Are you ready for the new anti-spam law?

There are serious consequences for non-compliance

You know the feeling: you check your email to find a laundry list of emails from various companies that you may or may not have dealt with in the past. Or a text pings on your smartphone ― and it’s unwanted spam. These types of messages are simply more clutter to clear, a chore that eats into your valuable time.

By Sylvia Kingsmill

On the other hand, you appreciate information about products and services you’re interested in offered by companies you like. You understand email is an important communications channel for businesses and ― for businesses that earned your trust and business ― being on a mailing list is a desirable thing.

Canada’s Anti-Spam Law (CASL) was drafted to keep unsolicited, unwanted electronic messages out of Canadians’ in-boxes while still permitting businesses, and consumers, to maintain mutually beneficial relationships. The law’s key feature requires Canadian organizations that send commercial electronic messages from within Canada to obtain consent from recipients before sending messages.

It’s one of the toughest laws of its kind in the world with fines of up to $10 million. Businesses that don’t comply risk serious penalties, including criminal and civil charges, or personal liability for company officers and directors.

Most consumers likely welcome these changes. But for businesses, achieving compliance is likely to be a long and complicated process in the months ahead.

The first phase comes into effect on Canada Day.

The countdown

Industry Canada released the anti-spam law’s final regulations on December 4, 2013, triggering the countdown to comply. The law will be enforced in three stages:

  • July 1, 2014: The anti-spam provisions take effect. Businesses will be required to have express opt-in consent, or implied consent, to send commercial electronic messages such as emails, texts and certain social media posts. Even the form of these messages is regulated: the sender must be prominently identified and contact information included, along with a way to unsubscribe.
  • January 15, 2015: The provisions relating to the unsolicited installation of computer programs or software come into force.
  • July 1, 2017: The private right of action will be enforced.

With these deadlines looming, businesses have a rapidly closing window during which to take an inventory of their electronic marketing practices, obtain any required consents and align their policies, processes, customer relationship management systems and staff training programs with CASL requirements.

While many companies have been preparing for compliance in recent months, they should re-familiarize themselves with the Act and take note of its newest regulations which:

  • clarified the definitions for personal and family relationships (which may be relevant for certain viral marketing initiatives)
  • introduced five new full exemptions from CASL
  • Retained and broadened the two proposed exceptions for B2B messages (within and between organizations)
  • explained how to share contact lists with “unknown third parties”
  • retained the partial exemption for “one-time” third-party referral messages
  • retained rules for the use of consents obtained by third-parties

New exemptions include commercial electronic messages:

  • sent from instant messaging platforms (e.g., BBM messenger, LinkedIn InMail) where the required identification and unsubscribe mechanisms are clearly published on the user interface
  • sent and received within online portals (e.g,. banking portals)
  • sent to listed foreign countries, where it is reasonable to believe that the message will be opened in a listed foreign country that has similar rules as CASL
  • sent by registered charities for the primary purpose of fundraising
  • sent by political parties seeking contributions

Businesses should also crack the spine on Canadian Radio-television and Telecommunications Commission regulations and its two sets of interpretation guidelines regarding the Act, as well as the Industry Canada Regulatory Impact Analysis Statement, also released on December 4, 2013.

Businesses have a three-year grace period after July 1, 2014 to verify and confirm consent

Not just a marketing issue

Beyond compliance, you may also need to evaluate how the new rules impact operations. For instance, marketing executives must assess the impact of the new anti-spam law on their digital marketing campaigns and ensure they obtain the consents they need to continue communicating electronically with prospects.

Legal counsel also needs to review the Act’s implications and identify which lines of business across the enterprise are affected. Risk officers have to take steps to prevent non-compliance, internal auditors should evaluate the strength of compliance. and IT teams will have to revise relevant systems as required.

The penalties for not complying with the new anti-spam act are too painful to not do things right — and right now.


For a closer look at the requirements set out by CASL, read Managing the message: Canada’s new anti-spam law sets a high bar. For more detailed information about the new electronic commerce protection regulations, check out our FAQ or download Managing the message: Businesses brace for new digital marketing compliance requirements.

For some specifics, read CASL: Key exemptions you need to know about and CASL: Third-party consent and compliance.

How will Canada’s Anti-Spam Law affect your business? To discuss this challenge, feel free to contact us.

Did you find this useful?