Four points for CASL readiness Dan Michaluk, Hicks Morley April 2014 CASL stands for Canadian

n Anti-Spam Legislation. Its strict, the potential penalties for non-compliance are huge, it applies to you in ays difficult to understand and its coming fast. CASL has caused !usiness much an"iety. #e dont ant to add to that today, !ut e do ant you to !e properly prepared. $he messaging acti%ity at your organi&ation is very uncontrolled. Come 'uly (st messaging ill also !e associated ith potential fines of up to )(* million per message. And this is for doing things that seem %ery !enign in todays orld + things li,e sending a promotional e-mail !ased on opt out consent and sending a promotional e-mail ithout a mailing address, for e"ample. -o organi&ation can afford to ta,e a la" approach to CASL compliance. #ith this in mind, Im going to gi%e four practical points to help set you on a proper path to compliance.

-.-

ne ! Conduct a co"prehensi#e audit CASL applies e"tremely !roadly. $he drafters ere ris, a%erse. /ather than target the ,ind of mar,eting acti%ities that youd e"pect to !e su!0ect to S1A2 regulation, they relied on an application pro%ision that captures a %ery !road range of messages sent in the ordinary course of !usiness and created many, many technical e"clusions and e"emptions to minimi&e the impact of !eing regulated. $his feature of the La means that you ha%e to loo, !road and deep ithin your organi&ation to effecti%ely manage the ris, of noncompliance. If you lea%e CASL compliance ith your 2arCom department and only e"amine your formal promotional campaigns you ont ,no hat youre missing. 3ou ont ,no , for e"ample, that one department ,eeps a list of sta,eholders in 2S 4utloo, to periodically send messages a!out company de%elopments. 3ou ont ,no , also for e"ample, a!out a producer, consultant or other ser%ice pro%ider ho uses e-mail to prospect for ne !usiness.

-5-

$he !etter assessment approach is to educate someone in each of your departments a!out hat CASL is and ho it applies and to as, that person to gi%e ritten feed!ac, on 6a7 all electronic address lists maintained and used !y the department and 6!7 all formal and informal messaging practices used !y the department. Conduct a comprehensi%e audit. $%o & Don't let your people (ud)e for the"sel#es 3ou need to reach out to ,ey people in your departments and educate them a!out ho CASL applies so they can identify regulated acti%ity, !ut at the same time you should not e"pect them to 0udge ho CASL applies. $here are three simple reasons for this8 6a7 $hey are not independent 63ou can assume that people in your !usiness lines ha%e a !usiness need to ,eep sending messages ithout the !urden associated ith CASL compliance. #ishful thin,ers do not ma,e for good 0udges.7 6!7 $hey are not 9ualified 6:ach e"clusion and e"emption in CASL is technical and re9uires significant interpretation. ;o that yourself and, if you need help, call us.7 6c7 3ou need to promote a consistent approach 6$here are only so many %ariations of CASL compliance pro!lems. If you

-<-

ta,e responsi!ility for CASL compliance youll see common pro!lems. And o!%iously, li,e pro!lems should !e sol%ed ali,e.7 ;ont let your people 0udge for themsel%es. $hird & Create si"ple solutions #hen you do a proper CASL audit youll li,ely disco%er a num!er of messaging practices that youll !e a!le to simply set aside !ased on an e"clusion that ma,es the practice entirely un-regulated. Interpret and apply the e"clusions carefully, !ut once you conclude a messaging practice is e"cluded, your solution is simple8 !usiness as usual. 3oull also find classic promotional campaigns in hich permission to message is e"changed for a promise to e-mail something of %alue. $hats an easy solution too8 if you dont ha%e e"press consent already, you !etter get e"press consent !efore 'uly ( and implement a relia!le means of o!taining e"press consent going for ard. $hen youll ha%e a range of other practices that present options. $hin, of an address list. Some contacts in the list may ha%e done !usiness ith you that gi%es you access to a time-limited implicit consent allo ance. 4thers may ha%e pro%ided an electronic address in a !usiness conte"t that opens up a different e"press consent allo ance. 3oull consider

-=-

!rea,ing up the list, ,eeping it together and mo%ing to the most conser%ati%e rule and so on. $he %ery general ad%ice for CASL pro!lem-sol%ing is to par, the mad scientist solutions and tend to the solutions that are easy to control and facilitate good proof. Create simple solutions. Fourth & *"ploy due dili)ence Let me !e the first to tell you that you ill ha%e compliance failures. $his is a !road-reaching a piece of legislation that concerns an acti%ity + messaging + that is %ery difficult to control. $he statute, ho e%er, features an e"press due diligence defence + a defence that means you and your organi&ation ill not !e lia!le despite a failure if you%e ta,en all steps reasona!le in the circumstances to support compliance. >uild your entire compliance approach around this principle. 3ou may ha%e %endors that send promotional e-mails on your !ehalf8 ma,e sure your !usiness lines select them carefully, contract ith them prudently and administer them %igilantly. 3ou may ha%e employees that ant to maintain an informal list pursuant to the so-called !usiness card allo ance for implicit consent. As,, #hat ould the reasona!le organi&ation do to ensure these employees stic, ithin the !oundaries of that rule?

-@-

:mploy due diligence. Conclusion In summary8 6(7 conduct a comprehensi%e audit 6.7 dont let your people 0udge for themsel%es 657 create simple solutions and 6<7 employ due diligence. CASL compliance is not difficult !ut it ta,es some or,. #ed !e glad to help.