Back by popular demand, Maanit Zemel from Zemel van Kampen LLP (http://www.canadatechlaw.com), will walk nonprofits through Canada's Anti-Spam Legislation (CASL) for nonprofits and charities, and what's involved in the next deadline for CASL that will come into effect on July 1st, 2017. What you will learn in this webinar: - How CASL applies to nonprofits and charities - What's changing in the next deadline, July 1st, 2017*: transition period for implied consent ends - How to be compliant with the legislation *Update as of June 7th 2017: CASL Private Right of Action indefinitely suspended and will not take effect on July 1st, 2017. Read more: https://www.the-cma.org/resource/newsroom/2017/casl-pra-suspension

1. Are you ready for
July 1, 2017?
An Update on Canada’s
Anti-Spam Legislation (CASL)
Brought to you by

2. Hi,We’re from TechSoup Canada.
Our mission is to help nonprofits
use tech effectively.

3. Nonprofits can save money on tech products through
the Technology Donations Program
Register your charity, nonprofit or library to see which products you’re
eligible for: www.TechSoupCanada.ca/Getting_Started

4. You have access to free nonprofit tech resources
facebook.com/techsoupcanada
techsoupcanada.ca/learning_centre
techsoupcanada.ca/webinar
@techsoupcanada
techsoupcanada.ca/blog
techsoupcanada.ca/newslettersubscribe

5. GoToWebinar Logistics
1 3
2
1. Close/expand GoToWebinar panel
2. Submit a question/comment via
Chat
3. View and select your audio
 You can hear us, but we can’t hear you!
 Can’t hear? Try turning up your volume or call in
 Have a question? Use the Q&A box
 Slides are available under “Handouts”
and the recording will be available
post-webinar
 Please fill in the post-webinar survey!

6. Today’s hosts
Moderator: Louise Howes
Board of Directors, Volunteer BC
Moderator: Joyce Hsu
Communications Manager, TechSoup Canada
Moderator: Ben Losman
Communications Coordinator, TechSoup Canada

7. W: www.volunteerbc.bc.ca
T: 604-379-2311
E: volunteerbc@gmail.com
WHO WE ARE
Volunteer BC is the provincial voice of volunteerism
with the goal of promoting the value of
volunteerism and building healthy BC communities.

8. About the speaker
Maanit Zemel, Esq.
• Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a
Technology Law & Litigation boutique law firm in Toronto
• Ms. Zemel has substantial experience and expertise in internet law,
including CASL, online defamation, cyberbullying and commercial litigation
• She has advised multiple non-profit organizations and charities on CASL
compliance and drafted their template compliance policies, including for
large umbrella organizations.
• Ms. Zemel is also a part-time member of the Ontario Landlord and Tenant
Board, and teaches business law at The University of Toronto and Ryerson
University
Lawyer and Co-founder of Zemel van Kampen LLP

9. Canada’s Anti-Spam
Legislation (CASL)
Presented by: Maanit Zemel
Partner, Zemel van Kampen LLP
Webinar hosted by Techsoup Canada
June 22, 2017

10. Maanit Zemel (Bio)
 Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a Technology
Law & Litigation boutique law firm in Toronto. Ms. Zemel has substantial experience
and expertise in internet law, including Canada’s Anti-Spam Legislation (CASL), online
defamation, and cyberbullying. Ms. Zemel also has substantial experience in
commercial litigation involving domestic and international disputes.
 Ms. Zemel has advised multiple non-profit organizations and charities on CASL
compliance and has drafted their template compliance policies, including for large
umbrella organizations.
 In addition to her law practice, Ms. Zemel is a part-time member of the Ontario
Landlord and Tenant Board (an adjudicative tribunal), where she adjudicates disputes
between residential landlords and tenants. Ms. Zemel also teaches business law at The
University of Toronto and Ryerson University.

11. DISCLAIMER
This presentation is provided as information only. The
information is not meant as legal opinion or advice.
Viewers are cautioned not to act on information provided
in this publication without seeking specific legal advice
with respect to their unique circumstances.

