Skip to main content

Look North, Marketers - Canadian Anti-Spam Law is Coming

Written by Cynthia Larose

The US CAN-SPAM Act is old hat for marketers in the US.    But it is time to revisit email marketing compliance programs if you send email north of the US border.  Canada's anti-spam law (known as "CASL") has been debated for years but is finally coming into effect.   Industry Canada released its final regulations on December 4, 2013 and CASL will come into force on July 1, 2014.

There are some very important differences between CAN-SPAM and CASL and CASL's sweep is very broad.     The biggest difference:  CASL imposes an "opt-in" scheme -- express consent must be given by the recipient of the commercial electronic message.  Consent cannot be implied or "read in" and recipients must take action to express consent.   Prefilled "tick boxes" giving "permission" to send marketing emails will not be compliant.

Because of the major "opt-in" requirement versus the standard operating procedure of "opt-out,"  organizations will want to get a head start on compliance with CASL.  One suggestion: consider obtaining express consent from those persons currently on your marketing lists. Sending e-mails to such people after CASL is in force may violate its provisions if the commercial electronic message is not exempt (limited exemptions), or the recipients have not provided implied consent.

For more information regarding CASL, our Canadian friend, Ariane Siegel of Signal Hill Digital Law, has provided an analysis, which we have posted here.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.