CRTC on CASL enforcement

Some businesses seem to be ignoring the CASL anti-spam law.  Their attitude is that it’s been months since it’s been in force, nobody’s been fined, and there have been no public enforcement actions (other than one spam bot server situation).  They are feeling safe that it’s not being enforced against typical businesses, and that the CRTC can’t possibly go after every small business.

In a recent webinar, the CRTC said they have issued a number of compliance orders under CASL.  They are not making compliance orders public, though, and they did not say how many.  They will at some time release stats on numbers of orders issued – perhaps at the end of the year.

They also said they would not always start with a gentle request to comply.  In other words, don’t think you can sit back and not comply, then react only when they knock on your door.

The gentle approach is more likely if a business has tried but not quite got it right – less likely for one that has just ignored it.  I suspect the CRTC will be eager to make some examples.

CRTC provides guidance on CASL software provisions

The CRTC has just published their thoughts on the interpretation of section 8 of CASL that requires consents for certain types of software installations.

They also discussed them in an IT.Can webinar.  Their interpretation is helpful, and addresses some of the uncertainty around the provisions.  But some aspects are still unclear, and some of their interpretations may not be entirely supported by the wording of the act.  That may be fine so long as the CRTC is enforcing it, but a court does not have to defer to CRTC interpretation.  I suspect there will be further clarification coming at some point given some of the questions that were being asked in the webinar.

They are interpreting it with the philosophy that the provisions are to prevent the installation of software that does perhaps undesirable things if they were unexpected by the user.  More detail to come after we digest their thoughts and how they might work in practice.  Anyone in the software business should consult their counsel to find out how section 8 might apply to them.

Cross posted to Slaw.

http://harrisonpensa.com/lawyers/david-canton

CASL Video Series

 

