Another CASL fine was recently announced by the Canadian Radio-television and Telecommunications Commission (CRTC). The company, Blackstone Learning Corp, was fined for sending emails to Canadians without having proper consent from the recipients. While the original $640,000(CAD) fine was ultimately reduced to $50,000(CAD), the legal cost and reputation cost from the negative press is certainly much higher. The Blackstone decision is interesting because it includes a detailed analysis where the CRTC states that “the onus of proving consent … rests with the person relying on it.”
For those not familiar with CASL, it stands for Canada Anti-Spam Legislation and it went into effect on on July 1, 2014. Unlike the US law governing email (CAN-SPAM), which is essentially an Opt-Out policy, the Canadian law imposes a much stricter Opt-In policy. This means you need to have prior consent before you send an email to a Canadian email address. This is not limited to just Canadian businesses, it also applies to US-based businesses sending emails to Canadians. CASL can be enforced not only against U.S. businesses, but their officers, directors and agents as well. For more background, Klein Moynihan Turco LLP provides a good overview of CASL.
Currently we haven’t seen much legal activity around this law because it can only be enforced by three Canadian federal agencies. However, I predict we will see lots of activity under this law starting in the middle of next year. The reason? Starting July 1, 2017, the private right of action provision of the law goes into effect. This means individuals and organizations may bring a lawsuit in court against someone who they allege has violated the law. In the U.S., there has been a ton of legal activity in the past couple of years around TCPA (Telephone Consumer Protection Act) regulations. The reason is private right of action. While Canadians tell me they aren’t nearly as litigious as Americans, I think spam is so universally hated it will motivate even normally friendly Canadians to take action.
So what does this mean for U.S. based businesses? At a high level, to make sure you are protected from potential CASL litigation in the future, you need to ask yourself two questions:
- Do you have any Canadian email addresses in your database now or will you in the future?
- Do you have documented proof of express consent for those email addresses? What constitutes proof of consent is debatable. But generally speaking, it should be easily shared and hard to refute.
If you answered yes to the first question but no to the second, you should take steps to minimize your risk.
For those not familiar, ActiveProspect provides a lead certification service called TrustedForm to verify and document proof of consent for companies to protect themselves from TCPA and CASL litigation. It plays back a video replay of the keystrokes entered on a form for every lead – the best defense if ever challenged with consent questions.
You can try it for yourself right now.
Will your company get ensnared in what could be a thorny CASL-driven environment? Why take the risk? Start documenting consent now by adding TrustedForm to your consent forms. It’s a simple and inexpensive step that could save you lots of trouble down the road. Remember that for CASL, “the onus of proving consent … rests with the person relying on it.”