CASL Will Affect Your Business

Deadline Calendar

The Countdown Clock Is Ticking

Coming into effect on July 1, 2014, the first wave of Canada’s Anti-Spam Legislation (CASL) will impact any and all types of commercial electronic messages (CEM) originating in Canada. Whether you are a private company, not-for-profit or any other type of organization, it will impact your future communication practices.

Before going any further, we need to add a disclaimer. We are sharing insights and observations that are not to be construed as legal counsel. However, we have provided links to a few law firms who can assist you further with CASL policies.

Blog What A Surprise

CASL At A Glance

As posted on, CASL will regulate the:

  • sending of any commercial electronic messages without the recipient's consent (permission);
  • alteration of transmission data in an electronic message which results in the message being delivered to a different destination (e.g. clicking on a link and it takes you to an unrelated website);
  • installation of computer programs without the express consent of the owner of the computer system or its agent (e.g. hacking, malware or spyware)
  • use of false or misleading representations online in the promotion of products or services;
  • collection of personal information; and
  • collection of electronic addresses by the use of computer programs, without permission (e.g. email address harvesting).

As illustrated above, there are a number of different areas CASL legislation impacts and is an extremely serious topic that carries with it consequences if broken. 

Considering the amount of content and complexities, we are concentrating on advertising and communications devices (like emails, e-newsletters/databases etc…) as they apply to B2B and B2C interactions.

Blog Dazed Confused

Ahhhh, what does that CASL Stuff mean?!?

Breaking it down to its simplest form, unless you have a type of consent or permission, you can’t have any form of communication that promotes or engages in commercial activity. The legal definition of Commercial Electronic Messages*1 is “any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit”.

Ask yourself this simple litmus test, “Is this electronic message intended to encourage commercial activity (of any kind)?” If the answer is “yes”, then you are dealing with a commercial electronic message subject to CASL’s rules. There are many examples of what constitutes commercial activity that can be found in the legislation.

After reviewing the information, we got the sense they are targeting companies brazenly disregarding the legislation. It enforces the best practices of those early adopters using double opt-ins, accurate contact information and unsubscribe features for e-newsletters, communication for warranties, and ongoing purchases etc. If you are already embracing these policies, compliance with the new legislation will be an easier journey than those who have ventured down the "click to opt-out” path of subscription. We see it as a process that is looking to clean-up spam and force adoption of consumer-friendly CEM practices.

What Types of Communication Platforms and Devices Are Subject to CASL?

The most common platforms impacted by CASL include, but are not limited to:

  • Email Addresses – consent is required
  • Contact Forms – consent is required (e.g. if you use contact forms for lead generation on your website, you are allowed only one interaction to respond to the inquiry and then express consent is required to continue the discussion)
  • Text Messages – consent is required
  • Social Networking Accounts – this one is a bit of a grey area given some of the functions and features of the various platforms (e.g. on Twitter there needs to be a link to your website and your CASL Policy). More details from CASL are to follow for social media.

Game On

Before you can send a message, three components must be completed or accompany it. They include:

  1. Consent
  2. Identification information
  3. A functioning unsubscribe system

1. Consent

Blog Jumping Through Hoops

This requirement has two different levels; express and implied. The next item is hyper-critical and the nexus of CASL - the onus to prove consent resides 100% on the sender of the message or their agents. If a complaint is registered about your CEM tactics, the sender needs to demonstrate they had consent to engage in a “conversation”. The CRTC’s Compliance and Enforcement Information Bulletin CRTC 2012-548 outlines the criteria for tracking and recording consent including:

  • being oral or written,
  • the date it was obtained,
  • the purpose it was obtained for, and
  • how it was obtained.

So this means reviewing your email database platform to ensure it provides options to track the information above and create logs for any oral permission with the same level of detail. If you don’t already have expressed consent from the members in your database, it can be obtained prior to the July 1st deadline. We have already started to receive email invitations from companies asking for expressed consent to continue communicating with us.

Consent highlights:

  • Express Consent – the intended recipient must take action and is primarily obtained via a double opt-in process. Here is an example:
  • Step 1 – Subscription sign-up:
Eye Post Subscription Sign Up
  • Step 2 – Initial confirmation:
Eye Post Subscription First Confirmation
  • Step 3 – Final confirmation via email (need to click on the link to complete the subscription):
Eye Post Subscription Final Confirmation

Here is another example from CRTC 2012-548 featuring multiple permission requests. You can see the complexity and levels that comprise it.

