam Presentation

on

  • 92 views

 

Statistics

Views

Total Views
92
Views on SlideShare
91
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • A club, association or voluntary organization is a non-profit organization that is organized and operated exclusively for social welfare, civic improvement, pleasure or recreation or for any purpose other than personal profit, if no part of its income is payable to, or otherwise available for the personal benefit of, any proprietor, member or shareholder of that organization unless the proprietor, member or shareholder is a an organization whose primary purpse is the protection of amateur athletics in Canada. See IC regs s 7(2) that refers to s. 10(13)(3)(c) of CASL.
  • Note: “install” not defined <br /> Industry Canada has stated that CASL applies to installing computer programs on someone else’s computer system, not installations by personal on their own computing devices. <br />
  • An example of an acceptable means of obtaining consent pursuant to section 5 of the Regulations would be an icon or an empty toggle box, separate from the licence agreement and other requests for consent, that would need to be actively clicked or checked, as applicable, in order to indicate consent to one, several, or all of the functions listed in subsection 10(5) of the Act, as applicable, provided that the date, time, purpose, and manner of that consent is stored in a database.
  • S 10(8) of CASL specifically mentions cookies in list of “deemed consent” computer programs -- so are they “computer programs” and subject to CASL? <br /> IC: cookies are not programs -- they are not executable, cannot carry viruses and cannot install malware <br /> CRTC: cookies are programs but are not “installed” and so not subject to CASL prohibition

Wishart Law Firm Anti-Spam Presentation Wishart Law Firm Anti-Spam Presentation Presentation Transcript

  • CASL A Primer on Canada’s Anti-Spam Legislation
  • AGENDA • Focus on Commercial Electronic Messages (CEMs) • What does the law prohibit? • What are the penalties for non-compliance? • Key concepts • Transition period • Preparing for compliance
  • WHAT IS CASL? • Full name of the Act is: – An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities and to amend the Canadian Radio- television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, SC 2010, c 23 • We’ll just call it Canada’s Anti- spam Law (CASL)
  • WHAT DOES THE LAW PROHIBIT? • Sending unsolicited electronic messages; • Altering transmission data; • Installing a computer program without authorization; and • Aiding, inducing, procuring or causing to be procured any of the above-noted prohibited activities.
  • KEY CONCEPTS • Administrative and civil penalties • Commercial Electronic Messages (CEMs) • Consent – CEMs cannot be sent without it • Prescribed information – certain information must be in every CEM sent • Records – the sender has the burden of proof
  • PENALTIES • Administrative monetary penalties (AMPs) for violations • Up to $1 million for individuals & 10 million for organizations for each violation – Personal liability for directors, officers, and agents for violations committed by their businesses – Vicarious liability for businesses for violations committed by their employees • Purpose of AMPs is to promote compliance not punish • A number of factors must be taken into account when determining the amount of the AMP
  • PENALTIES • Violations are not criminal offences • Can be appealed to the Federal Court • Due diligence defence available • Private Right of Action (PRA) in force July 1, 2017
  • WHAT IS A CEM? • A commercial electronic message is an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land; b) offers to provide a business, investment or gaming opportunity; c) advertises or promotes anything referred to in paragraph (a) or (b); or d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c) or who intends to do so.
  • WHAT IS A CEM • Note: an electronic message that contains a request for consent to send a CEM is also considered to be a CEM • So, subject to the transition provisions, these cannot be sent after July 1, 2014 without the recipient’s implied consent
  • WHAT IS AN ELECTRONIC MESSAGE? • “electronic message” means a message sent by any means of telecommunication, including a text sound, voice of image message
  • WHAT IS A COMMERCIAL ACTIVITY? • “commercial activity” means any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit, other than any transaction, act or conduct that is carried out for the purposes of law enforcement, public safety, the protection of Canada, the conduct of international affairs or the defence of Canada.
