Learn how mass emails could, should or are supposed to work under the Canadian Anti-Spam Legislation. Maanit Zemel is a Partner with the law firm of Miller Thomson LLP, practicing out of the Toronto office, where she advises businesses, non-profit organizations, charities and individuals on a variety of legal issues. Ms. Zemel has substantial experience and expertise in internet and social media law, including Canada’s Anti-Spam Legislation (“CASL”), online privacy, online defamation, cyberbullying and cyber-security. As a member of Miller Thomson’s CASL Advisory Group, she assists her clients with developing and implementing practical policies and procedures for complying with CASL.

1. Canada’s Anti-Spam Legislation:
What Charities and Not-For Profits
Need to Know Before July 1, 2014
.Maanit Zemel, Miller Thomson LLP
mzemel@millerthomson.com / mzemel@casllaw.ca
416.595.7907 / 416.937.9321
Co-presented with Jim Freer of Method Works Consulting
April 28, 2014, Vancouver B.C.

2. Overview
1. Overview of Canada’s Anti-Spam
Legislation (CASL)
2. The Commercial Electronic Messages
(CEM) Requirements
3. Tips for preparing for CASL
4. Other CASL requirements

3. What is Canada’s Anti-Spam
Legislation (“CASL”)?
The problem:

4. What is CASL? (cont’d)
The solution:
 CASL regulates a broad range of electronic / online
activities including:
 Commercial electronic messages (CEM)
 The installation of computer programs
 Misleading advertising and marketing practices
 Privacy invasion via your computer
 Collecting email addresses without consent (email
harvesting)

5. What is CASL? (cont’d)
Anyone can complain to the
regulators by filing a complaint at:
www.fightspam.gc.ca

6. Fundamental Underlying
Principles
 All of the regulated activities may only
be carried out:
1. With informed consent; and
2. With clear identification of the
sender
 “Opt-In” Regime

7. Significant Consequences for
Non-Compliance
 Administrative monetary penalties:
 Individuals – fines up to $1 million per
violation
 Corporations – fines up to $10 million per
violation
 Private rights of action
 Class actions
 Vicarious liability of corporation for employees
 Liability of officers and directors for acts of
corporation
 Sweeping investigative powers (search and seizure
orders)

8. When will CASL be in force?
 Three important dates:
 July 1, 2014: requirements respecting
CEMs
 January 1, 2015: requirements respecting
computer programs
 July 1, 2017:

End of transition period for implied consent

private rights of action

9. Regulating Bodies
 3 Federal bodies :
1) CRTC – CEMs and installation of computer
programs
2) Privacy Commissioner – collection of
personal information and address harvesting
3) Competition Bureau – misleading online
advertising and marketing practices

10. Commercial Electronic
Messages (“CEM”s)
 What is a CEM?
CEM is a message sent by any
electronic means (i.e., email, text,
instant message, tweet) that has, as
its purpose, or one of its purposes,
to encourage participation in a
“commercial activity”

11. What is a CEM (cont’d)
 “Commercial activity” is:
“any particular transaction, act or
conduct that is of a commercial
character whether or not the
person who carries it out
does so in the expectation
of profit”

12. Do Charities / NPOs Transmit
CEMs?
 Yes!
 Examples of CEMs:

Emails seeking donations

Emails seeking volunteers / members

Emails selling tickets to an event / lottery

Emails promoting services

Emails promoting a charitable event / activity

Electronic newsletters

Emails promoting the organization / charity

13. CEM Requirements
 You are prohibited from sending a
CEM to an electronic address unless:
 The receiver has already consented to
the receipt of the CEM; and
 The CEM contains certain prescribed
information
 Subject to limited exclusions /
exemptions

14. CEM Consent Requirements
 CEMs may only be sent with
recipient’s express or implied
consent
 Onus of proving consent rests
with sender

15. CEM Consent (cont’d)
An electronic message requesting
consent is a CEM and is therefore
prohibited (post July 1, 2014)

