Canada’s Anti-Spam Law (CASL)
Third-party consent & compliance
Canada’s new anti-spam law will be in effect by early 2014…but you already knew that. So here are some aspects of the legislation that you may not be familiar with.
By Miyo Yamashita and Sylvia Kingsmill
A Commercial Electronic Message (CEM) is any electronic message that encourages participation in a commercial activity, such as an email that contains a coupon or tells customers about a promotion or sale. In today’s digital world, when you give your consent to receiving CEMs from one organization, you’ve often also consented to receive communications from related, but unknown, third parties. But under the new CASL regulations, consent to receive those third-party CEMs is valid only if you can unsubscribe from the message and alert the original organization that you have withdrawn your consent. At that point, the original organization must notify all third parties that consent has been withdrawn.
- In essence, this introduces new CEM rules that must be followed by both the party obtaining consent and the parties using that consent.
Compliance: what you need to know now
Although CASL is not slated to come into force until late 2013 or early 2014, you can take steps now to comply early and avoid monetary penalties, civil liability and potential damage to your organization’s reputation.
Start by doing these things right away:
- Review your current state. Identify compliance gaps by examining your current consents, unsubscribe methods, electronic communication practices and cross-marketing initiatives with affiliates.
- Develop an implementation plan. Getting to a ready-state for CASL can take weeks or even months. And it depends on the extent of online marketing and business development your organization conducts. It pays to start early.
- Get express consent. Express consent does not expire unless it is revoked. So it makes sense to convert your “implied consents” into express “opt-in” consents.
- Make it stick. To ensure ongoing compliance, consider appointing a CASL compliance officer to oversee all aspects of compliance from reviewing your online communications to implementing appropriate policies and procedures.
For a closer look at the requirements set out by CASL, read Managing the message: Canada’s new anti-spam law sets a high bar. Detailed information about the new regulations is also outlined in this FAQ.
We monitor all CASL news as it’s released, so we’ll update you on the developments that matter most. In the meantime, if you have any questions, please don’t hesitate to contact us or to post a comment below.
Do you have a CASL-compliance plan? We’d love to hear about it!
Sylvia Kingsmill is a senior manager with our Enterprise risk practice. With over 10 years of experience in compliance risk management, privacy and regulatory risk reporting, Sylvia helps clients across many industries navigate their regulatory environments and understand their audit and reporting obligations. Her specialty is implementing consumer protection laws and liaising with regulators on behalf of clients.