Back by popular demand, Maanit Zemel from Zemel van Kampen LLP (http://www.canadatechlaw.com), will walk nonprofits through Canada's Anti-Spam Legislation (CASL) for nonprofits and charities, and what's involved in the next deadline for CASL that will come into effect on July 1st, 2017.
What you will learn in this webinar:
- How CASL applies to nonprofits and charities
- What's changing in the next deadline, July 1st, 2017*: transition period for implied consent ends
- How to be compliant with the legislation
*Update as of June 7th 2017: CASL Private Right of Action indefinitely suspended and will not take effect on July 1st, 2017. Read more: https://www.the-cma.org/resource/newsroom/2017/casl-pra-suspension
3. Nonprofits can save money on tech products through
the Technology Donations Program
Register your charity, nonprofit or library to see which products you’re
eligible for: www.TechSoupCanada.ca/Getting_Started
4. You have access to free nonprofit tech resources
facebook.com/techsoupcanada
techsoupcanada.ca/learning_centre
techsoupcanada.ca/webinar
@techsoupcanada
techsoupcanada.ca/blog
techsoupcanada.ca/newslettersubscribe
5. GoToWebinar Logistics
1 3
2
1. Close/expand GoToWebinar panel
2. Submit a question/comment via
Chat
3. View and select your audio
You can hear us, but we can’t hear you!
Can’t hear? Try turning up your volume or call in
Have a question? Use the Q&A box
Slides are available under “Handouts”
and the recording will be available
post-webinar
Please fill in the post-webinar survey!
6. Today’s hosts
Moderator: Louise Howes
Board of Directors, Volunteer BC
Moderator: Joyce Hsu
Communications Manager, TechSoup Canada
Moderator: Ben Losman
Communications Coordinator, TechSoup Canada
7. W: www.volunteerbc.bc.ca
T: 604-379-2311
E: volunteerbc@gmail.com
WHO WE ARE
Volunteer BC is the provincial voice of volunteerism
with the goal of promoting the value of
volunteerism and building healthy BC communities.
8. About the speaker
Maanit Zemel, Esq.
• Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a
Technology Law & Litigation boutique law firm in Toronto
• Ms. Zemel has substantial experience and expertise in internet law,
including CASL, online defamation, cyberbullying and commercial litigation
• She has advised multiple non-profit organizations and charities on CASL
compliance and drafted their template compliance policies, including for
large umbrella organizations.
• Ms. Zemel is also a part-time member of the Ontario Landlord and Tenant
Board, and teaches business law at The University of Toronto and Ryerson
University
Lawyer and Co-founder of Zemel van Kampen LLP
10. Maanit Zemel (Bio)
Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a Technology
Law & Litigation boutique law firm in Toronto. Ms. Zemel has substantial experience
and expertise in internet law, including Canada’s Anti-Spam Legislation (CASL), online
defamation, and cyberbullying. Ms. Zemel also has substantial experience in
commercial litigation involving domestic and international disputes.
Ms. Zemel has advised multiple non-profit organizations and charities on CASL
compliance and has drafted their template compliance policies, including for large
umbrella organizations.
In addition to her law practice, Ms. Zemel is a part-time member of the Ontario
Landlord and Tenant Board (an adjudicative tribunal), where she adjudicates disputes
between residential landlords and tenants. Ms. Zemel also teaches business law at The
University of Toronto and Ryerson University.
11. DISCLAIMER
This presentation is provided as information only. The
information is not meant as legal opinion or advice.
Viewers are cautioned not to act on information provided
in this publication without seeking specific legal advice
with respect to their unique circumstances.
12. Overview
1. Overview of Canada’s Anti-Spam Legislation (CASL)
2. Commercial Electronic Messages (CEM)
3. The Charities Exemption
4. Recommendations
14. What is CASL? (cont’d)
CASL regulates all “Commercial Electronic Messages”
sent or accessed from a computer in Canada
CASL also regulates broad range of electronic / online
activities including:
The installation of computer programs
Misleading advertising and marketing practices
Privacy invasion via your computer
Collecting email addresses without consent (email
harvesting)
15. Enforcement of CASL
Anyone can complain to the regulators by filing a complaint
at: www.fightspam.gc.ca
3 Regulating Bodies
1) CRTC – CEMs and installation of computer programs
2) Privacy Commissioner – collection of personal
information and address harvesting
3) Competition Bureau – misleading online advertising and
marketing practices
16. Significant Consequences for
Non-Compliance
Administrative monetary penalties:
Individuals – fines up to $1 million per violation
Corporations – fines up to $10 million per violation
Private rights of action – NOT YET IN FORCE
Class actions - not yet in force
Vicarious liability of organization for employees
Liability of officers and directors for acts of corporation / organization
Sweeping investigative powers (search and seizure orders)
17. CASL Enforcement so far…
As of Feb 2016 – over 500,000 complaints filed with CRTC
CRTC tribunal decisions:
Rapanos (individual) - $15,000
Blackstone – $50,000
Notices of violation:
CompuFinder – $1.1 million
Undertakings:
Kellogg - $60,000
Rogers - $200,000
Porter airlines - $150,000
Plentyoffish - $48,000
18. Due Diligence Defence
An absolute defence to alleged CASL violation
Available to an organization that develops and
implements a comprehensive and effective CASL
compliance policy
It is not enough to have a policy – must implement
and train on policy
20. Commercial Electronic Messages
(“CEM”s)
What is a CEM?
