Most of Canada’s Anti-Spam Law (CASL) came into force on July 1, 2014. This legislation imposes onerous obligations on businesses to ensure that they have consent to: (a) send commercial email and other electronic messages to consumers; and (b) to install computer programs and automatic updates to programs already installed on a consumer’s electronic device.
Many businesses have been working to comply with CASL by seeking explicit consent from consumers for email messages, establishing an unsubscribe mechanism for their mailing lists, etc. The CRTC has taken steps to enforce the provisions of CASL in some cases, but the past three years have largely been a “grace period” to allow organizations time to become compliant with the new law.
THE “GRACE PERIOD” ENDS ON JULY 1, 2017
On July 1, 2017, the CASL provisions establishing a private right of action come into force. This will mean that individuals who have been affected by an organization’s actions may sue the organization as well as their officers, directors and agents for CASL violations. Given the high costs of litigation, it is unlikely that isolated individuals would sue an organization. But class actions representing classes of thousands of individuals affected by spam could result in significant financial exposure. Penalties for sending non-compliant emails can range up to $200 per email and up to $1,000,000 per day.
The CASL private right of action will allow individual or class action claims against an organization for the following activities:
- Sending false or misleading electronic messages;
- Sending commercial electronic messages unless the recipient has provided express or implied consent and the message provides an unsubscribe mechanism and identifies the party who sent the email;
- Installing a computer software on a person’s device without consent; or
- Email harvesting to send bulk messages.
CASL provides a defense of due diligence if the organization can prove that it has taken all reasonable steps to avoid the illicit activity. A court will look at whether an organization has preventative measures in place and ongoing oversight to ensure their implementation. Such measures may include policies and training programs to prevent employees from sending non-compliant commercial electronic messages, internal audits to confirm that consents have been obtained and conduct periodic reviews of outgoing commercial electronic messages to determine compliance and risk assessments.
Now is the time to make sure that your organization complies with CASL.Those communications will be under greater scrutiny than ever come July 1, 2017.