  • INDUSTRY CANADA GUIDANCE (RIAS) • Mere fact that a message involves commercial activity, hyperlinks to a person's website, or business related electronic addressing information does not make it a CEM under the Act if none of its purposes is to encourage the recipient in additional commercial activity. If the message involves a pre-existing commercial relationship or activity and provides additional information, clarification or completes the transaction involving a commercial activity that is already underway, it would not be considered a CEM since, rather than promoting commercial activity, it carries out that activity • Surveys, polling, newsletters, and messages soliciting charitable donations, political contributions, or other political activities that do not encourage participation in a commercial activity would not be included in the definition • However electronic messages may come within the definition of a CEM if it would be reasonable to conclude that one of the purposes is to encourage the recipient to engage in additional commercial activities, based on, for example, the prevalence and amount of commercial content, hyperlinks or contact information • If the purpose or one of the purposes is to advertise, promote, market or otherwise offer a product, good, service, business or gaming opportunity or interest in land, these messages are clearly CEMs. Most notably, CASL aims to limit the opportunity to advertise, market, promote, or otherwise offer products or services under the guise of a non-CEM. If it is reasonable to conclude that the message has one of those purposes, then the message would be considered to be a CEM and subject to exclusions, CASL’s requirements would apply
  • BRINGING IT ALL TOGETHER • Your message is a CEM if it is sent electronically and: 1. It entices someone to buy something or do business with you; or 2. It is requesting someone’s permission to allow you to send them a CEM
  • WHAT DOES CASL REQUIRE In order to send CEMs you must: 1. have the recipient’s express or implied consent; and 2. Include the following information: a) prescribed information identifying the sender or the person on whose behalf the message is sent; b) information enabling the recipient to readily contact one of the persons referred to in (a); and c) an unsubscribe mechanism
  • SENDER IDENTITY • the name by which the person sending the message carries on business, if different from their name, if not, the name of the person; • if the message is sent on behalf of another person, the name by which the person on whose behalf the message is sent carries on business, if different from their name, if not, the name of the person on whose behalf the message is sent; • if the message is sent on behalf of another person, a statement indicating which person is sending the message and which person on whose behalf the message is sent; and • the mailing address, and either a telephone number providing access to an agent or a voice messaging system, an email address or a web address of the person sending the message or, if different, the person on whose behalf the message is sent
  • SENDER IDENTITY • “mailing address” includes the sender’s valid, current street (or civic) address, postal office box, rural route address, or general delivery address • Contact information must remain valid for a minimum of 60 days after the CEM has been sent.
  • WORKING WITH THIRD PARTIES • Many municipalities employ third party service providers • Recall, CASL imposes requirements on both senders of CEMs and the person on whose behalf those CEMs are sent • Municipalities using third party service providers who send messages on their behalf could be held responsible if those messages were sent by the provider in violation of CASL • Double Disclosure Requirement – all of the information with respect to the sender that must be set out in CEMs or consent requests must also be set out with respect to the organization on whose behalf the consent is sought – responsibility of both parties to ensure that all of this information remains valid for at least 60 days after the date the messages are sent
  • UNSUBSCRIBE MECHANISM • The original message must allow CEM recipient to indicate, using the same electronic means, at no cost to them, their wish to no longer receive CEMs from the sender (or the person on whose behalf the message is sent) • Effect must be given to an unsubscribe request within 10 days of receipt
  • EXAMPLE UNSUBSCRIBE MECHANISM Compliance and Enforcement Information Bulletin 2012-548, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm>.
  • EXAMPLE UNSUBSCRIBE MECHANISM Compliance and Enforcement Information Bulletin 2012-548, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm>.
  • EXCEPTION • What if sender identity and/or the unsubscribe mechanism cannot be included in a CEM? • Can be posted on a website: – accessible by the recipient; – at no cost to them; – through a link clearly set out in the CEM
  • COMPLETE EXCLUSIONS • Messages sent between individuals having a “personal relationship” or a “family relationship”; • Messages sent within organizations, where their content concerns the organization’s activities; • Messages sent between organizations that already have a relationship, where their content concerns the activities of the recipient organization; • Messages sent in response to requests, inquiries, or complaints, or where the message is otherwise solicited by the recipient; and
  • COMPLETE EXCLUSIONS • Messages sent: – to satisfy a legal or juridical obligation; – to provide notice of an existing or pending right, legal or juridical obligation, court order, judgment or tariff; – to enforce a right, legal or juridical obligation court order or tariff; or – to enforce a right arising under a law of Canada, of a province or municipality of Canada or of a foreign state
  • FAMILY RELATIONSHIP • “Family relationship”: – the relationship between an individual who sends a message and the individual to whom the message is sent if those individuals are related to one another through a marriage, common-law partnership or any legal parent-child relationship and those individuals have had direct, voluntary, two-way communication
  • PERSONAL RELATIONSHIP • “Personal relationship” – the relationship between an individual who sends a message and the individual to whom the message is sent, if those individuals have had direct, voluntary, two-way communications and it would be reasonable to conclude that they have a personal relationship, taking into consideration any relevant factors such as the sharing of interests, experiences, opinions and information evidenced in the communications, the frequency of communication, the length of time since the parties communicated or whether the parties have met in person.