CEM is a message sent by any electronic means
(i.e., email, text, instant message, tweet) that
has, as its purpose, or one of its purposes, to
encourage participation in a “commercial
activity”
21. What is a CEM (cont’d)
“Commercial activity” is:
“any particular transaction, act or conduct that is
of a commercial character whether or not the
person who carries it out does so in the
expectation of profit”
22. CEM Definition (cont’d)
Definition of “commercial activity” very broad
Applies to any “transaction, act or conduct” suggests
there does not have to be an exchange
Applies to non-profit activities
Applies to charitable funds
23. Do Charities / NPOs Transmit CEMs?
Yes!
Examples of CEMs:
Emails seeking donations
Emails selling tickets to an event / lottery
Emails promoting services
Emails promoting a charitable event / activity
Emails promoting the organization / charity
E-Newsletters
What is not a CEM? message with purely
educational purpose & content
24. CEM Requirements
You are prohibited from sending a CEM to an
electronic address unless:
1. The receiver has already consented to the
receipt of the CEM – it is an “OPT IN”
regime;
2. The CEM contains certain prescribed
information; and
3. The CEM contains an unsubscribe
mechanism
25. CEM Consent Requirements
CEMs may only be sent with recipient’s express or
implied consent
Onus of proving consent rests with sender
An electronic message requesting consent is a CEM and
is therefore prohibited
26. Express Consent
•Request for express consent may be
obtained orally or in writing
•There are specific requirements as to what
should be included in request for consent
27. Implied Consent
Indefinite Implied Consent:
the recipient has:
1. “conspicuously published” his/her electronic address (on a website
for example)
2. has not indicated a desire to not receive unsolicited CEMs; and
3. the message is relevant to recipient’s business role, duties or
functions
- OR -
the recipient has:
1. disclosed his/her electronic address to sender without indicating a
wish not to receive unsolicited CEMs (e.g., business card); and
2. message is relevant to person’s role or duties in business or official
capacity
28. Implied Consent (cont’d) –
“Non-Business Relationship”
Consent is implied when:
Sender is registered charity (as defined in ITA)
and recipient made donation or performed
volunteer work in preceding two years
OR
Sender is a non-profit org and recipient has
been a valid member in the preceding two
years
29. Implied consent (cont’d)
The 2 year period for donors/volunteers begins to
run at the last date of donation /volunteering
The 2 year period of implied consent for members
begins to run when the membership is
terminated.
There are other prescribed circumstances for
implied consent (e.g., existing business
relationship; “conspicuous publication” etc.)
30. Implied Consent (cont’d) –
“Existing Business Relationship”
In the two years prior to the sending of the CEM, the recipient
had:
Purchased / leased / bartered a product / good / service / land from the
organization;
accepted a business / investment / gaming opportunity offered by the
organization; or
a written contract is created between the recipient and the organization.
Or - Six months before the message is sent, the organization
received from the recipient an inquiry or application about one of
the items above.
31. Warnings re: Implied Consent
Expires at the end of the relevant period
Must keep track of the relevant period
You must still include prescribed information and
unsubscribe mechanism
Ends when person unsubscribes (opts out)
You must implement requests to unsubscribe
32. 3 Year Transitional Period:
For parties who were in an existing business or non-
business relationship prior to July 1, 2014 and were
sending CEMs - implied consent is extended until July 1,
2017
This means that charities have implied consent to send
CEMs to their former donors / volunteers until July 1,
2017
Implied consent (cont’d)
33. Information Requirements for CEMs
All CEMs must include:
Name, mailing address and either email / tel. #/ website
A means by which to contact the sender (to be effective for at
least sixty days)
An “unsubscribe” mechanism
When not practical to include in CEM, this
information must be posted on a website and the
CEM must include a link to that website, which is
clearly and prominently set out in message and is
readily accessible
34. “Unsubscribe” Mechanism:
Must be effective for 60 days
Must be given effect within 10 days of request
Must be at no cost to requester
35. Exemptions to CEM Requirements
Complete exemptions:
Exempts organization from complying with all CEM
requirements (i.e., consent & info & unsubscribe)
Partial exemptions:
Exempts organization from complying only with consent
requirement
Must still include prescribed info & unsubscribe in CEMs
The organization must prove that it meets one of those
exemptions
Due to time constraints, I will only be covering the Registered
Charities Exemption in this presentation (contact me for details
of other exemptions)
36. Registered Charities Exemption
CEMs sent by or on behalf of a registered
charity and “the message has as its
primary purpose raising funds for the
charity”
37. Charities Exemption
Org must be a registered charity
NOT A BLANK EXEMPTION will depend on
the content of the CEM
According to Industry Canada – “raising funds” is
broader than “fundraising” (as defined by CRA) –
includes the sale of tickets and services (e.g.,
galas) as long as funds are intended for the
charity and not another recipient
38. Charities exemption (cont’d)
According to CRTC staff (FAQs posted July 4, 2014):
“The “primary purpose” of a CEM means the main reason or main purpose
of the CEM. There could be a secondary or additional purpose to the
message, but the principal purpose of the CEM must be to raise funds for
the charity.”