I’m taking part in a 4 part video series about CASL that deals with both Canadian and American perspectives on the anti-spam act. Here are the details:
~~~~~~~~~~~~~~~~~~
How To Avoid The CASL Right HookLet’s face it – a lot of Canadians don’t know all the facts about the new Canada Anti-Spam Law (CASL)… and its evolving. But what you don’t know – CAN hurt you.Helping us learn more about CASL and how to prepare for it, is Canadian lawyer, +David Canton focusing on CASL, and American lawyer, Sean A. Moynihan, focusing on American Marketing. They’ll be informing, discussing and weighing in on the facts about this new law and how it opens to the doors to Class Action suits that can shut down your business – even businesses outside of Canada.

Round 1:  David informs us about CASL and recent, new developments – Sean weighs in

Round 2:  Sean gives us “The American Perspective” – David weighs in

Round 3:  Things That Will Catch You Off Guard – Social Media & Other Surprises

Round 4:  Best Practices – How To Win – Sean and David share winning strategies with us

Celebrating Small Business Owners Month!

Sign up for this complimentary, 30 minute, 4 part series, open to viewers on Facebook, LinkedIn and Google+, taking place on October 1st, 8th, 15th and 22nd at PST: 1:00 p.m.  /  MST: 2:00 p.m.  /  CST: 3:00 p.m.  /  EST: 4:00 p.m. (check your timezone here: http://www.timeanddate.com/worldclock/).

Sign in early and post your questions ahead of time and we’ll see if David and Sean can answer them.  If you miss a Show – we’ve got you covered, you can view and ask questions even after the “Live” Show.

Click here to register: http://goo.gl/asZ229

Share with anyone who has questions or concerns about CASL

See you there!

#casl   #smallbusiness   #antispam   #ns

CASL-cure provides a CASL solution

Perhaps the most difficult compliance challenge arising from CASL – the new Canadian anti-spam law – is how to deal with one-off emails sent by individual employees.  A new online service called CASL-cure provides an outbound email filter solution to this problem.

CASL requires either express consent, or one of a complex series of implied consents, before you can send email that is even slightly promotional in nature.  Just 1 non-compliant email sent by 1 employee can put a business at risk for significant sanctions, including multi-million dollar fines, personal director and officer liability, and starting in 2017 private rights of action including class action suits.  The onus is on the sender to prove compliance, so records must be kept to show how and when express consent was obtained, or how the recipient fits into an implied consent category.  The email itself must contain specified contact info and an unsubscribe mechanism.

That is a lot to expect any employee to understand, let alone comply with, regardless of how much training they get.

CASL-cure solves this challenge in two ways.  First, it automatically adds CASL compliant contact information and an unsubscribe mechanism to every email.  Second, it compares the outbound email addresses to a whitelist of emails that have consent.  If it detects an address that is not listed, it holds the email and sends a reply to the sender saying that the intended recipient is not on the CASL approved list, and offers a menu that the sender can use to enter the details of the nature of the consent.  Once the sender completes that information, that consent detail is added to the whitelist and the email is released.

This solution significantly reduces the risk of sending non-compliant emails.  And since it records how and who added the consent details to the database, it is easy for the business to deal with an employee who tries to cheat the system.  It also helps immensely with a defense under CASL if an investigation results from a complaint.  First, because the system records consent details.  Second, if a non-compliant email does get through for some reason, such as an employee entering false information, it provides a due-diligence defense showing that the business did as much as it possibly could to prevent a violation.

Transparency disclosure – the providers of CASL-cure are clients of mine.

Express Consent CASL app

Check out this new iPhone app (Android app coming soon) that helps solve the CASL problem of getting and proving you have consent to send email to people that you have just met, such as at a networking event.

Sometimes when legislation like CASL comes in like a freight train, it gives rise to opportunities for entrepreneurs and problem solvers.  This is an example of an innovative solution to help solve some of the difficult challenges that CASL brings.

(Disclosure – this was developed by a client.)

CASL now in force

You may be tired of hearing about CASL, and tired of getting the consent requests that people were sending out before July 1.  The pre July 1 scramble was done because sending an email to request consent is now itself considered spam.  But we may still see requests, which can be sent if the recipient fits into one of the exceptions.

In hindsight, I wish I had kept track of the number of consent requests I got, how many of those were not technically compliant with CASL, and how many were from entities I’d never heard of that were just trolling for contacts.

There are uncertainties over the interpretation of many parts of CASL, but it can’t be ignored.  Businesses need to do the best they can to comply and demonstrate diligence.  CASL compliance will be an iterative process over time as the interpretation hopefully becomes more clear. While the CRTC will no doubt focus on real spammers, anyone can complain, and you never know who they might choose to make an example of.  Don’t set yourself up to be that example.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw

CASL hits next week – are you ready?

CASL – Canada’s new anti-spam legislation – becomes law on July 1.  It is a sledgehammer to kill a fly approach to spam that requires attention by almost every business and not for profit.  In my view, the significant amount of time, effort, and money that it will take for legitimate businesses and not for profits to comply with the act will come nowhere close to justifying any meagre benefit.

Many business have complied, many are just waking up to it now, and many are ignoring it.  It doesn’t help that the act has a broad definition of spam that goes way beyond the drugs, diets and deals emails that the average person would consider spam – then picks away at it with a myriad of convoluted exceptions.  Many can’t believe that such an act was passed in the first place.  But CASL is not going away any time soon.  At some point someone is going to take a run at the constitutionality of it – but that could take years.

Given the significant potential sanctions for non-compliance, resistance is futile.

If you have not taken steps to comply yourself, do it now.

When you get an email requesting consent, do the sender (and yourself) a favour and grant your consent if it is something you want to keep getting.  If the email is for something you don’t want, or from someone you have never heard of before that is trolling for new contacts, consider unsubscribing instead of just ignoring it – ignoring it is not the same as unsubscribing.

For more detail on CASL check out the HP CASL page, or search for CASL on my blog.

Cross posted to Slaw.

CRTC releases CASL compliance program bulletin

The CRTC just released another bulletin regarding CASL – Compliance and Enforcement Information Bulletin CRTC 2014-326.  It sets out “Guidelines to help businesses develop corporate compliance programs”.

The bulletin sets out CRTC thoughts on best practices for the development of corporate compliance programs for both CASL and the do not call rules.  It is worth taking a look at, because having a proper compliance program in place reduces the likelihood of a violation, helps establish a due diligence defence (a due diligence defence may not give a complete pass on a violation, but will reduce the consequences), and helps avoid director and officer personal liability.

Keep in mind that these bulletins do not have the force of law, and don’t bind the CRTC. And as the bulletin rightfully points out, all businesses are different, and small businesses don’t have the same resources as large one.

For more information on CASL search my blog for “CASL”, or visit the HP CASL page.

 

SCC “gets” tech – government not so much

Far too often – at least in my opinion – courts and legislators don’t seem to understand technology related issues or how the law should fit with them.  The Supreme Court of Canada, however, got it right with Spencer, which basically says that internet users have a reasonable expectation of anonymity in their online activities.  Last Fall the SCC sent a similar message in the Vu case saying that a general search warrant for a home was not sufficient to search a computer found there.  And that trend will hopefully continue with its upcoming Fearon decision on the ability to search cell phones incident to arrest.

While the SCC seems to now “get it” when it comes to privacy and technology, the federal legislature doesn’t seem to.  It has continually tried to erode privacy with a series of “lawful access” attempts, the latest of which may be unconstitutional given the Spencer decision.  Another example of the federal legislature not “getting it” is the CASL anti-spam legislation, which imposes huge burdens on normal businesses and software providers.

Cross posted to Slaw

http://harrisonpensa.com/lawyers/david-canton