  • PERSONAL RELATIONSHIP • CRTC has stated the definition of “personal relationship” should remain limited to close relationships – Purpose is to establish limits and prevent potential spammers from exploiting this concept in order to send CEMs without consent • A “personal relationship” only exists between individuals – Legal entities, such as a municipality cannot have a personal relationship – Someone who sends a CEM on behalf of a municipality may not claim to have a personal relationship with the recipient
  • PERSONAL RELATIONSHIP • CRTC has stated the “real identity” of the individual alleging a personal relationship must be known by the other individual involved in the relationship (cannot be solely a virtual identity or alias) • Using social media or sharing a network does not necessarily reveal a personal relationship • Simply “liking” something by clicking a button on Facebook, accepting someone’s friend request on Facebook, or clicking to “follow” someone on Twitter will, according to the CRTC, generally be insufficient to constitute a personal relationship.
  • OTHER COMPLETE EXCLUSIONS • Messages sent to a limited access and confidential account to which messages can only be sent by the person who provides the account to the person who receives the account; – Two requirements: 1.The only persons who may access such accounts consists of the account owner/provider and the account holder 2.Communication through those accounts is only one way. So, messages can only be sent by the account owner/provider to the account holder.
  • OTHER COMPLETE EXCLUSIONS • Messages sent and received on an electronic messaging service (ex. BlackBerry Messenger) if the required information and unsubscribe mechanism are conspicuously published and readily available on the user interface through which the message is accessed, and the person to whom it is sent consents to receive it; • Messages sent on behalf of registered charities that have as their primary purpose raising funds for the charity;
  • OTHER COMPLETE EXCLUSIONS • Messages sent by or on behalf of a political party or organization, or a person who is a candidate for public office having as their primary purpose soliciting a contribution; and • Messages that the sender reasonably believes will be accessed in a foreign state that is listed in the schedule and the message conforms with the law of the foreign state that addresses conduct substantially similar to CASL prohibition against sending unsolicited CEMs – Note: U.S. is a foreign state listed in the schedule
  • OTHER COMPLETE EXCLUSIONS • Additional exemptions for a CEM: – that is, in whole or in part, an interactive two-way voice communication between individuals; – that is sent by means of facsimile to a telephone account; or – that is a voice recording sent to a telephone account.
  • PARTIAL EXCLUSIONS • No consent is required for messages that: – Provide quotes or estimates requested by the recipient; – Facilitate, complete, or confirm commercial transactions the recipient previously agreed to enter into with the sender; – Provide warranty or product recall information about goods the recipient uses, has used or has purchased ; – Provide notification of information about subscriptions or membership, accounts, or loans of the recipient; – Provide information directly related to employment relationships or related benefit plans the recipient is currently involved or enrolled in; – Deliver products or services including updates or upgrades that the recipient is entitled to under the terms of a transaction they previously entered into with the sender • Note: messages in these categories must still conform to CASL’s prescribed requirements
  • THIRD PARTY REFERRALS • No consent is needed for the first CEM following a referral by an individual who has an existing business, non-business, family or personal relationship with both the sender and the recipient • The CEM must disclose the full name of the person who made the referral and must state the message is being sent as a result of the referral
  • WHAT IT ALL MEANS • Commercial content is determined by the CRTC taking into consideration a number of factors • If your message is a CEM you must have recipient consent to send it or fit into one of the exemptions
  • WHAT IS CONSENT • Anyone to whom a CEM is sent must have provided permission in advance • Two types of consent 1. Implied 2. Express • Recall after July 1, 2014 an electronic message requesting consent is deemed a CEM
  • IMPLIED CONSENT • CASL permits consent to be implied in the following limited situations: – The sender has an existing business or non- business relationship with the recipient; – The recipient has conspicuously published the electronic address to which the message is sent, the publication is not accompanied by a statement indicating that he/she or it does not wish to receive unsolicited CEMs at the address and the message is relevant to the person’s business, role, function or duties in business or official capacity; or – The recipient has disclosed to the sender his/her or its electronic address without indicating a wish not to receive unsolicited CEMs at that address and the message is relevant to the recipient’s business, role, function or duties in a business or official capacity
  • EXISTING BUSINESS RELATIONSHIP • Means a business relationship between the recipient and the sender that arises from: 1. The purchase or lease of products, goods, services or land by the recipient within the two-year period immediately preceding the day on which the message is sent; 2. The acceptance by the recipient within that period of a business, investment or gaming opportunity offered by the sender; 3. The bartering of products, goods, services or land between the sender and recipient within that two-year period 4. A written contract entered into between the sender and the recipient relating to a matter not referred to in items 1-3 above if the contract is currently in existence or has expired within the two-year period immediately preceding the day on which the message was sent; 5. An inquiry or application sent by the recipient to the sender in relation to matter set out in items 1-3 above within the six- month period immediately preceding the day on which the message was sent
  • EXISTING NON-BUSINESS RELATIONSHIP • Means a non-business relationship between the recipient and the sender arising out of a donation made to certain entities, or volunteer work performed, by the recipient within the two-year period immediately preceding the day on which the message was sent • An existing non-business relationship can also arise from the recipient’s membership in a club, association or voluntary organization within the two-year period immediately preceding the day on which the message was sent
  • EXPRESS CONSENT • Required where relationship between sender and recipient does not fit any of the categories of exclusion or implied consent • Can be requested orally or in writing • Electronic message requesting express consent is a CEM • In addition to prescribed information, the sender must provide the purpose for which the recipient’s consent is being sought and must identify the person seeking consent or the person on whose behalf consent is being sought
  • EXPRESS CONSENT • Must be some positive act undertaken on the part of the person from whom consent is obtained • Examples: – Checking a box – Typing an email address into a field to obtain consent
  • GOOD EXAMPLE OF A REQUEST FOR EXPRESS CONSENT Compliance and Enforcement Information Bulletin 2012-549, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-549.htm>.
  • ANOTHER GOOD EXAMPLE Compliance and Enforcement Information Bulletin 2012-549, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-549.htm>.
  • BAD EXAMPLE OF A REQUEST FOR EXPRESS CONSENT Compliance and Enforcement Information Bulletin 2012-549, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-549.htm>.
  • BAD EXAMPLE OF A REQUEST FOR EXPRESS CONSENT 50% Off!!! Enter your email below to redeem your free gift certificate for 50% off and to qualify for our grand prize draw __________ submit Adapted from Jason McLinton and Scott Smith “CASL What you need to know about Canada’s new Anti- Spam Legislation” online: Canadian Chamber of Commerce: <http://www.chamber.ca/resources/casl/140129_CASL_webinar_PowerPoint_deck.pdf>.
  • ANOTHER BAD EXAMPLE Please find your coupon for 50% off attached. You have also been entered into our grand prize draw!!! I agree to receive ABC Inc.’s newsletter. You can withdraw your consent at any time Adapted from Jason McLinton and Scott Smith “CASL What you need to know about Canada’s new Anti- Spam Legislation” online: Canadian Chamber of Commerce: <http://www.chamber.ca/resources/casl/140129_CASL_webinar_PowerPoint_deck.pdf>.
  • OTHER CONSENT CONSIDERATIONS • Consents must be sought separately - computer programs and CEMs must have separate consents • You cannot bundle consent – a consent to receive CEMs cannot be tied to an agreement, purchase or contest
  • GOOD EXAMPLE OF ACQUIRING SEPARATE CONSENTS Compliance and Enforcement Information Bulletin 2012-548, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm>.
  • ANOTHER GOOD SEPARATE CONSENTS EXAMPLE Compliance and Enforcement Information Bulletin 2012-548, CRTC, October 10, 2012 online ,<http://www.crtc.gc.ca/eng/archive/2012/2012-548.htm>.
