Privacy & Security

Protect your organization: Canada’s Anti-spam Legislation coming July 1, 2014

Staff Post
By Anna Mathew, Knowledge Associate

CASL (Canada’s Anti-spam legislation) will become law July 1, 2014. What does this mean for your organization? It means that you can no longer send commercial email to recipients without their consent. Organizations (and individuals) who send unwanted commercial electronic messages (CEMs) are subject to serious financial penalties ($10M for organizations and $1M for individuals). Directors and officers of an organization may also be liable.

There are two types of consent: implied and express. Implied consent is based on a current business relationship (such as a customer or client), and is subject to expiry depending on the changing nature of the relationship over time. Express consent is based on the recipient of a CEM having provided explicit consent to receive the communication, typically through an online sign up. Express consent does not expire, unless the recipient unsubscribes.

The legislation covers other requirements, in addition to the issue of consent, including providing a conspicuous and simple unsubscribe process, and providing clear identification and contact information about the email sender, as well as what classifies an email communication as being ‘commercial’.

One silver lining for charitable organizations: emails sent for the purpose of fundraising are exempt from CASL.

You can read more fully about CASL here on the CRTC website and here on the Government of Canada website.

What does your organization have to do to be compliant with the legislation?

  1. Secure implied or express consent from CEM recipients (BEFORE July 1, 2014). The simplest way to do this is to contact your list and provide them a link to provide their express consent and/or provide their contact information.
  2. Maintain records about who has provided consent. The onus is on the sender to prove consent.
  3. Do not send CEMs to anyone who has not consented to receive them.
  4. Provide an unsubscribe option.
  5. Identify your organization as the sender and provide contact information.

Here are some further resources on how to become CASL compliant:

Miller Thomson – Countdown to CASL

Borden, Ladner, Gervais – CASL: Impact on C’harities and Not-for-profits

Borden, Ladner, Gervais – Not-for-profit and Charity Law in Canada Blog

Ontario Arts Council News – Arts Organizations Note Canada’s Anti-Spam Law – Effective July 1

Hillborn – Canada’s Anti-Spam Legislation in force this July – will you be ready?

Ontario Nonprofit Network – Canada’s Anti-Spam Legislation and Your Nonprofit

Imagine Canada – Update and clarifications on Canada’s Anti-Spam Law

CRTC – Canada’s Anti-spam legislation 

Government of Canada – Fight Spam: Canada’s Anti-spam legislation

Tips for Creating Your Organization’s Privacy Policy

When it comes to collecting and using data about your organization’s patrons and donors, it is imperative to have a privacy policy which meets the requirements of federal legislation, PIPEDA (the Personal Information Protection and Electronic Documents Act), and in some cases additional provincial legislation. The Office of the Privacy Commissioner of Canada has some information about the application of PIPEDA to charitable and non-profit organizations here.

Need help wading through the PIPEDA waters? Want to draft a privacy policy but don’t know where to begin?  Charity Central has created a Privacy Policy Checklist, a tipsheet designed to help you better understand your organization’s information-handling practices and why and how you should create a privacy policy.

Click here to view Charity Central’s Privacy Policy Checklist.

Disclaimer