The countdown to CASL is almost over: there are only 12 business days until the anti-spam provisions of CASL – and most of the penalties for non-compliance – come into effect. If you (and/or your organization and/or its members) haven’t done anything to prepare for CASL, here are the 5 most urgent things to do before the anti-spam provisions take effect on July 1, 2014:
- Act Now. It’s important to act before CASL’s anti-spam provisions take effect:– Consent to Send An Email Asking for Consent. After July 1st, you need consent to send any commercial electronic message (CEM) – even one asking for consent to send a CEM. If you don’t have it by then, you’ll have to get it some way other than email, which could take more time and money.– No “Grace Period”. The right to sue for a CASL contravention takes effect in 2017 – but all other consequences for CASL non-compliance kick in on July 1, 2014 and they can be significant.
- Comply With Content and Unsubscribe Requirements. Make sure every “commercial” email leaving your organization meets CASL’s content and unsubscribe requirements. Depending on size and capabilities, you might be able to change the template for all the organization’s emails, or every member of your organization might have to add the information to each email – but however you do it, each email should include:
– Content. Disclosure of legally-mandated information about the email’s sender(s); andUnsubscribe. A way for people to “unsubscribe” or otherwise indicate they don’t consent or withdraw their consent (at a later date).
- Get as Many Express Consents as You Can. Send a mass email – clear, persuasive and user-friendly – to every contact asking her to consent to receive CEMs from you. If you have time before July 1st, send a second email to contacts who don’t respond to the first. Again depending on size and capabilities, you might direct recipients to an electronic consent mechanism. If not, ask them to email you back – but tell them what to say: “I consent [do not consent] to receiving commercial electronic messages from [name of person or organization, or organization and any member of it]”.
- Deal With Responses. You’ll get both positive (“I consent”) and negative (“I don’t consent”) responses to your email. Record all the responses, whether in an electronic database or manually. Remember: the onus will always be on you to prove that you have consent:– I Consent. You can continue to send CEMs to these contacts after July 1st (unless they later withdraw consent).– I Don’t Consent. Don’t send anyone who says she does not consent (however she indicates it, whether now or in the future) any more CEM’s after July 1st – you have 10 days to “unsubscribe” her.
- Deal with Non-Responses. You probably won’t hear from a lot of contacts by July 1st. Review each one and decide what to do:
– “Existing Relationship”. If your relationship with the contact meets the definition of an “Existing Business Relationship” or an “Existing Non-Business Relationship” (CASL defines both of these), you have her implied consent. You can send these contacts CEMs (that comply with CASL) even after July 1st. But remember: most cases of implied consent expire – including these “Existing” relationships and the implied consent. After they expire, you need express consent. So keep trying to get it from these contacts with further emails or otherwise until the implied consent expires.
– “No Existing Relationship.” If you don’t have an “Existing” relationship, you can’t send her a CEM – even one asking for consent – after July 1st unless she later gives you consent. You can try to get consent from these contacts another way (such as snail mail or telephone), or “delete” them altogether, but no more CEMs until they consent.
Keep Moving. These 5 things get you to July 1st, but not through the long haul. Keep moving and create, implement or update your CASL compliance program. Visit McInnes Cooper’s CASL Knowledge Page at www.mcinnescooper.com/services/privacy/casl/ and click on the Publications Tab to learn more about CASL, including:
- What a “commercial electronic message” (CEM) is
- What email messages CASL does not regulate
- Mandatory content and unsubscribe requirements
- When “express” and “implied” consent are
- What the “Existing” relationships are and how long they last
- Consequences of CASL non-compliance
- Whether CASL affects you
McInnes Cooper has prepared this article for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this article. McInnes Cooper excludes all liability for anything contained in this article and any use you make of it.
© McInnes Cooper, 2014. All rights reserved. McInnes Cooper owns the copyright in this article. You may only reproduce and distribute it with McInnes Cooper’s consent. Email McInnes Cooper at firstname.lastname@example.org to request consent.
David Fraser is a partner with McInnes Cooper and leads its Privacy Law and CASL Teams. David is recognized as a foremost Canadian technology and privacy lawyer and has extensive experience advising private and public sector clients on implementing compliance programs for Canadian privacy legislation, including CASL. You can reach David at email@example.com.
Thomas Raffy is a fully bilingual lawyer with McInnes Cooper and a member its Privacy Law, CASL and Corporate and Business Law Teams. You can reach Thomas at firstname.lastname@example.org.