16. Express Consent
 Request for express consent may be obtained
orally or in writing
 Request for consent must include:
 The purpose for which consent is being sought
(“clearly and simply”)
 Sender’s identifying and contact information
and/or on whose behalf consent is being sought
 Statement that receiver can withdraw their
consent

17. Implied Consent
 Consent may be implied when:
 the recipient has:
1) “conspicuously published” his/her electronic
address (on a website for example)
2) has not indicated a desire to not receive
unsolicited CEMs; and
3) the message is relevant to recipient’s business
role, duties or functions
 the recipient has:
1) disclosed his/her electronic address to sender
without indicating a wish not to receive
unsolicited CEMs (e.g., business card); and
2) message is relevant to person’s role or duties in
business or official capacity

18. Implied Consent (cont’d) –
“Non-Business Relationship”
 Applies to charities and NPOs
 Consent is implied when:
 Sender is registered charity and recipient
made donation or performed volunteer work in
preceding two years
 Sender is a non-profit organization and
recipient has been a member in the
preceding two years

19. Implied Consent (cont’d) –
“Existing Business Relationship”
 In the two years prior to the sending of the CEM,
the recipient had:
 Purchased / leased / bartered a product / good /
service / land from the sender;
 accepted a business / investment / gaming opportunity
offered by the sender; or
 a written contract is created between the recipient and
the sender.
 Or - Six months before the message is sent, the
sender received from the recipient an inquiry or
application about one of the items above.

20. Implied Consent (Cont’d)
 3 Year Transitional Period:
 For parties who are in an existing
business or non-business relationship
- implied consent is extended until
July 1, 2017
 This means that charities and NPOs
have implied consent from their
donors, volunteers and members until
July 1, 2017

21. Information Requirements
for CEMs
 All CEMs must include:
 Identifying and contact information of sender (or
on whose behalf CEM is sent)
 A means by which to contact the sender (to be
effective for at least sixty days)
 An “unsubscribe” mechanism
 When not practical to include in CEM, this
information must be posted on a website and
the CEM must include a link to that website,
which is clearly and prominently set out in
message and is readily accessible

22. “Unsubscribe” Mechanism:
 Must be effective for 60 days
 Must be given effect within 10
days of request
 Must be at no cost to requester

23. Exemptions from CEM
Requirements
 Registered Charities
Exemption: CEMs sent by or
on behalf of a registered charity
and “the message has as its
primary purpose raising funds
for the charity”

24. Charities Exemption
 Emphasis is on “primary purpose” of
message
 Examples:

Email that provides information about the
charity’s work and contains one sentence
at the bottom asking for donations - is it for
the primary purpose of raising funds? 
probably not

Email that sells tickets to a charitable
event – is it for the primary purpose of
raising funds?  probably yes

25. Charities Exemption (cont’d)
 What does “raising funds” mean?
 Is it different than “fundraising”, as
interpreted by the CRA?
 CRTC likely to focus less on the
intended use of the funds and more on
the content of the message

26. Other CEM Exemptions
1) “Personal” or “family” relationship
2) A CEM that consists solely of an inquiry or application
3) Solicited CEMs - sent in response to a request,
inquiry or complaint, or otherwise solicited by the
person to whom the message is sent
4) Internal CEMs – sent within an organization / business
and concerns the activities of that organization /
business
5) CEMs between organizations / business – if the
businesses / organizations “have a relationship” and
the CEM concerns activities of the receiver business /
organization
6) CEMs sent to enforce a legal right

27. CEM Exemptions (cont’d)
7) CEMs sent within an electronic platform where
“unsubscribe” and identifying information is
conspicuously published and readily available (e.g.,
within a social network)
8) CEM sent within a limited-access secure account by
the person who provides that account (e.g., banking
portals)
9) CEM sent by a political party for the primary
purpose of soliciting contributions
10) CEMs sent to a foreign jurisdiction (but must comply
with foreign anti-spam laws)
11) Two way voice communications
12) Faxes and voicemail messages sent to telephone
accounts