  • BAD EXAMPLE OF ACQUIRING MULTIPLE CONSENTS I accept the terms and conditions. I agree to the installation of ABC Inc.’s software. I consent to receive ABC Inc.’s newsletter. Adapted from Jason McLinton and Scott Smith “CASL What you need to know about Canada’s new Anti- Spam Legislation” online: Canadian Chamber of Commerce: <http://www.chamber.ca/resources/casl/140129_CASL_webinar_PowerPoint_deck.pdf>.
  • OUR EMAIL (EXAMPLE)
  • SHARING CONTACT LISTS WITH THIRD PARTIES • A person who obtained express consent on behalf of an unknown third party may allow such consent to be used by the unknown third party to send CEMs. This is conditional on the person who originally obtained consent ensuring that, in any CEMs sent to the person from whom consent was obtained: a) the person who obtained consent is identified; and b) the authorized person provided an unsubscribe mechanism that, not only meets CASL’s requirements, but also allows, allows the person from whom consent was obtained to withdraw their consent from the person who obtained consent or any other person who is authorized to use it
  • ALTERATION OF AN ELECTRONIC MESSAGE’S TRANSMISSION DATA • Without the express consent of the sender or recipient CASL prohibits, in the course of commercial activity, the alteration of transmission data electronic message so that the message is delivered to destinations other than, or in addition to, that specified by the sender • Same requirement for requests for express consent to alter the transmission data of an electronic message as for express consent to receive CEMs – Requester must provide the purpose for which the consent is being sought as well as the identification of the person(s) seeking consent or on whose behalf consent is being sought
  • ALTERATION OF AN ELECTRONIC MESSAGE’S TRANSMISSION DATA • Additional requirements on those who obtain the express consent of the original senders or recipients to alter transmission data: a) for the period covered by the consent, ensure that the person who gave their consent is provided with an electronic address to which they may send notice of the withdrawal of their consent; and b) ensure that effect is given to a notice of withdrawal of consent sent in accordance with paragraph (a) without delay, but in any event no later than 10 business days after receiving it • Exception for alterations made by a telecommunications service provider for the purpose of network management
  • INSTALLATION OF COMPUTER PROGRAMS • CASL prohibits a person from installing a computer program on another person’s computer system, in the course of commercial activity, and causing electronic messages to be sent from that computer system, unless: a) The person has obtained the owner’s express consent; or b) The person is acting in accordance with a court order • Again, CASL imposes the exact same requirement upon requests for express consent in respect of this prohibition as for those discussed previously
  • INSTALLATION OF COMPUTER PROGRAMS “Computer program” means: – data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function
  • INSTALLATION OF COMPUTER PROGRAMS “Computer system” means: – a device that, or a group of interconnected or related devices one or more of which, a) contains computer programs or other data, and b) pursuant to computer programs, i. performs logic and control, and ii. may perform any other function
  • INSTALLATION OF COMPUTER PROGRAMS • Additional requirements for express consent imposed if the computer program will do certain functions such as: – collecting personal information, – interfering with the user's control of the computer system, – changing or interfering with settings, preferences or commands already installed or stored on the computer system without the knowledge of the user, – changing or interfering with data that is stored on the computer system in a manner that obstructs, interrupts or interferes with lawful access to or use of the computer system, – causing the computer system to communicate with another computer system without authorization, – installing a computer program that may be activated by a third party without the knowledge of the user, and – performing any other function listed in the regulations.
  • INSTALLATION OF COMPUTER PROGRAMS • If the computer program does any of those specified functions when installed, then you clearly and prominently, and separately and apart from the licence agreement, must: – describe the program's material elements that perform the specified function(s), including the nature and purpose of those elements, as well as their foreseeable impact, and – bring those elements to the attention of the user separate from other information provided in a request for consent.
  • MEANS OF OBTAINING CONSENT
  • EXCEPTION • Prohibition on installing computer programs does not apply if the installation is an update or upgrade to a computer program that the owner had previously provided consent to have installed on their computer and which they were entitled to receive
  • EXCEPTION • Computer owners are considered to have expressly consented to the installing of a computer program if the program is: i. a cookie; ii. HTML code; iii. Java Scripts; iv. an operating system; or v. any other program that is executable only through the use of another computer program whose installation was expressly consented to
  • EXCEPTION • Computer owners are considered to expressly consent to the installation of the following specified programs: – a program that is installed by or on behalf of a telecommunications service provider solely to protect the security of all or part of its network from a current and identifiable threat to the availability, reliability, efficiency or optimal use of its network; – a program that is installed for the purpose of updating or upgrading the network, by or on behalf of the telecommunications service provider who owns or operates the network on the computer systems that constitute all or part of the network; and – a program that is necessary to correct a failure in the operation of the computer system or a program installed on it and is installed solely for that purpose
  • EXCEPTION • Note: Industry Canada has clarified that automobile manufactures may be telecommunications service providers for the purposes of CASL – Allows auto manufacturers to rely on the exceptions in the last slide to upgrade computer software in automobiles
  • IP ADDRESSES • Industry Canada states: – Insofar as IP address are not linked to an identifiable person or to an account, IP addresses are not electronic addresses for the purposes of CASL • Result = banner advertising on websites is not subject to CASL
  • AIDING, INDUCING, PROCURING OR CAUSING TO BE PROCURED • It is prohibited “to aid, induce, procure, or cause to be procured the doing of any act contrary” to CASL in respect of the three previously discussed prohibitions
  • PRIVATE RIGHT OF ACTION • Contraventions actionable before a court • Compensation “in an amount equal to the actual loss or damage suffered or expenses incurred by the applicant” and a maximum amount of statutory damages for contravention of each CASL prohibition
  • PRIVATE RIGHT OF ACTION • CASL statutory damages: – unsolicited electronic messages • $200 per contravention up to $1 million per day – altering transmission data or installation of a computer program • up to $1 million per day per contravention
  • COMING INTO FORCE • When does the legislation come into force? CEMs • July 1, 2014 Computer programs • January 15, 2015 Private right of action • July 1, 2017
  • TRANSITION PERIOD • A person’s consent to receive CEMs from another person is implied until the earlier of: 1) the person gives notice that they no longer consent to receiving CEMs from that other person; or 2) until three years after the day on which the prohibition against sending CEMs comes into force if: a)those persons have an “existing business” or an “existing non-business relationship”; and b)The relationship includes the communication between them of CEMs
  • TRANSITION PERIOD • If a computer program was installed on a person’s computer system before the prohibition comes into force, the persons consent to the installation is implied until: 1) the person gives notice that they no longer consent to receiving such an installation; or 2) Until three years after the day on which the prohibition against installing computer programs comes into force (January 15, 2018)
  • HOW TO PREPARE • Get express consent from your current mailing list • Review and inventory CEMs currently being sent – form – purpose – recipients • Developing a database identifying which CEMs: – require express consent and must comply with the formalities; – must comply with formalities; and – neither require consent nor comply with formalities;
  • HOW TO PREPARE • Create compliant unsubscribe mechanisms • Create template CEMs that meet the prescribed requirements • Develop an CASL compliance policy • Designate one or more people in your organization to administer the policy
  • HOW TO PREPARE • Start keeping records of consents and compliance procedures – Important for supporting a due diligence defence
  • OUR CHECKLIST 390 Bay Street, Suite 500 Sault Ste. Marie, ON P6A 1X2 Tel.705.949.6700 Fax.705.949.2465 excellent solutions. CASL COMPLIANCE CHECKLIST 1. Determine if CASL applies to your organization 2. Review and inventory CEMs being sent 3. Develop database identifying CEMs that require consent 4. Develop standard Consent Forms and record maintenance procedures 5. Get consent from parties on your existing mailing list 6. Identifying gaps and ensure that compliance programs and databases are in place and working to document consent and unsubscribe information. 7. Ensure sources of contact lists have appropriate CASL compliance protocols (3rd party lists) 8. Update Business Policies 9. Train All Staff - It is very important to understand that a single unauthorized CEM is a breach 10. Audit compliance periodically www.wishartlaw.com
  • QUESTIONS? J. Paul R. Cassan pcassan@wishartlaw.com (705) 949-6700 ext. 230 Tim J. Harmar tharmar@wishartlaw.com (705) 949-6700 ext. 233
  • OUR WORKFLOW • Gather names and emails for database • Compose consent email • Send consent email • Database – Express consent field – Implied consent field – Scan copy (burden of proof) • Notification 90 days before implied consent expires