Effect of Canada's Anti-Spam Legislation on U.S. Businesses
by Jay Huh and Claire Brown
As of July 1, 2014, U.S. businesses that interact with people or companies in Canada have been required to comply with Canada's Anti-Spam Legislation ("CASL"). CASL prohibits sending an unsolicited commercial electronic message ("CEM") to a recipient in Canada without the recipient's prior consent. In other words, CASL requires that every Canadian recipient of CEMs opt-in to receiving such messages.
This differs from the "opt-out" regime under the United States' anti-spam law, "The Controlling the Assault of Non-Solicited Pornography and Marketing Act" ("CAN-SPAM"). Most U.S. businesses are familiar and have been complying with CAN-SPAM. However, CAN-SPAM-compliant policies may not be sufficient for U.S. businesses when interacting with people or companies in Canada. Under the "opt-in" regime of CASL, a U.S. business would violate Canadian law if it sent a CEM without the recipient's prior consent. With respect to business relationships with Canadian recipients acquired prior to July 1, 2014, U.S. businesses will have until July 1, 2017 to obtain express consent to send CEMs to those recipients. For new relationships, U.S. businesses will need to seek consent prior to any electronic communications.
Notably, unlike CAN-SPAM, CASL applies to more than e-mail messages. CEMs include e-mails, SMSs, IMs, social media postings, etc., sent to anyone located in Canada. CASL also provides specific content and form requirements for CEMs (i.e., to include identifying information of the sender and the sender's contact information and a mechanism to allow the recipient to easily unsubscribe from future CEMs).
CASL is considered one of the world's most stringent anti-spam laws because of its scope and harsh penalties. Not only are there hefty administrative penalties of up to $1,000,000 (Canadian) for individuals and $10,000,000 (Canadian) for businesses that fail to comply with CASL, but beginning July 1, 2017, private individuals will be able to bring suits against businesses for violations of CASL. Such private actions will not require any proof of damages, so the simple act of sending a CEM to a Canadian recipient who has not opted-in to receiving such messages may result in significant legal costs for the sender.
This client update was authored by the Information Privacy & Security Group and is prepared for the general information of our clients and friends and should not be regarded as legal advice. If you have any questions regarding this update, or for more information, please contact any of the attorneys listed above or the attorney with whom you normally consult. Copyright (c) 2014 Tonkon Torp LLP.