Tips on CASL compliance and how to avoid being fined

Complying with the Canadian Anti-Spam Law (CASL) is a tricky business.

On July 1, 2014, Canada enacted the CASL to curb rampant electronic and SMS spamming. It established five types of consent a consumer must provide before receiving an advertisement:

  • Personal relationship
  • Express consent
  • Implied consent for businesses
  • Implied consent for non-business relationships
  • Conspicuous B2B consent

Without these approvals, a company’s message could be considered spam.

Derek Lackey, managing director for Newport Thomson, spoke at the DX3 tradeshow in Toronto on March 10 to share some tips to avoid being hit with a CASL violation.

In recent years, Canada, along with the rest of the world, has seen a surge in the number of SMS spam and call scams. The CASL has been updated to specifically address this problem.

Although relatively unenforced, Lackey said that just having an anti-spam law is working. In 2019, the single largest fine was $100,000 made to the CEO of nCrowd, a social commerce platform. According to the CRTC notice of violation, the CEO was held personally responsible for allowing their email advertisements to omit a functional unsubscribe button, which violated CASL. The company announced foreclosure soon after.

But just because there haven’t been any major cases does not mean that the law is overlooked. Lackey said that if enough people set off an alarm bell, the CRTC will take action.

Because the CRTC needs to enforce compliance, Lackey said communication is key when the commission asks for proof of consent.

“The ones they [CRTC] hate are the ones who avoid them. They call you and ask you for something and you don’t return the call. They chase you down, you avoid them. I can guarantee you’re going to get a million-dollar fine when you do that. Every serious fine has been in companies that tried to avoid them…if they call, answer them.”

Communication can also determine the size of fines. Lackey said there’s a higher chance of negotiating a smaller fine if the violating party cooperates and bring their system up to compliance. Penalties range from a simple warning letter to issuing a full-on injunction.

It’s also important for consumers to understand when they’re giving consent. Companies can sometimes assume implied consent without the customer explicitly stating that they’ve signed up for advertising.

“I get emails from Hudson Bay. And the reason I’m getting it is I meet the measure of implied consent, though I know I didn’t [give] express consent,” said Lackey. “I might meet the measure of implied but I don’t know it. So I would be suing them, and it would be a nuisance lawsuit because they actually had consent under the implied rules.”

Regardless of the type, Lackey said all marketers need to have proof of consent documented and ready to present when the CRTC comes knocking.

“I don’t care how old or legacy your technology is, how decentralized it is, if you execute a reference centre properly, and keep it up to date.”

Lackey also noted that a manual on advertising and proper employee training can make a CRTC audit much easier.

“Those are the easy parts. We just have to pay attention to them and do it.”

As an added precaution, Lackey warned that just because you’re a messenger doesn’t mean you’re off the hook. CASL not only prohibits illegal solicitation but also the act of aiding it. For example, if a company sends its illegal spam through an email service, the email service itself could face legal ramifications as it’s technically aiding the operation.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at IT World Canada. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at [email protected].

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now