Crtc Opt In Example
  • Implied Consent – common examples are existing business relationships, purchasing databases that recipients have agreed to have their information shared with “partners of the program”  or exchange of business cards as it relates to that person’s role and function within their organization. And just to make it interesting, if said person exchanging cards indicates that he/she doesn’t want to receive emails, electronic brochures or sell sheets, etc... unfortunately, implied consent is now off the table. 

2. & 3. Identification and Unsubscribe
Transparency. Transparency. Transparency. You must clearly identify the following (an example with corresponding numbers is shown below):

  1. Who is sending it? If a third party is sending it on your behalf, their information needs to appear on it.
  2. The unsubscribe mechanism must be clearly visible and available to opt-out at any time. Once activated, the recipient’s name must be removed from the list within 10 days.
  3. Contact information must be an active account for a minimum of 60 days.
  4. Outline why they are receiving it.
Eye Post Header
EyePost E-Newsletter Footer Example of CASL Compliance (shown above)

But Wait...There Are Some CASL Exclusions

A number of situations exist that provide CASL exclusion status. Some top-level highlights of these include*2:

  • Instant Messages – BBM™, WhatsApp™, Yahoo Messenger, etc...
  • Telephone Account or Skype™ – appear to be exempt at this stage
  • Electronic messages between individuals who have a “personal” or “family” relationship (according to the definitions outlined in the act);
  • Electronic messages sent within an organization; or
  • Electronic messages sent between organizations that already have a relationship, where the message concerns the activities of the organization to which the message is sent;
  • Electronic messages sent on platforms where the required identification and unsubscribe information is conspicuously published and readily available to the recipient on the user interface, where duplication in each message would be needlessly repetitious;
  • Electronic messages sent and received within limited access secure and confidential accounts to which only the provider of the account can send messages, such as banking websites;
  • Electronic messages solicited or sent in response to complaints, inquiries, and requests.
Blog Checklist

Key Steps in Assessing Your Current Situation

Without being overwhelmed and approaching the situation from a logical starting point, you can begin your CASL journey by:

  • seeking guidance from your legal counsels and marketing/advertising partners.
  • identifying all the various types of CEMs you have within the organization or associated with the services you provide.
  • auditing that information and establishing what level of consent exists and what is required.
  • creating a policy, developing compliance materials and implementing changes.
  • providing staff training regarding the changes.
  • informing relevant partners and consumers
  • looking at incorporating Express Consent into your terms and conditions 

Who Are The Watch Dogs?

There are three government agencies responsible for enforcement of the law. When the new law is in force, it will allow the:

Blog Watch Dogs
  • Canadian Radio-television and Telecommunications Commission (CRTC) to administer Administrative Monetary Penalties (AMP) for CASL infractions
  • Competition Bureau to seek to administer monetary penalties or criminal sanctions under the Competition Act
  • Office of the Privacy Commissioner to exercise new powers under an amended Personal Information Protection and Electronic Documents Act (PIPEDA)

Is The Bark Worse Than the Bite?

This new legislation is being taken seriously with penalties ranging for individuals or corporations relating to sections six (6) to nine (9). Based on a list of factors (reviewed and applied on a case by case basis), maximums for the AMP’s have been established at:

  • $1 million for individuals
  • $10 million for corporations
  • Plus it allows for the possibility to sue for actual and/or statutory damages by those impacted by CEMs allegedly contravening the act, although this doesn’t come into effect until July 1, 2017.  

Tick, Tock, Tick, Tock

Other dates to be aware of are July 15, 2015 when section 8 of CASL governance comes into effect regarding computer program installations and July 1, 2017 which allows private action and the right to sue for damages.

Blog Ticking Clock Deadline

Yes the clock is ticking, but this can be a manageable process that has some breathing space to complete all elements required. Take advantage of the resources and knowledgeable experts available. Don’t be afraid to contact your legal counsel, marketing/advertising agencies, read-up on the subject and start developing your CASL action plan (if you haven’t already). Don’t be surprised if your inbox is inundated with requests for express consent so conversations can continue and information will flow freely, for those who have expressed consent to receiving it. 

Resources and Links

There is a lot to be learned, understood and implemented in a short period of time. Here are some additional resources that will assist you along the way:

Greater Kitchener Waterloo Chamber of Commerce Webinar - Canada's Anti-Spam Legislation 

(CASL) (a fantastic 45 minute overview - highly recommended)

Government of Canada

BLG (Borden Ladner Gervais)


Miller Thomson

Overall Source and for *1: Canada’s Anti-Spam

Legislation and

*2 Electronic Commerce Protection Regulations, Section 4

Ready to discuss a project?

Tell us about your project:

Not sure where to start? Check out these suggestions.