When Canada’s anti-spam legislation (CASL) comes into force July 1, it’s going to affect far more than the purveyors of viruses, Viagra and vanquished Nigerian fortunes.
Anyone or any business that deals with commercial electronic messages (CEMs), and from Jan. 15, 2015, the installation of apps and other software programs, will be subject to the sweeping legislation that carries fines of up to $1 million for individuals and up to $10 million for companies. Company officers and directors can be held liable. And starting July 1, 2017, recipients of spam will have recourse in lawsuits, whether they’re against individuals or companies that break that law.
And it’s not just those emails that fill your inbox. It can apply to texts, social networking messages and other electronic communications.
While the law has been years in the making, its imminent implementation has some businesses scrambling to ensure they’re onside and others carrying on with their email and social media marketing plans unaware that the new law affects them.
“The rush I’m seeing is people saying ‘Is there anything I can do now that puts me in better stead once it is in place?’ ” said Lisa Chamzuk, a lawyer and partner in the Lawson Lundell’s Pensions and Employee Benefits Group and Protection of Privacy and Freedom of Information Group.
There’s a catch-22 that has some companies, including Lawson Lundell, sending out notices to people on their mailing lists asking for the express consent to continue receiving correspondence. While the United States favours opting out as a solution to save people from spam, Canada goes a step further and requires express consent or at least implied consent, with the implied consent limited by time and circumstances.
“After July 1, 2014 there will be restrictions on the extent to which you can send electronic messages, including electronic messages that are designed to ask for consent to send commercial electronic messages,” said Chamzuk. “And so what you can do before July 1 is look at your marketing database and list those you send messages to and determine whether it makes sense to ask those folks for consent before July 1.
“What companies can do now is go out and essentially clean their marketing database and get as many of those folks to agree before the act goes into force that they can receive emails after the act goes into force.”
Are companies starting to panic?
“Exactly,” said Dominic Jaar, national practice leader of KPMG’s Information Management Services. “All organizations are trying to figure out how they’re going to be compliant by the end of the month of June.
“They realize the (legislation) is a lot broader than the name sounds. People are under the impression it’s only spam and they understand spam to mean a mass mailing; in fact, the (legislation) covers a lot more than that — one email to one person can be covered …. It also applies to software tracking cookies on an organization’s website. It has a broader scope than most people thought given its name but once they start reading it and realize the impact on their business, they realize it’s not just a matter of reading the law and writing a little internal memo to people.”