12. Overview
1. Overview of Canada’s Anti-Spam Legislation (CASL)
2. Commercial Electronic Messages (CEM)
3. The Charities Exemption
4. Recommendations

13. What is Canada’s Anti-Spam Legislation (“CASL”)?
The problem:

14. What is CASL? (cont’d)
 CASL regulates all “Commercial Electronic Messages”
sent or accessed from a computer in Canada
 CASL also regulates broad range of electronic / online
activities including:
 The installation of computer programs
 Misleading advertising and marketing practices
 Privacy invasion via your computer
 Collecting email addresses without consent (email
harvesting)

15. Enforcement of CASL
 Anyone can complain to the regulators by filing a complaint
at: www.fightspam.gc.ca
 3 Regulating Bodies
1) CRTC – CEMs and installation of computer programs
2) Privacy Commissioner – collection of personal
information and address harvesting
3) Competition Bureau – misleading online advertising and
marketing practices

16. Significant Consequences for
Non-Compliance
 Administrative monetary penalties:
 Individuals – fines up to $1 million per violation
 Corporations – fines up to $10 million per violation
 Private rights of action – NOT YET IN FORCE
 Class actions - not yet in force
 Vicarious liability of organization for employees
 Liability of officers and directors for acts of corporation / organization
 Sweeping investigative powers (search and seizure orders)

17. CASL Enforcement so far…
 As of Feb 2016 – over 500,000 complaints filed with CRTC
 CRTC tribunal decisions:
 Rapanos (individual) - $15,000
 Blackstone – $50,000
 Notices of violation:
 CompuFinder – $1.1 million
 Undertakings:
 Kellogg - $60,000
 Rogers - $200,000
 Porter airlines - $150,000
 Plentyoffish - $48,000

18. Due Diligence Defence
 An absolute defence to alleged CASL violation
 Available to an organization that develops and
implements a comprehensive and effective CASL
compliance policy
 It is not enough to have a policy – must implement
and train on policy

19. Commercial Electronic Messages
(“CEM”)

20. Commercial Electronic Messages
(“CEM”s)
 What is a CEM?
CEM is a message sent by any electronic means
(i.e., email, text, instant message, tweet) that
has, as its purpose, or one of its purposes, to
encourage participation in a “commercial
activity”

21. What is a CEM (cont’d)
“Commercial activity” is:
“any particular transaction, act or conduct that is
of a commercial character whether or not the
person who carries it out does so in the
expectation of profit”

22. CEM Definition (cont’d)
 Definition of “commercial activity” very broad
 Applies to any “transaction, act or conduct”  suggests
there does not have to be an exchange
 Applies to non-profit activities
 Applies to charitable funds

23. Do Charities / NPOs Transmit CEMs?
 Yes!
 Examples of CEMs:
 Emails seeking donations
 Emails selling tickets to an event / lottery
 Emails promoting services
 Emails promoting a charitable event / activity
 Emails promoting the organization / charity
 E-Newsletters
 What is not a CEM?  message with purely
educational purpose & content

24. CEM Requirements
 You are prohibited from sending a CEM to an
electronic address unless:
1. The receiver has already consented to the
receipt of the CEM – it is an “OPT IN”
regime;
2. The CEM contains certain prescribed
information; and
3. The CEM contains an unsubscribe
mechanism

25. CEM Consent Requirements
 CEMs may only be sent with recipient’s express or
implied consent
 Onus of proving consent rests with sender
 An electronic message requesting consent is a CEM and
is therefore prohibited

26. Express Consent
•Request for express consent may be
obtained orally or in writing
•There are specific requirements as to what
should be included in request for consent

27. Implied Consent
 Indefinite Implied Consent:
 the recipient has:
1. “conspicuously published” his/her electronic address (on a website
for example)
2. has not indicated a desire to not receive unsolicited CEMs; and
3. the message is relevant to recipient’s business role, duties or
functions
- OR -
 the recipient has:
1. disclosed his/her electronic address to sender without indicating a
wish not to receive unsolicited CEMs (e.g., business card); and
2. message is relevant to person’s role or duties in business or official
capacity

28. Implied Consent (cont’d) –
“Non-Business Relationship”
 Consent is implied when:
 Sender is registered charity (as defined in ITA)
and recipient made donation or performed
volunteer work in preceding two years
OR
 Sender is a non-profit org and recipient has
been a valid member in the preceding two
years

29. Implied consent (cont’d)
The 2 year period for donors/volunteers begins to
run at the last date of donation /volunteering
The 2 year period of implied consent for members
begins to run when the membership is
terminated.
There are other prescribed circumstances for
implied consent (e.g., existing business
relationship; “conspicuous publication” etc.)