“Given that legitimate messages sent by registered charities raising funds
are exempt under the Act, the CRTC will focus on messages sent by
those attempting to circumvent the rules under the guise of a
registered charity.”
E-Newsletters – may be exempt if contain a request for donations or a
logo of a corporate sponsor; BUT not exempt if promote / advertise
commercial activity that is not of the charity (e.g, a corporate sponsor)
39. Warning! it is questionable whether the
“primary purpose test” would be interpreted and
applied the same as the CRTC by a court in a civil
action
Concern - “Primary purpose” may be interpreted
from the point of view of the receiver of the email
and not of the sender
Charities exemption (cont’d)
40. Best Practices Recommendation
It is recommended that registered charities not
rely exclusively on this exemption
Develop and implement a consent-based policy
If choose to rely on exemption, do so only for
CEMs for “primary purpose of raising funds” and
designate a qualified person (e.g., legal counsel;
compliance officer etc.) to vet content of CEMs
41. 2) “Personal” or “family” relationship
3) A CEM that consists solely of an inquiry or application
4) Solicited CEMs - sent in response to a request, inquiry or
complaint, or otherwise solicited by the person to whom the
message is sent
5) Internal CEMs – sent within an organization / business and
concerns the activities of that organization / business
6) B2B - CEMs between organizations / business – if the businesses
/ organizations “have a relationship” and the CEM concerns
activities of the receiver business / organization
7) CEMs sent to enforce a legal right
Complete exemption (cont’d)
42. 8) CEMs sent within an electronic platform where “unsubscribe” and
identifying information is conspicuously published and readily
available (e.g., within a social network)
9) CEM sent within a limited-access secure account by the person
who provides that account (e.g., banking portals)
10) CEM sent by a political party for the primary purpose of soliciting
contributions
11) CEMs sent to a foreign jurisdiction (but must comply with foreign
anti-spam laws)
12) Two way voice communications
13) Faxes and voicemail messages sent to telephone accounts
14) Telecommunication Service Providers
CEM Exemptions (cont’d)
43. In limited circumstances, there is no need to obtain consent but
must still include prescribed information (identifying info +
unsubscribe):
1) Third party referral - the first CEM sent to a person based on a referral
from a third party, after which consent will be needed for added CEMs
2) Provision of quote or estimate in response to a request
3) Warranty, recall or product safety information
4) CEM that delivers a product or service, including updates and upgrades
5) CEM that facilitates or confirms transactions
6) CEM that provides factual information about:
Ongoing subscription, membership, accounts, loans
Ongoing use or ongoing purchases
Employment relations or benefit plans for employees
Partial Exemptions
45. Recommendations
Tip #1: Get Your Board Onboard.
Decisions respecting CASL should form part of
the organization’s overall risk management
strategies
Decisions must be made at board and executive
levels
If you are not getting the board to pay attention
– remind them of the D&O liability
46. Recommendations (cont’d)
TIP #2: CONDUCT AN AUDIT
1. What forms of electronic communications does the organization
use to communicate with internal and external parties?
2. On behalf of which entities does the organization send electronic
communications?
3. What third-parties send electronic communications on your
organization’s behalf?
4. To whom does the organization send electronic communications?
5. What do these communications contain?
6. What is the purpose of sending the electronic communications?
47. TIP#3: Develop and Implement CASL
Compliance Policies and Procedures
Due Diligence Defence - a complete defence to
CASL violations
Recommendations (cont’d)
48. Compliance Policies (cont’)
Develop and implement procedures for:
requesting, maintaining and implementing
consents
keeping track of implied consents
implementing “unsubscribe” requests
Develop and implement CASL compliant language
49. TIP #4: Training and Education
Train and educate management, employees
and volunteers on CASL requirements
Develop a training program
Ensure all new hires / volunteers receive
training
Consider training third-parties that are
sending CEMs on your behalf
Recommendations (cont’d)
50. TIP#5: Review your contracts with third parties
– require CASL compliance and include
indemnification provisions for non-compliance
TIP#6: Consider buying insurance for CASL
TIP#7: Consult with IT specialists
Recommendations (cont’d)
51. Other CASL Requirements (non CEM)
1) Installation of computer programs
2) Unauthorized electronic collection of personal
information
3) Email address harvesting
4) Prohibition against misleading marketing /
advertising in electronic format
52. Electronic Collection / Use Of Personal Information and
Address Harvesting
CASL prohibits anyone from using electronic systems to
collect and use personal information and email addresses
without the express consent of the person whose
information is collected / used
Review your online marketing strategy - does it perform any
of these functions?
If yes - consider eliminating the practice altogether or
obtaining consent
53. How Can I Help You?
Auditing of current and future practices
Advice on developing and implementing CASL
compliance
Drafting and review of compliance policies,
processes, and documentation
Drafting and review of third party contracts
Compliance training
Representation before regulators and courts