1. What is the purpose of CASL?
CASL is intended to prevent the sending of SPAM or more specifically, unsolicited commercial electronic messages (“CEMs”). From an operational perspective, CASL is intended to prevent the sending of CEMs except where the recipient has indicated a wish to receive them from the sender.
2. Who enforces CASL?
Each of the CRTC, the Privacy Commissioner of Canada, and the Competition Bureau enforce some of the requirements of CASL although the principal regulator is the CRTC. Innovation, Science and Economic Development drafted CASL originally and still provides guidance on how it intended CASL to be applied.
3. What are the possible consequences for non-compliance?
Non-compliance can be very costly as the enforcement action taken to date has indicated. In addition to liability for fines (for offences) and administrative monetary penalties (for violations – up to $1 million for a violation committed by an individual and up to $10 million for a violation committed by an organization), payments may be required as part of an “undertaking” given to resolve a violation of CASL (to date, these have ranged from $48,000 to $200,000 for organizations). Organizations are responsible for violations committed by their employees in the course of their employment. Board members and officers of an organization may be held personally liable for violations and offences.
4. What is the main requirement under CASL?
Subject to the exceptions established in CASL, CEMs cannot be sent without the express consent of the recipient, specified information and a specified type of unsubscribe mechanism.
5. What is a CEM? Does CASL apply to text messages, voicemails and faxes?
CASL defines a CEM as an electronic message sent to an electronic address that having regard to its content, the hyperlinks in the message to content on a website or other database, or the contact information in the message, it would be reasonable to conclude has as one of its purposes, to encourage participation in a commercial activity, including an electronic message that: offers to purchase or sell a product or service; offers to provide a business or investment opportunity; advertises or promotes a product, service, or business or investment opportunity. CASL applies to messages sent by email and texts but excludes messages delivered through an interactive two-way phone call, facsimile transmission, voice recordings sent to a telephone account, and the post (section 6(8) of CASL). A “commercial activity” is “any transaction, act or conduct … that is of a commercial character, whether or not” it is carried out “in the expectation of profit”.
6. Does CASL apply to mass CEMs or do single CEMs count?
CASL applies to all CEMs, regardless of whether they are sent to a single or many recipients or the electronic address to which they are sent (personal or business, individual or organization).
7. What is considered “commercial” in the context of the Colleges?
CASL defines “commercial activity” very broadly, as indicated in the answer to question 5. Commercial activities carried out by Colleges may include promoting a sale at the College bookstore, giving notice of a new course or program, and advertising a discount offered by a third party (VIA Rail, restaurants, equipment suppliers, for example). It is important to remember that an electronic message does not need to be solely commercial to be considered a CEM and that the inclusion of a hyperlink, logo or contact information may make a message a CEM that would not be a CEM on the basis of its content alone.
8. Extra-territorial application – does CASL apply to CEMs sent by a College to students or alumni outside of Canada? What about CEMs sent by a College’s foreign campuses or agents?
CASL applies to CEMs sent or accessed by a computer system located in Canada (section 12 of CASL). For example, CASL applies to CEMs sent from a College in Canada to prospective international students and to CEMs sent by a College’s off-shore service provider or off-shore campus to a recipient in Canada.
9. What does “express consent” mean? How should I obtain express consent? Are there any best practices?
To obtain express consent under CASL, a sender must provide: an explanation of the purposes for which the consent is being sought; identifying information about the sender; and a statement that consent may be withdrawn. Express consent under CASL must be “opt-in” consent which means that recipients must have actively done something to indicate their consent: checking a box or signing a form for example. Opt-out consent, including requiring an individual to uncheck a pre-checked box to indicate that they do not consent to receiving CEMs is NOT express consent. The mechanism for obtaining consent cannot be buried in terms and conditions or appear in fine print and must be clear and easy to understand. Algonquin College currently collects consent via the forms located on their website. Consent and unsubscribe is then tracked through Marketo and Salesforce their current mass emailing service and contact management system. For clarification on this matter please contact the college’s CASL representative by completing the form on this website.
10. Does express consent ever expire?
No, but it may be withdrawn.
11. What are the “Content Requirements” of CEMs?
Unless an exemption applies, CASL requires CEMs to contain: (a) identification information and (b)an unsubscribe mechanism. Identification information consists of the name of the sender, mailing address & one of phone number, email address or web address of the sender and must be is valid for at least 60 days. The unsubscribe mechanism must be prominent and able to be readily performed which means that it must enable the recipient to indicate that he/she no longer wishes to receive CEMs (or specified classes of CEMs where the sender wants to distinguish between different types of CEMs), at no cost to the recipient, and using the same electronic means by which the CEM was sent or other electronic means where not practicable. For example, unsubscribe mechanisms may specify an electronic address or link to a webpage that can be accessed through a browser that allow the recipient to unsubscribe. Information on how to unsubscribe must be valid for 60 days and instructions to unsubscribe must be implemented within 10 business days.