30. Implied Consent (cont’d) –
“Existing Business Relationship”
 In the two years prior to the sending of the CEM, the recipient
had:
 Purchased / leased / bartered a product / good / service / land from the
organization;
 accepted a business / investment / gaming opportunity offered by the
organization; or
 a written contract is created between the recipient and the organization.
 Or - Six months before the message is sent, the organization
received from the recipient an inquiry or application about one of
the items above.

31. Warnings re: Implied Consent
 Expires at the end of the relevant period
 Must keep track of the relevant period
 You must still include prescribed information and
unsubscribe mechanism
 Ends when person unsubscribes (opts out)
 You must implement requests to unsubscribe

32.  3 Year Transitional Period:
 For parties who were in an existing business or non-
business relationship prior to July 1, 2014 and were
sending CEMs - implied consent is extended until July 1,
2017
 This means that charities have implied consent to send
CEMs to their former donors / volunteers until July 1,
2017
Implied consent (cont’d)

33. Information Requirements for CEMs
All CEMs must include:
 Name, mailing address and either email / tel. #/ website
 A means by which to contact the sender (to be effective for at
least sixty days)
 An “unsubscribe” mechanism
When not practical to include in CEM, this
information must be posted on a website and the
CEM must include a link to that website, which is
clearly and prominently set out in message and is
readily accessible

34. “Unsubscribe” Mechanism:
 Must be effective for 60 days
 Must be given effect within 10 days of request
 Must be at no cost to requester

35. Exemptions to CEM Requirements
 Complete exemptions:
 Exempts organization from complying with all CEM
requirements (i.e., consent & info & unsubscribe)
 Partial exemptions:
 Exempts organization from complying only with consent
requirement
 Must still include prescribed info & unsubscribe in CEMs
 The organization must prove that it meets one of those
exemptions
 Due to time constraints, I will only be covering the Registered
Charities Exemption in this presentation (contact me for details
of other exemptions)

36. Registered Charities Exemption
CEMs sent by or on behalf of a registered
charity and “the message has as its
primary purpose raising funds for the
charity”

37. Charities Exemption
 Org must be a registered charity
 NOT A BLANK EXEMPTION  will depend on
the content of the CEM
 According to Industry Canada – “raising funds” is
broader than “fundraising” (as defined by CRA) –
includes the sale of tickets and services (e.g.,
galas) as long as funds are intended for the
charity and not another recipient

38. Charities exemption (cont’d)
 According to CRTC staff (FAQs posted July 4, 2014):
 “The “primary purpose” of a CEM means the main reason or main purpose
of the CEM. There could be a secondary or additional purpose to the
message, but the principal purpose of the CEM must be to raise funds for
the charity.”
 “Given that legitimate messages sent by registered charities raising funds
are exempt under the Act, the CRTC will focus on messages sent by
those attempting to circumvent the rules under the guise of a
registered charity.”
 E-Newsletters – may be exempt if contain a request for donations or a
logo of a corporate sponsor; BUT not exempt if promote / advertise
commercial activity that is not of the charity (e.g, a corporate sponsor)

39.  Warning!  it is questionable whether the
“primary purpose test” would be interpreted and
applied the same as the CRTC by a court in a civil
action
 Concern - “Primary purpose” may be interpreted
from the point of view of the receiver of the email
and not of the sender
Charities exemption (cont’d)

40. Best Practices Recommendation
 It is recommended that registered charities not
rely exclusively on this exemption
 Develop and implement a consent-based policy
 If choose to rely on exemption, do so only for
CEMs for “primary purpose of raising funds” and
designate a qualified person (e.g., legal counsel;
compliance officer etc.) to vet content of CEMs

