Authors: Kristél Kriel, Adam Lakusta
Canada’s Anti-Spam Legislation (CASL) is widely regarded as the strictest and most demanding anti-spam legislation in the world. When CASL came into effect in 2014, it dramatically changed the way organizations and individuals communicate using commercial electronic messages (CEMs).
CEMs include a variety of electronic messages including emails, text messages, social media messages (e.g. through Facebook or Instagram) and instant messages (e.g. WhatsApp message) when they encourage participation in a commercial activity such as sales or advertising messages. CASL requires organizations and individuals who send CEMs to meet a number of requirements such as obtaining consent from recipients.
CASL is enforced by the Canadian Radio-television Telecommunications Commission (CRTC). The importance of remaining CASL compliant has been repeatedly underscored by the CRTC’s enforcement actions.
A recent example involving an individual who orchestrated multiple “high-volume spam campaigns” highlights the risks and potentially high costs of violating CASL. Between 2015 and 2018, the individual sent 671,342 CEMs to recipients without first obtaining their consent. These CEMs contained embedded links to website blog posts that the individual had written promoting casinos and promoting the individual’s online services. The CRTC found the CEMs to be a direct violation of CASL. As a result of these breaches, it issued a penalty of $75,000 to the individual.
The CRTC is increasingly issuing significant fines for CASL violations. Organizations and individuals who use electronic messages to promote their businesses should take steps to ensure that those messages are CASL compliant to minimize the risk of potentially significant liabilities.
Our privacy and cybersecurity team has developed a CASL Compliance Guide and Checklist to help you review your organization’s practices, and to ensure that you remain CASL compliant when sending CEMs.