28. Exemptions that must contain
info and “unsubscribe”
 In limited circumstances, there is no need to obtain
consent but must still include prescribed information
(identifying info + unsubscribe):
1) Third party referral - the first CEM sent to a person based
on a referral from a third party, after which consent will be
needed for added CEMs
2) Provision of quote or estimate in response to a request
3) Warranty, recall or product safety information
4) CEM that delivers a product or service, including updates
and upgrades
5) CEM that facilitates or confirms transactions
6) CEM that provides factual information about:
• Ongoing subscription, membership, accounts, loans
• Ongoing use or ongoing purchases
• Employment relations or benefit plans for employees

29. Do you send
CEMs?
You may be exempt from compliance only If:
The primary purpose of CEM is to raise
funds for the charity*
Are you a
Registered
Charity?
No further action
required
Is the CEM:
• A third party referral?
• Providing a quote or estimate in
response to an request
• Providing warranty, recall or product
safety information
• delivering a product or service, including
updates and upgrades
• facilitating or confirming transactions
• Providing factual information about:
1. Ongoing subscription, membership,
accounts, loans;
2. Ongoing use or ongoing purchases;
3. Employment relations or benefit
plans for employees
No further action
required
No consent required but
CEM must include:
• Identifying information
• Unsubscribe
mechanism
Do Other Exemptions Apply?
Ex.:
• Organization to organization
• Personal / family relationship
• Internal CEM
• An inquiry / application
• A response to an inquiry / request / complaint
• To enforce a legal right
• Sent within a secured access platform
• Within a platform containing unsubscribe and ID info
• To a foreign jurisdiction (must comply with foreign
laws)
Yes Yes
Is Consent Implied?
Only if:
1. You are a registered charity / Not-for-profit org.; and
2. Recipient has been a donor, volunteer or member in the
preceding 2 years
Implied consent only good for 2 years
Need to:
1. Include prescribed info
2. Keep track of 2 years
3. Obtain express consent before 2 years expires
Yes
• Before July 1, 2014:
1. Obtain express consent
2. Include prescribed ID info and unsubscribe mechanism in all CEMs
• After July 1, 2014:
1. Obtain consent in prescribed form
2. Include prescribed ID info and unsubscribe mechanism in all CEMs
No / unsure
No
CASL
Flowchart
for
Charities/NPOs Yes
Yes
(most likely)
No (unlikely)
No
Unsure – consider next step

30. Tips for Preparing for CASL
TIP #1: CONDUCT AN AUDIT
 Does your organization send CEMs?
 Is consent required?
 Is consent implied?
 What forms of express consent do
you plan on obtaining?
 Do you need to include prescribed
information in CEM?

31. Do You Send CEMs?
 Most likely YES
 Consider:
1) What forms of electronic communications does the
organization use to communicate with internal and external
parties?
2) On behalf of which entities does the organization send
electronic communications?
3) What third-parties send electronic communications on your
organization’s behalf?
4) To whom does the organization send electronic
communications?
5) What do these communications contain?
6) What is the purpose of sending the electronic
communications?

32. Is Consent Required?
 NPOs - most likely YES (unless meets
one of the listed exemptions)
 Registered charities:
 You will not be required to obtain consent
only if CEM is for primary purpose of
raising funds for the charity (or meets one of
the other exemptions)
 Recommended: obtain consent for all CEMs

33. Is Consent Implied?
 Charities and Not-for-Profit Organizations
have the benefit of 2 years implied
consent for all registered donors,
volunteers and/or members
 Beyond 2 years (with exception of transitional
period) – must obtain express consent
 If you are going to rely on implied consent -
you must keep track of the 2 year period for all
donors, members and volunteers - create a
“tickler” system

