Tips on CASL compliance and how to avoid being fined

Complying with the Canadian Anti-Spam Law (CASL) is a tricky business.

On July 1, 2014, Canada enacted the CASL to curb rampant electronic and telephone spamming. It established five types of consent a consumer must provide before receiving an advertisement:

  • Personal relationship
  • Express consent
  • Implied consent for businesses
  • Implied consent for non-business relationships
  • Conspicuous B2B consent

Without these approvals, a company’s message could be considered spam.

Derek Lackey, managing director for Newport Thomson, spoke at the DX3 tradeshow in Toronto on March 10 to share some tips to avoid being hit with a CASL violation.

In recent years, Canada, along with the rest of the world, has seen a surge in the number of SMS spam and call scams. The CASL has been updated to specifically address this problem.

Although relatively unenforced, Lackey said that just having an anti-spam law is working. In 2019, the single largest fine was $100,000 made to the CEO of nCrowd, a social commerce platform. According to the CRTC notice of violation, the CEO was held personally responsible for allowing their email advertisements to omit a functional unsubscribe button, which violated CASL. The company announced foreclosure soon after.

But just because there haven’t been any major cases does not mean that the law is overlooked. Lackey said that if enough people set off an alarm bell, the CRTC will take action.

Because the CRTC needs to enforce compliance, Lackey said communication is key when the commission asks for proof of consent.

“The ones they [CRTC] hate are the ones who avoid them. They call you and ask you for something and you don’t return the call. They chase you down, you avoid them. I can guarantee you’re going to get a million-dollar fine when you do that. Every serious fine has been in companies that tried to avoid them…if they call, answer them.”

Communication can also determine the size of fines. Lackey said there’s a higher chance of negotiating a smaller fine if the violating party cooperates and bring their system up to compliance. Penalties range from a simple warning letter to issuing a full-on injunction.

It’s also important for consumers to understand when they’re giving consent. Companies can sometimes assume implied consent without the customer explicitly stating that they’ve signed up for advertising.

“I get emails from Hudson Bay. And the reason I’m getting it is I meet the measure of implied consent, though I know I didn’t [give] express consent,” said Lackey. “I might meet the measure of implied but I don’t know it. So I would be suing them, and it would be a nuisance lawsuit because they actually had consent under the implied rules.”

Regardless of the type, Lackey said all marketers need to have proof of consent documented and ready to present when the CRTC comes knocking.

“I don’t care how old or legacy your technology is, how decentralized it is, if you execute a reference centre properly, and keep it up to date, you not only empower your consumer with giving you their choices but your updated forms all your systems.”

Lackey also noted that a manual on advertising and proper employee training can make a CRTC audit much easier.

“Those are the easy parts. We just have to pay attention to them and do it.”

As an added precaution, Lackey warned that just because you’re a messenger doesn’t mean you’re off the hook. CASL not only prohibits illegal solicitation but also the act of aiding it. For example, if a company sends its illegal spam through an email service, the email service itself could face legal ramifications as it’s technically aiding the operation.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at IT Business. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at [email protected].

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs