Canada’s Anti-Spam Legislation (commonly known as “CASL”) creates a comprehensive regime of offences, enforcement mechanisms and potentially severe penalties designed to deter the sending of unsolicited or misleading commercial electronic messages, the unauthorized commercial installation and use of computer programs on another person’s computer system and other forms of online fraud (such as identity theft and phishing).

All Canadian organizations, and foreign organizations that send commercial electronic messages to Canadians or install computer programs on systems or devices located in Canada, should take appropriate measures to comply with CASL and to mitigate residual risk.

BLG’s national CASL Group helps our clients with both proactive CASL compliance advice and legal advice to help respond to CASL contraventions.

CASL Highlights

Following is a brief summary of some key aspects of CASL.

1. Broad Application

CASL creates a restrictive, opt-in regime that prohibits the sending of a commercial electronic message (“CEM”) unless various requirements – consent, prescribed formalities and no misleading elements – are satisfied. CASL specifies detailed rules for each requirement as well as various partial exceptions and full exclusions for some or all of the requirements.

  • CEM Rules: CASL’s CEM rules are not limited to mass unsolicited commercial emails, but apply even if a CEM is sent to a single recipient. CASL broadly defines and regulates CEMs that might not be considered to be “spam” in the traditional sense. Subject to important but limited exceptions, the CEM rules apply to a CEM if a computer system in Canada is used to send or access the CEM, regardless of the location of the sender or recipient.
  • Computer Program Rules: CASL prohibits, subject to limited exceptions, the installation and use of a “computer program” on another person’s “computer system” as part of a “commercial activity” without the express consent of the owner or authorized user of the computer system. Those rules are not limited to malware/spyware or other kinds of fraudulent or harmful computer programs and might apply to various kinds of computer programs installed for reasonable commercial purposes.
  • False/Misleading Messages and Locators: CASL together with the Competition Act prohibit false or misleading representations in promotional electronic messages (including the sender information and subject matter information, each assessed on a stand-alone basis) and misleading Internet content (e.g. a domain name or other locator information).
2. Vicarious Liability/Extended Responsibility

An organization is liable for CASL contraventions by the organization’s employees and agents (including independent service providers engaged by the organization) acting within the scope of their employment or authority.

A corporate director or officer is liable for the corporation’s CASL contraventions if the director or officer “directed, authorized, assented to, acquiesced in or participated in” the commission of the contravention.

Organizations and individuals may avoid liability for CASL contraventions if they establish that they exercised due diligence to prevent the commission of the contravention.

3. Regulatory Enforcement

Three regulators – the Canadian Radio-television and Telecommunications Commission, the Competition Bureau and the Office of the Privacy Commissioner of Canada – have enforcement responsibility for CASL and related provisions in other statutes. They have broad enforcement powers for that purpose, and can impose potentially severe administrative monetary penalties for CASL contraventions. For example, contravention of CASL’s CEM rules can result in administrative monetary penalties of up to $10 million per violation for an organization and $1 million per violation for an individual.

Complying with CASL and Managing Risks

There are some basic measures that organizations can take to enhance their CASL compliance and mitigate risks of CASL litigation and regulatory enforcement, including:

  1. Compliance Program: Establish and implement a CASL compliance program that adopts recommended best practices, including internal policies and procedures, education/training of relevant personnel and appropriate provisions in contracts with service providers.
  2. Due Diligence Documentation: Create and maintain a comprehensive due diligence record of CASL compliance efforts.
  3. Complaint/Litigation Response Team: Establish a CASL complaint/litigation response plan and designate a multidisciplinary response team.
  4. Insurance: Review current insurance coverage and consider purchasing expanded or increased insurance coverage for some of the activities regulated by CASL.

Learn More

More information about CASL is available in BLG’s CASL bulletins. You may subscribe to receive future bulletins here.

BLG’s national CASL Group includes lawyers with expertise in CASL, privacy law, advertising law, cyber risk management and class action litigation. We help our clients – businesses, not-for-profit organizations, and industry associations – with both proactive CASL compliance advice and legal advice to help respond to CASL contraventions.

To find out more about how BLG can help you comply with CASL, please contact one of our CASL lawyers.

Publications & Presentations

Rankings & Recognitions

The CASL Group or its members are recognized in:

  • 2018 and previous editions of Chambers Canada — Canada's Leading Lawyers for Business (Privacy & Data Protection).
  • 2017 Acritas Star, Cyber Risk and Data
  • 2017 and previous editions of The Best Lawyers in Canada® (Information Technology Law).
  • 2017 and previous editions of The Best Lawyers in Canada® (Privacy and Data Security Law).
  • 2017 edition (and since 2001) of The Canadian Legal Lexpert® Directory (Computer & IT Law).
  • 2016 Lexology Client Choice Awards as the exclusive winner for Information Technology in British Columbia.
  • 2013 in Lexpert® magazine, Canadian expert on privacy law.
  • Éloïse Gratton was recognized by Lexpert® as a 2017 Zenith Award – Celebrating Women in Law.
  • Éloïse Gratton was awarded Clawbies : Canadian Legal Blog Award for the year 2014, for the best new legal blog, for her blog on privacy and IT law.