34. Forms of Express Consent
 If you are seeking express consent –
ensure that it complies with form
requirements
 Proper forms of express consent:
 Paper
 Electronically, not in a form of a CEM, and
cannot include a “pre-checked box”
 Must set out clearly for what purpose you
are seeking the consent

35. Prescribed Information
Requirements
 If charities exemption applies:

No need for prescribed information

Consider including it anyway
 All others:

Ensure that all electronic communications from
your organization contain the prescribed
identification

Ensure that all electronic communications from
your organization contain “unsubscribe”
function

Ensure that you implement the “unsubscribe”
requests

36. Tips for Preparing for CASL
(cont’d)
 TIP#2:
Develop and Implement
CASL Compliance Policies
and Procedures
 Due Diligence Defence – your best
defence to CASL violations

37. Compliance Policies (cont’)
 Develop and implement procedures
for:
• requesting, maintaining and implementing
consents
• keeping track of implied consents
• implementing “unsubscribe” requests
 Develop and implement CASL
compliant language

38. Tips (cont’d)
 TIP #3: Training and Education
 Train and educate management,
employees and volunteers on CASL
requirements
 Develop a training program
 Ensure all new hires / volunteers receive
training
 Consider training third-parties that are
sending CEMs on your behalf

39. TIPS (cont’d)
 TIP#4: Review your contracts with
third parties – require CASL compliance
and include indemnification provisions
for non-compliance
 TIP#5: Consider buying insurance for
CASL

40. Other CASL Requirements
(non CEM)
1) Installation of computer programs
2) Unauthorized electronic collection
of personal information
3) Email address harvesting
4) Prohibition against misleading
marketing / advertising in
electronic format

41. Computer Programs
 It is prohibited to install a computer program (e.g., software,
applications etc.) on a computer or device (phone, tablet etc.)
in Canada unless express consent is provided by owner
 This requirement applies to upgrade and updates of the
computer program
 Express consent is assumed if:
 Consent was provided at the time the program was installed
 For telecommunication service providers
 To address a failure in the system’s software or hardware
 For specific types of programs (cookies, HTML code etc.)
 Coming into force – January 1, 2015

42. Computer Programs (cont’d)
 Does this requirement apply to your organization?
 Does your organization have an app for mobile devices?
 Does your organization provide services through a computer
program? (e.g., instructional video games)
 Does your organization provide a program for its employees,
members, donors etc. to be used to internally communicate
with the organization (e.g., remote access)
 If the answer is yes - you must seek consent for the
installation, updates and upgrades of the program

43. Computer Programs (cont’d)
 Does your program:

Collect personal information?

Interfere with owner’s ability to control their device?

Change settings or preferences without the owner’s
knowledge?

Interfere with data, preventing the owner from
accessing it?

Cause the device to communicate with another
without the knowledge of the owner?

Install any software that can be activated remotely
by a third party?
 If YES to any of the above - make this information clear
when requesting consent

44. Electronic Collection / Use Of Personal
Information and Address Harvesting
 CASL prohibits anyone from using electronic
systems to collect and use personal
information and email addresses without the
express consent of the person whose
information is collected / used
 Review your online marketing strategy - does
it perform any of these functions?
 If yes - consider eliminating the practice
altogether or obtaining consent

45. How Can We Help You?
 Auditing of current and future practices
 Drafting and review of policies,
processes, and documentation
 Drafting and review of third party
contracts
 Compliance training
 Representation before regulators and
courts

46. QUESTIONS?
Maanit Zemel
mzemel@millerthomson.com /
mzemel@casllaw.ca
Disclaimer: This presentation is provided as an information service and is a summary of current legal issues. The information is not meant as legal
opinion or advice and viewers are cautioned not to act on information provided in this publication without seeking specific legal advice with respect to
their unique circumstances.
All rights reserved. This presentation may not be reproduced and redistributed without the prior written consent of the author.