This is not legal advice
Don't rely solely on this article to ensure your CASL compliance. The responsibility lies with you and your company. Seek further legal advice if you're unsure.
On 1 July 2014, the Canadian Anti-Spam Legislation (CASL) came into effect. It affects any business that sends marketing emails to contacts in Canada, not just Canadian businesses. CASL is designed to combat unsolicited email, and also addresses malware proliferation, hacking, and identity theft.
Three agencies enforce CASL: the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau, and the Office of the Privacy Commissioner of Canada. Penalties range from up to C$1 million for individuals to C$10 million for companies. The CRTC can operate across borders and bring proceedings against offshore organisations.
CASL explained
CASL broadly aligns with existing email marketing best practices. Ask your legal team to review CASL's regulatory documents to understand its full implications.
CASL defines a marketing email as any electronic message that encourages participation in a commercial activity, regardless of whether profit is expected, as per 81000-2-175 (SOR/DORS).
CASL separates consent into two categories:
Express consent
A contact has explicitly asked to receive your emails, for example through a clearly labelled signup form, a signup link in a transactional email, or an opt-in during the purchase process.Implied consent
A relationship exists between you and a contact, but they haven't explicitly asked to receive your emails, for example after a purchase. Implied consent expires after 24 months, after which your emails are considered unsolicited. Express consent doesn't expire unless a contact unsubscribes.
Businesses had until 1 July 2017 to collect and demonstrate express consent from their existing marketing lists.
Learn more at the Government of Canada's fight spam website.
Achieve CASL compliance
Following email marketing best practices means you're likely already partway to CASL compliance. The steps below cover the areas most relevant to CASL.
Ensure all contacts have a last subscribed date
Last subscribed dates are recorded by default for contacts subscribing from 15 October 2014 onwards. For contacts who subscribed before this date, Unknown is displayed. To set a last subscribed date, upload or re-upload contacts as an Excel or CSV file with a column named lastsubscribed. Alternatively, enter a last subscribed date manually by editing a contact record. Learn more in Establish when a contact subscribed.
Include a summary of what contacts can expect when signing up
Fill in the Consent text field when creating a signup form to explain what contacts are consenting to. If you use the Pages and forms tool, include this information in a consent block or a text box. Learn more in Create a signup form.
Use the default unsubscribe page
The default unsubscribe page makes clear that unsubscribing stops commercial and marketing messages. Transactional emails, such as order or shipping confirmations, and one-to-one emails, such as password reset responses, are still sent.
