SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)


Published on

Jeff Kahane of the Kahane Law Office will explain exactly what you need to know to comply with Canada's Anti-Spam Legislation. Is your marketing plan with permission and within the law? Post presentation, Jeff will answer audience questions in an interactive Q&A.

Published in: Law
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

SMByyc Presentation on Canada's Anti-Spam Legislation (CASL)

  1. 1. About Jeff Kahane • Was a teacher prior to becoming a lawyer • Practicing law for 13 years • Legal department of Canadian Pacific Limited (the former parent corporation of CP Rail, CP Hotels, Fording and CP Ships) • Ernst & Young’s affiliate law firm Donahue, Ernst & Young • Kahane Law opened February 2004 • Currently a full service law firm with 9 lawyers Also looks like this
  2. 2. About Kahane Law Office • Full service law firm • Experienced staff of lawyers provide legal assistance in the areas of: • Real Estate Law • Civil and Commercial Litigation • Wills and Estates • Employment/ Labour Law • Powers of Attorney • Corporate Services • Family Law • Immigration Law
  3. 3. Email Scams • Nigeria 419 Scam • Ever received an email from a Nigerian Prince, asking for your support to help him ascend to the throne, for which you will be rewarded with riches beyond your wildest imaginations? • This scam leads to Australians being conned out of more than $36 million / year • Inheritance of a close family member • Viagra anyone…
  4. 4. Email Spam • Clogging the Internet • Approximately 250 to 300 Billion emails sent each day • Spam accounts for 75% - 90% of all email traffic (according to Industry Canada) • In the time it takes to read this sentence 20,000,000 emails were sent • Estimated that the average North American office worker spends 11.2 hours per week reading and answering emails
  5. 5. Email Threats • Spam delivers other threats • Spam-born viruses used to access large numbers of target computers, allowing spammers to operate networks of zombie computers (botnets) to send the spam without the computer owner’s knowledge • Spam is the main vehicle for delivering online threats (spyware, malware, and phishing)
  6. 6. Email Scams - Impact • These online threats: • Encourage frauds and thefts • Diminish confidence in the online marketplace • Congest networks • Interrupt commerce • Reduce the stability of the internet and on-line services • Threaten personal privacy
  7. 7. Anti-Spam Legislation Worldwide • Most industrial nations have had anti-spam legislation for over a decade • Japan (since 2002) • USA (since 2003) • UK (since 2003) • China (since 2005)
  8. 8. Anti-Spam Legislation in Canada • Canada has taken longer because the government has decided to create anti-spam legislation much stronger than other industrial nations • But did they go too far?
  9. 9. Anti-Spam Legislation in Canada • Canada’s Anti-Spam Law (“CASL”) is actually titled: • “An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (S.C. 2010, c. 23) • For our purposes, we’ll use the unofficial short title: “Canada’s Anti-Spam Legislation”, or “CASL”
  10. 10. What Does CASL Regulate? 1. The sending of electronic messages without prior consent 2. Altering transmission data without express consent 3. The installation of a computer program on another person’s computer system without express consent 4. The use of false or misleading representations and deceptive marketing practices for on-line promotions 5. Collection of personal information through access to computer systems 6. Collection of personal information for identity theft Today – only e-mails / e-messages
  11. 11. Will CASL be Effective? • The goal of preventing spam and online threats has huge support, BUT will it stop the spam??? • China supposedly has a death penalty for sending spam but it doesn’t seem to stop spammers • USA has had anti-spam legislation since 2003, yet is currently considered the world’s worst spam-producing country, followed closely by China • Concern that CASL will only catch legitimate businesses unaware of the legislation or that they are violating it • Criminals and unethical individuals are unlikely to be deterred by anti-spam laws
  12. 12. Why Take CASL Seriously 1. It regulates email, not spam 2. Three Federal agencies are enforcing it 3. Huge potential fines 4. Private prosecutions
  13. 13. CASL: Why Too Far? • Description of a Commercial Electronic Message (“CEM”) is too broad; • Regulates email and spam and blogs and tweets and electronic newsletters (i.e., NOT just spam) • Opt-in consent is too onerous; • Too short a time period to obtain consents • December 4, 2013 to July 1, 2014 • Social media changes much faster than laws – CASL will create unintended violations
  14. 14. CASL: Why Too Far? • IT-dependent • Smaller organizations can’t afford extensive IT solutions • Potential for enforcement against ethical, law-abiding individuals and organizations • But won’t deter a criminal in a foreign unregulated country • Three Federal agencies enforcing • Broad enforcement and risk of overlap between agencies • Private right of action • An extraordinary remedy
  15. 15. CASL Timeline • Royal Assent – December 2010 • Regulations publicly presented – December 4, 2013 • Majority of CASL comes into force on July 1, 2014 • Window of opportunity to become compliant is very short • Provisions related to computer programs come into force – January 15, 2015 • Private right of action comes into force – July 1, 2017 • Implied consent expires – July 1, 2017
  16. 16. Does CASL Apply to You? • Anti-spam provisions are very broad • CASL has the potential to impact any individual or organization in Canada that sends electronic messages to an electronic address (i.e., business, consumer, individual) • *Threshold Issue: Is it a Commercial Electronic Message (“CEM”)
  17. 17. What Are Commercial Electronic Messages 1. Is it an Electronic Message? 2. Is it Commercial?
  18. 18. What Are Commercial Electronic Messages • A CEM is an electronic message that, considering: • the message’s hyperlinks to a website, • the message content, and • the sender’s contact information in the message, • it would be reasonable to conclude the CEM has, as one of its purposes, to encourage participation in a commercial activity, including marketing, advertising, or promotions. (S. 1(2))
  19. 19. Commercial Electronic Messages • CASL focuses on the message, NOT on the sender • Threshold issue is whether it is “commercial” • Commercial activity includes any conduct of a commercial character whether or not it is “in the expectation of profit”
  20. 20. All CEMs Must Have 3 Main Things 1. Consent Requirements 2. Information Requirements 3. Unsubscribe Mechanism
  21. 21. Requirement 1: Consent • Sender MUST have recipient’s express or implied consent • Onus is on the sender to prove consent was obtained (for both written and oral consent) • CASL does NOT allow opt-out consents (includes pre-selected toggles) • CRTC requires a positive or explicit indication of consent (i.e., providing an email address or checking a toggle box) • Previous consents will NOT satisfy CASL
  22. 22. Requirement 1: Consent • Sender must have express consent for each act contemplated under CASL • Consent cannot be hidden within the “fine print” (i.e., in the terms and conditions of use or other types of consent such as privacy) – it MUST be distinct and “conspicuously published”
  23. 23. Requirement 1: Consent • As per the CRTC Regulations: • May request express consent orally OR in writing, or a combination of both • Oral consent must be verified by an independent 3rd party • Or a complete, unedited recording must be retained • Both paper and electronic forms allowed for written consent • Electronic forms must record date, time, purpose, and manner of the consent
  24. 24. Requirement 2: Information • Must clearly identify the purpose of the consent • Sender must clearly identify her/himself and any party the message is sent on behalf of • Sender must include contact information (name, company, mailing address, phone number, and email) • Recipient must be clearly informed of the right to unsubscribe from receiving future messages
  25. 25. Requirement 3: Unsubscribe • Must set out an electronic unsubscribe process or address, or link to an “unsubscribe” page • Must be given effect within 10 days following receipt • Must be effective for 60 days • Must be at no cost to recipient • Must allow recipient to advise sender to stop sending electronic messages • Must be clearly and prominently set out in message
  26. 26. Transitional Period for Existing Relationships • CASL allows implied consent for a 3 year transitional period for parties already in an existing business or existing non-business relationship • Implied consent is only okay until July 1, 2017 for these existing relationships After this date you will require express consent from these individuals/ organizations
  27. 27. Implied vs. Express Consent • Implied Consent: Is inferred from signs, actions, or facts • Express Consent: Is communicated either orally or in writing
  28. 28. Implied Consent: Existing Business Relationships • An “Existing Business Relationship” is deemed to exist if in the two years prior to sending the CEM, the recipient had a business relationship with the sender arising from: • The bartering of anything in the previous 2 years • Acceptance of a business, investment, or gaming opportunity offered by the sender • A written contract between sender and recipient of the CEM was in existence any time in the previous 2 years prior to sending the CEM • The purchase or lease of a product, goods, a service, land, or an interest or right in land from the sender
  29. 29. Implied Consent: Existing Non-Business Relationships • There is implied consent to send a CEM where there is an “existing non- business relationship” where: • Sender is a registered charity, political party, or candidate for office, and recipient made a donation or performed volunteer work in the preceding two years • Sender is a club, association, or voluntary association, and recipient has been a member in the preceding two years
  30. 30. Exceptions (to Consent, Information and Unsubscribe Requirements) • Law enforcement, public safety, conduct of international affairs, or protection of Canada • Person to person if existing “family relationship” or “personal relationship” • Messages sent to a person engaged in a commercial activity containing an inquiry or application regarding that activity • Internal messages within an organization where the messages concern the activities of the organization
  31. 31. Exceptions (to Consent, Information and Unsubscribe Requirements) • Messages sent from one organization to another where there is a relationship and the message concerns the activities of the organization • Messages sent in response to a request, inquiry, or complaint, or otherwise solicited by the recipient • Messages sent in regard to legal or judicial orders, rights, or obligations • Messages sent to a secure, confidential, limited-access account such as a message sent by your bank to your electronic bank account
  32. 32. Exceptions (to Consent, Information and Unsubscribe Requirements) • Messages sent to a foreign state so long as you comply with that state’s anti-spam law • Canadian registered charities will have a limited exemption where they send an electronic message primarily for fundraising purposes, BUT NOT for other purposes • Messages sent by political parties or politicians to solicit political contributions
