CASL – The New Canadian Anti-Spam Law, What You Need to Know
The Canadian Anti-Spam Law (CASL) took effect on July 1, 2014 and has broad application to businesses both in Canada and outside of Canada, especially for senders of commercial email. Even if you are located outside of Canada (such as in the United States) this law may still affect you, and carries stiff penalties — so pay attention.
Before getting started however, I would like to state that I am not a lawyer so this is not to be considered legal advice. Also, I have been wrong once or twice in my life (as my family and coworkers sometimes point out). So while I encourage you to take the information I present into consideration, you should do your own research, consult your own sources and discuss this with your own legal counsel.
What is CASL
The Canadian Anti-Spam Law (CASL) is a new and very comprehensive set of laws governing a variety of electronic activities. In the spotlight however are its regulations on sending commercial email and the law’s very specific requirements for such things as items that must be included in a message and obtaining and documenting the recipient’s consent. The new law provides stiff penalties for offenders, even going as far as holding corporate officers responsible for their company’s activities.
One important point to take away is that CASL is significantly different from CAN-SPAM, and is stricter in many ways. Don’t make the mistake of assuming that if you are CAN-SPAM compliant, then you are also CASL compliant.
Quite a few excellent articles have already been written about CASL by the online email community. The law is quite detailed however and many of these “primer” articles do not cover every aspect of the law that might apply to you. Also I prefer to go right to the source on legal matters so instead of creating another summary of the law, I am going to point you to a few good resources published by the government of Canada.
The full text of the CASL legislation is quite long, however the Canadian Government has put together an excellent site to help summarize the law and help businesses understand if and how they are affected. I strongly recommend that you visit this site to find out the specifics of the law and how it applies to you. There is also a video presentation by the CRTC, one of the 3 agencies in the Canadian government responsible for the enforcement of CASL.
How does CASL apply to business located outside of Canada?
If you are not located in Canada this law may still apply to you. For example, if you are a North American business sending commercial email messages, it is likely that you may have recipients in Canada, and are thus affected by the law since CASL applies when a computer system in Canada is used to send or access a commercial electronic message.
The American Bar Association has an excellent post on the subject, warning of the “considerable extra-territorial reach” of the legislation.
So this begs the question, how would a non Canadian business know if their recipient was located in Canada? If a recipient’s email address ends in .ca or if their physical or billing address is in Canada, I would think it reasonable to assume that they should be considered Canadian recipients.
So what should you do?
The answer to that is easy. Know the law, and follow it, if it applies to you. The SocketLabs Acceptable Use Policy specifically forbids sending unsolicited email and includes many other requirements of CASL. On top of that, our AUP also requires that your email not violate any applicable law, thereby encompassing CASL if it applies to you.
If you have not done so already, now would be a great time to take a look at your lists and determine if you are affected by this law, and if so, start building a plan to comply.