41. 2) “Personal” or “family” relationship
3) A CEM that consists solely of an inquiry or application
4) Solicited CEMs - sent in response to a request, inquiry or
complaint, or otherwise solicited by the person to whom the
message is sent
5) Internal CEMs – sent within an organization / business and
concerns the activities of that organization / business
6) B2B - CEMs between organizations / business – if the businesses
/ organizations “have a relationship” and the CEM concerns
activities of the receiver business / organization
7) CEMs sent to enforce a legal right
Complete exemption (cont’d)

42. 8) CEMs sent within an electronic platform where “unsubscribe” and
identifying information is conspicuously published and readily
available (e.g., within a social network)
9) CEM sent within a limited-access secure account by the person
who provides that account (e.g., banking portals)
10) CEM sent by a political party for the primary purpose of soliciting
contributions
11) CEMs sent to a foreign jurisdiction (but must comply with foreign
anti-spam laws)
12) Two way voice communications
13) Faxes and voicemail messages sent to telephone accounts
14) Telecommunication Service Providers
CEM Exemptions (cont’d)

43.  In limited circumstances, there is no need to obtain consent but
must still include prescribed information (identifying info +
unsubscribe):
1) Third party referral - the first CEM sent to a person based on a referral
from a third party, after which consent will be needed for added CEMs
2) Provision of quote or estimate in response to a request
3) Warranty, recall or product safety information
4) CEM that delivers a product or service, including updates and upgrades
5) CEM that facilitates or confirms transactions
6) CEM that provides factual information about:
 Ongoing subscription, membership, accounts, loans
 Ongoing use or ongoing purchases
 Employment relations or benefit plans for employees
Partial Exemptions

44. Basic Recommendations for
CASL Compliance

45. Recommendations
Tip #1: Get Your Board Onboard.
 Decisions respecting CASL should form part of
the organization’s overall risk management
strategies
 Decisions must be made at board and executive
levels
 If you are not getting the board to pay attention
– remind them of the D&O liability

46. Recommendations (cont’d)
TIP #2: CONDUCT AN AUDIT
1. What forms of electronic communications does the organization
use to communicate with internal and external parties?
2. On behalf of which entities does the organization send electronic
communications?
3. What third-parties send electronic communications on your
organization’s behalf?
4. To whom does the organization send electronic communications?
5. What do these communications contain?
6. What is the purpose of sending the electronic communications?

47.  TIP#3: Develop and Implement CASL
Compliance Policies and Procedures
 Due Diligence Defence - a complete defence to
CASL violations
Recommendations (cont’d)

48. Compliance Policies (cont’)
 Develop and implement procedures for:
 requesting, maintaining and implementing
consents
 keeping track of implied consents
 implementing “unsubscribe” requests
 Develop and implement CASL compliant language

49. TIP #4: Training and Education
 Train and educate management, employees
and volunteers on CASL requirements
 Develop a training program
 Ensure all new hires / volunteers receive
training
 Consider training third-parties that are
sending CEMs on your behalf
Recommendations (cont’d)

50.  TIP#5: Review your contracts with third parties
– require CASL compliance and include
indemnification provisions for non-compliance
 TIP#6: Consider buying insurance for CASL
 TIP#7: Consult with IT specialists
Recommendations (cont’d)

51. Other CASL Requirements (non CEM)
1) Installation of computer programs
2) Unauthorized electronic collection of personal
information
3) Email address harvesting
4) Prohibition against misleading marketing /
advertising in electronic format

52. Electronic Collection / Use Of Personal Information and
Address Harvesting
 CASL prohibits anyone from using electronic systems to
collect and use personal information and email addresses
without the express consent of the person whose
information is collected / used
 Review your online marketing strategy - does it perform any
of these functions?
 If yes - consider eliminating the practice altogether or
obtaining consent

53. How Can I Help You?
 Auditing of current and future practices
 Advice on developing and implementing CASL
compliance
 Drafting and review of compliance policies,
processes, and documentation
 Drafting and review of third party contracts
 Compliance training
 Representation before regulators and courts

54. Maanit Zemel
www.canadatechlaw.com
maanit@canadatechlaw.com
(416) 646-1946
Twitter: @maanitzemel
LinkedIn: www.linkedin.com/in/maanit-zemel-9995223
© All rights reserved. This presentation may not be reproduced and redistributed without the prior written consent of the author.