  33. 33. Consent Exceptions • A message that responds to a requested quote or estimate • A message that facilitates, completes, or confirms a commercial transaction previously agreed to • A message that provides warranty information, product recall information, or safety information about goods or services purchased
  34. 34. Consent Exceptions • Factual information about an ongoing purchase of goods or service offered under a subscription, loan, membership, or similar relationship • Information directly related to an employment relationship or benefit plan • A message about product, good, or service upgrades or updates
  35. 35. Exceptions to Consent (BUT Information and Unsubscribe Requirements Remain) • A message to a recipient who conspicuously published their electronic address (e.g., business card, website, etc.) and the message is relevant to their business • A message to a recipient who disclosed their electronic address (e.g., in a conversation or letter) and the message is relevant to their business • A message sent to a referral from a common contact but only the first CEM
  36. 36. Social Media Exemption • A CEM that is sent and received on an electronic messaging service IF the information and unsubscribe mechanism are conspicuously published and readily available on the user interface, and the person to whom the message is sent consents to receive it either expressly or by implication
  37. 37. The Scary Part If You Do Not Comply • Complaints to Anti-Spam Reporting Centre • Private Actions • Class Actions • Cost, effort, and potential embarrassment defending a prosecution • Reputation/PR risk • Extended liability to officers, directors, and others
  38. 38. Non-Compliance Penalties • Penalties focus on economic disincentives • Fines (what CASL calls “Administrative Monetary Penalties” (“AMPS”) • For individuals: Up to $1 million / violation • For corporations and others: Up to $10 million / violation • Private right of action (i.e., Class Actions) as of July 1, 2017 • Including the right to statutory damages to a maximum of $1,000,000 ($200 for each message sent) PER DAY
  39. 39. Extended Liability • Extends to any person who “acts, induces, or procures a prohibited act” • Extends to officers and directors if they “directed, authorized, acquiesced to, or participated in the offending conduct” • Employers are liable for acts of their employees acting within the scope of their authority
  40. 40. Defences • DUE DILIGENCE DEFENCE • Must be able to demonstrate that your organization has taken proactive steps to establish policies and procedures to ensure CASL compliance and properly monitor and enforce those policies
  41. 41. Due Diligence Is Critical • “A person must not be found to be liable for a violation if they establish that they exercised due diligence to prevent the commission of the violation” (s. 33(1)) • “A person must not be found to have committed a contravention … [of CASL] … if they establish that they exercised due diligence to prevent the contravention or conduct …” (s. 54)
  42. 42. 5 Steps To Prepare For July 1, 2014 1. Conduct a CASL Audit • First, identify what electronic messages your organization sends (emails, Christmas cards, marketing materials, Twitter and Facebook accounts, etc.) and to whom (i.e., suppliers, customers, contacts, potential clients or customers, etc.) • Then, once you’ve completed all of your CASL compliance steps, go back and double check that nothing has slipped through the cracks
  43. 43. 5 Steps To Prepare For July 1, 2014 2. Develop CASL Compliance Policies • Develop an internal policy • Conduct in-house training for staff • Develop a website CASL compliance statement • Update your privacy policies • Note: These steps are critical – remember the “due diligence” defence: A person must not be found liable for a violation or contravention if they establish that they exercised due diligence to prevent the commission of the violation or contravention.
  44. 44. 5 Steps To Prepare For July 1, 2014 3. Obtain consents • Send an email to all of your current contacts requesting consent to send CEMs • Address “Consent, Information, & Unsubscribe” requirements with any 3rd party who sends out CEMs on your behalf • Prepare consent forms to use for new contacts and customers and then use them for each new contact/customer • Insert consent requests into all relevant documentation (contracts, marketing materials, responses to quotes, on-line forms, etc.) • Create a record keeping system to record consents and unsubscribes
  45. 45. 5 Steps To Prepare For July 1, 2014 4. Provide the Required Information • Include your name and contact information and the information of any party the CEM is sent on behalf of in every email and electronic message • Include an “unsubscribe statement” in every email and electronic message • Include an “unsubscribe mechanism” in every email and electronic message (even if it is just a statement saying they can unsubscribe by replying and typing “unsubscribe” on the subject line)
  46. 46. 5 Steps To Prepare For July 1, 2014 5. Unsubscribe Mechanism • Create systems or IT solutions to ensure unsubscribe requests actually take effect within 10 days of receipt • Keep records of unsubscribes
  47. 47. Keep In Mind… • Now is the time to prepare to obtain consent electronically • After July 1, 2014 it will be an offence to send an email to get consent • Remember that many of the requirements are IT dependent
  48. 48. Additional Resources • Government of Canada CASL website • • CRTC website on Canada’s new Anti-spam Legislation •
  49. 49. Jeffrey V. Kahane Kahane Law Office 7309 Flint Road S.E. Calgary, AB T2H 1G3 (E) (P) 403.225.8810 LinkedIn: