Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Update on Canada's Anti-Spam Legislation for Nonprofits and Charities


Published on

Back by popular demand, Maanit Zemel from Zemel van Kampen LLP (, will walk nonprofits through Canada's Anti-Spam Legislation (CASL) for nonprofits and charities, and what's involved in the next deadline for CASL that will come into effect on July 1st, 2017.

What you will learn in this webinar:
- How CASL applies to nonprofits and charities
- What's changing in the next deadline, July 1st, 2017*: transition period for implied consent ends
- How to be compliant with the legislation

*Update as of June 7th 2017: CASL Private Right of Action indefinitely suspended and will not take effect on July 1st, 2017. Read more:

Published in: Law
  • Be the first to comment

  • Be the first to like this

Update on Canada's Anti-Spam Legislation for Nonprofits and Charities

  1. 1. Are you ready for July 1, 2017? An Update on Canada’s Anti-Spam Legislation (CASL) Brought to you by
  2. 2. Hi,We’re from TechSoup Canada. Our mission is to help nonprofits use tech effectively.
  3. 3. Nonprofits can save money on tech products through the Technology Donations Program Register your charity, nonprofit or library to see which products you’re eligible for:
  4. 4. You have access to free nonprofit tech resources @techsoupcanada
  5. 5. GoToWebinar Logistics 1 3 2 1. Close/expand GoToWebinar panel 2. Submit a question/comment via Chat 3. View and select your audio  You can hear us, but we can’t hear you!  Can’t hear? Try turning up your volume or call in  Have a question? Use the Q&A box  Slides are available under “Handouts” and the recording will be available post-webinar  Please fill in the post-webinar survey!
  6. 6. Today’s hosts Moderator: Louise Howes Board of Directors, Volunteer BC Moderator: Joyce Hsu Communications Manager, TechSoup Canada Moderator: Ben Losman Communications Coordinator, TechSoup Canada
  7. 7. W: T: 604-379-2311 E: WHO WE ARE Volunteer BC is the provincial voice of volunteerism with the goal of promoting the value of volunteerism and building healthy BC communities.
  8. 8. About the speaker Maanit Zemel, Esq. • Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a Technology Law & Litigation boutique law firm in Toronto • Ms. Zemel has substantial experience and expertise in internet law, including CASL, online defamation, cyberbullying and commercial litigation • She has advised multiple non-profit organizations and charities on CASL compliance and drafted their template compliance policies, including for large umbrella organizations. • Ms. Zemel is also a part-time member of the Ontario Landlord and Tenant Board, and teaches business law at The University of Toronto and Ryerson University Lawyer and Co-founder of Zemel van Kampen LLP
  9. 9. Canada’s Anti-Spam Legislation (CASL) Presented by: Maanit Zemel Partner, Zemel van Kampen LLP Webinar hosted by Techsoup Canada June 22, 2017
  10. 10. Maanit Zemel (Bio)  Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a Technology Law & Litigation boutique law firm in Toronto. Ms. Zemel has substantial experience and expertise in internet law, including Canada’s Anti-Spam Legislation (CASL), online defamation, and cyberbullying. Ms. Zemel also has substantial experience in commercial litigation involving domestic and international disputes.  Ms. Zemel has advised multiple non-profit organizations and charities on CASL compliance and has drafted their template compliance policies, including for large umbrella organizations.  In addition to her law practice, Ms. Zemel is a part-time member of the Ontario Landlord and Tenant Board (an adjudicative tribunal), where she adjudicates disputes between residential landlords and tenants. Ms. Zemel also teaches business law at The University of Toronto and Ryerson University.
  11. 11. DISCLAIMER This presentation is provided as information only. The information is not meant as legal opinion or advice. Viewers are cautioned not to act on information provided in this publication without seeking specific legal advice with respect to their unique circumstances.
  12. 12. Overview 1. Overview of Canada’s Anti-Spam Legislation (CASL) 2. Commercial Electronic Messages (CEM) 3. The Charities Exemption 4. Recommendations
  13. 13. What is Canada’s Anti-Spam Legislation (“CASL”)? The problem:
  14. 14. What is CASL? (cont’d)  CASL regulates all “Commercial Electronic Messages” sent or accessed from a computer in Canada  CASL also regulates broad range of electronic / online activities including:  The installation of computer programs  Misleading advertising and marketing practices  Privacy invasion via your computer  Collecting email addresses without consent (email harvesting)
  15. 15. Enforcement of CASL  Anyone can complain to the regulators by filing a complaint at:  3 Regulating Bodies 1) CRTC – CEMs and installation of computer programs 2) Privacy Commissioner – collection of personal information and address harvesting 3) Competition Bureau – misleading online advertising and marketing practices
  16. 16. Significant Consequences for Non-Compliance  Administrative monetary penalties:  Individuals – fines up to $1 million per violation  Corporations – fines up to $10 million per violation  Private rights of action – NOT YET IN FORCE  Class actions - not yet in force  Vicarious liability of organization for employees  Liability of officers and directors for acts of corporation / organization  Sweeping investigative powers (search and seizure orders)
  17. 17. CASL Enforcement so far…  As of Feb 2016 – over 500,000 complaints filed with CRTC  CRTC tribunal decisions:  Rapanos (individual) - $15,000  Blackstone – $50,000  Notices of violation:  CompuFinder – $1.1 million  Undertakings:  Kellogg - $60,000  Rogers - $200,000  Porter airlines - $150,000  Plentyoffish - $48,000
  18. 18. Due Diligence Defence  An absolute defence to alleged CASL violation  Available to an organization that develops and implements a comprehensive and effective CASL compliance policy  It is not enough to have a policy – must implement and train on policy
  19. 19. Commercial Electronic Messages (“CEM”)
  20. 20. Commercial Electronic Messages (“CEM”s)  What is a CEM? CEM is a message sent by any electronic means (i.e., email, text, instant message, tweet) that has, as its purpose, or one of its purposes, to encourage participation in a “commercial activity”
  21. 21. What is a CEM (cont’d) “Commercial activity” is: “any particular transaction, act or conduct that is of a commercial character whether or not the person who carries it out does so in the expectation of profit”
  22. 22. CEM Definition (cont’d)  Definition of “commercial activity” very broad  Applies to any “transaction, act or conduct”  suggests there does not have to be an exchange  Applies to non-profit activities  Applies to charitable funds
  23. 23. Do Charities / NPOs Transmit CEMs?  Yes!  Examples of CEMs:  Emails seeking donations  Emails selling tickets to an event / lottery  Emails promoting services  Emails promoting a charitable event / activity  Emails promoting the organization / charity  E-Newsletters  What is not a CEM?  message with purely educational purpose & content
  24. 24. CEM Requirements  You are prohibited from sending a CEM to an electronic address unless: 1. The receiver has already consented to the receipt of the CEM – it is an “OPT IN” regime; 2. The CEM contains certain prescribed information; and 3. The CEM contains an unsubscribe mechanism
  25. 25. CEM Consent Requirements  CEMs may only be sent with recipient’s express or implied consent  Onus of proving consent rests with sender  An electronic message requesting consent is a CEM and is therefore prohibited
  26. 26. Express Consent •Request for express consent may be obtained orally or in writing •There are specific requirements as to what should be included in request for consent
  27. 27. Implied Consent  Indefinite Implied Consent:  the recipient has: 1. “conspicuously published” his/her electronic address (on a website for example) 2. has not indicated a desire to not receive unsolicited CEMs; and 3. the message is relevant to recipient’s business role, duties or functions - OR -  the recipient has: 1. disclosed his/her electronic address to sender without indicating a wish not to receive unsolicited CEMs (e.g., business card); and 2. message is relevant to person’s role or duties in business or official capacity
  28. 28. Implied Consent (cont’d) – “Non-Business Relationship”  Consent is implied when:  Sender is registered charity (as defined in ITA) and recipient made donation or performed volunteer work in preceding two years OR  Sender is a non-profit org and recipient has been a valid member in the preceding two years
  29. 29. Implied consent (cont’d) The 2 year period for donors/volunteers begins to run at the last date of donation /volunteering The 2 year period of implied consent for members begins to run when the membership is terminated. There are other prescribed circumstances for implied consent (e.g., existing business relationship; “conspicuous publication” etc.)
  30. 30. Implied Consent (cont’d) – “Existing Business Relationship”  In the two years prior to the sending of the CEM, the recipient had:  Purchased / leased / bartered a product / good / service / land from the organization;  accepted a business / investment / gaming opportunity offered by the organization; or  a written contract is created between the recipient and the organization.  Or - Six months before the message is sent, the organization received from the recipient an inquiry or application about one of the items above.
  31. 31. Warnings re: Implied Consent  Expires at the end of the relevant period  Must keep track of the relevant period  You must still include prescribed information and unsubscribe mechanism  Ends when person unsubscribes (opts out)  You must implement requests to unsubscribe
  32. 32.  3 Year Transitional Period:  For parties who were in an existing business or non- business relationship prior to July 1, 2014 and were sending CEMs - implied consent is extended until July 1, 2017  This means that charities have implied consent to send CEMs to their former donors / volunteers until July 1, 2017 Implied consent (cont’d)
  33. 33. Information Requirements for CEMs All CEMs must include:  Name, mailing address and either email / tel. #/ website  A means by which to contact the sender (to be effective for at least sixty days)  An “unsubscribe” mechanism When not practical to include in CEM, this information must be posted on a website and the CEM must include a link to that website, which is clearly and prominently set out in message and is readily accessible
  34. 34. “Unsubscribe” Mechanism:  Must be effective for 60 days  Must be given effect within 10 days of request  Must be at no cost to requester
  35. 35. Exemptions to CEM Requirements  Complete exemptions:  Exempts organization from complying with all CEM requirements (i.e., consent & info & unsubscribe)  Partial exemptions:  Exempts organization from complying only with consent requirement  Must still include prescribed info & unsubscribe in CEMs  The organization must prove that it meets one of those exemptions  Due to time constraints, I will only be covering the Registered Charities Exemption in this presentation (contact me for details of other exemptions)
  36. 36. Registered Charities Exemption CEMs sent by or on behalf of a registered charity and “the message has as its primary purpose raising funds for the charity”
  37. 37. Charities Exemption  Org must be a registered charity  NOT A BLANK EXEMPTION  will depend on the content of the CEM  According to Industry Canada – “raising funds” is broader than “fundraising” (as defined by CRA) – includes the sale of tickets and services (e.g., galas) as long as funds are intended for the charity and not another recipient
  38. 38. Charities exemption (cont’d)  According to CRTC staff (FAQs posted July 4, 2014):  “The “primary purpose” of a CEM means the main reason or main purpose of the CEM. There could be a secondary or additional purpose to the message, but the principal purpose of the CEM must be to raise funds for the charity.”  “Given that legitimate messages sent by registered charities raising funds are exempt under the Act, the CRTC will focus on messages sent by those attempting to circumvent the rules under the guise of a registered charity.”  E-Newsletters – may be exempt if contain a request for donations or a logo of a corporate sponsor; BUT not exempt if promote / advertise commercial activity that is not of the charity (e.g, a corporate sponsor)
  39. 39.  Warning!  it is questionable whether the “primary purpose test” would be interpreted and applied the same as the CRTC by a court in a civil action  Concern - “Primary purpose” may be interpreted from the point of view of the receiver of the email and not of the sender Charities exemption (cont’d)
  40. 40. Best Practices Recommendation  It is recommended that registered charities not rely exclusively on this exemption  Develop and implement a consent-based policy  If choose to rely on exemption, do so only for CEMs for “primary purpose of raising funds” and designate a qualified person (e.g., legal counsel; compliance officer etc.) to vet content of CEMs
  41. 41. 2) “Personal” or “family” relationship 3) A CEM that consists solely of an inquiry or application 4) Solicited CEMs - sent in response to a request, inquiry or complaint, or otherwise solicited by the person to whom the message is sent 5) Internal CEMs – sent within an organization / business and concerns the activities of that organization / business 6) B2B - CEMs between organizations / business – if the businesses / organizations “have a relationship” and the CEM concerns activities of the receiver business / organization 7) CEMs sent to enforce a legal right Complete exemption (cont’d)
  42. 42. 8) CEMs sent within an electronic platform where “unsubscribe” and identifying information is conspicuously published and readily available (e.g., within a social network) 9) CEM sent within a limited-access secure account by the person who provides that account (e.g., banking portals) 10) CEM sent by a political party for the primary purpose of soliciting contributions 11) CEMs sent to a foreign jurisdiction (but must comply with foreign anti-spam laws) 12) Two way voice communications 13) Faxes and voicemail messages sent to telephone accounts 14) Telecommunication Service Providers CEM Exemptions (cont’d)
  43. 43.  In limited circumstances, there is no need to obtain consent but must still include prescribed information (identifying info + unsubscribe): 1) Third party referral - the first CEM sent to a person based on a referral from a third party, after which consent will be needed for added CEMs 2) Provision of quote or estimate in response to a request 3) Warranty, recall or product safety information 4) CEM that delivers a product or service, including updates and upgrades 5) CEM that facilitates or confirms transactions 6) CEM that provides factual information about:  Ongoing subscription, membership, accounts, loans  Ongoing use or ongoing purchases  Employment relations or benefit plans for employees Partial Exemptions
  44. 44. Basic Recommendations for CASL Compliance
  45. 45. Recommendations Tip #1: Get Your Board Onboard.  Decisions respecting CASL should form part of the organization’s overall risk management strategies  Decisions must be made at board and executive levels  If you are not getting the board to pay attention – remind them of the D&O liability
  46. 46. Recommendations (cont’d) TIP #2: CONDUCT AN AUDIT 1. What forms of electronic communications does the organization use to communicate with internal and external parties? 2. On behalf of which entities does the organization send electronic communications? 3. What third-parties send electronic communications on your organization’s behalf? 4. To whom does the organization send electronic communications? 5. What do these communications contain? 6. What is the purpose of sending the electronic communications?
  47. 47.  TIP#3: Develop and Implement CASL Compliance Policies and Procedures  Due Diligence Defence - a complete defence to CASL violations Recommendations (cont’d)
  48. 48. Compliance Policies (cont’)  Develop and implement procedures for:  requesting, maintaining and implementing consents  keeping track of implied consents  implementing “unsubscribe” requests  Develop and implement CASL compliant language
  49. 49. TIP #4: Training and Education  Train and educate management, employees and volunteers on CASL requirements  Develop a training program  Ensure all new hires / volunteers receive training  Consider training third-parties that are sending CEMs on your behalf Recommendations (cont’d)
  50. 50.  TIP#5: Review your contracts with third parties – require CASL compliance and include indemnification provisions for non-compliance  TIP#6: Consider buying insurance for CASL  TIP#7: Consult with IT specialists Recommendations (cont’d)
  51. 51. Other CASL Requirements (non CEM) 1) Installation of computer programs 2) Unauthorized electronic collection of personal information 3) Email address harvesting 4) Prohibition against misleading marketing / advertising in electronic format
  52. 52. Electronic Collection / Use Of Personal Information and Address Harvesting  CASL prohibits anyone from using electronic systems to collect and use personal information and email addresses without the express consent of the person whose information is collected / used  Review your online marketing strategy - does it perform any of these functions?  If yes - consider eliminating the practice altogether or obtaining consent
  53. 53. How Can I Help You?  Auditing of current and future practices  Advice on developing and implementing CASL compliance  Drafting and review of compliance policies, processes, and documentation  Drafting and review of third party contracts  Compliance training  Representation before regulators and courts
  54. 54. Maanit Zemel (416) 646-1946 Twitter: @maanitzemel LinkedIn: © All rights reserved. This presentation may not be reproduced and redistributed without the prior written consent of the author.