Northern Border Security: Impact of Canada’s Anti-Spam Law on American Businesses

December 9, 2014

When you think of countries leading the cyber-security charge, chances are that Canada is not the first name on your list. That has changed. On July 1, 2014, Canada implemented the new Canada Anti-Spam Legislation (“CASL”), which arguably is the strictest anti-spam legislation in the world. Why should Americans care?  Because any commercial electronic message (i.e., email, text messages, instant messages, social media messages, voice messages, and even installation of computer programs) received and accessed in Canada is subject to consent and disclosure requirements that are far more restrictive than their American counterparts.       

Over a decade ago, the U.S. Congress enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM Act”) in an effort to curb the epidemic of unsolicited commercial email – i.e., spam – in this country.  Under the CAN-SPAM Act, which is largely criticized as being under-enforced, spam is acceptable as long as the email contains an opportunity for the recipient to “opt-out” of future emails.  CASL is much more strict on businesses, Canadian or non-Canadian, which will make compliance that much more burdensome. In other words, an American business can send a commercial electronic message to Canada that fully complies with U.S. law and yet still violates CASL, thereby exposing the American business to significant liability.

Under CASL, the focus is upon prior consent. That is, unless a few select exemptions apply, you – the American sender – must have the Canadian recipient’s consent before you send them any commercial electronic message, and you have the burden to prove that consent. Thus, CASL requires “opt-in” authorization, which forces you to make specific disclosures about your identity and contact information, why you are requesting consent, and the recipient’s ability to withdraw that consent at any time. Although most of these disclosures are probably good marketing practices anyway, none of them currently are required by the CAN-SPAM Act.

Again, why should American businesses care? Here are three significant reasons:

  • Canadian regulators can impose administrative monetary penalties against American senders (up to a maximum of $10,000,000 for organizations), which regulators can seek by court order in Canada or by enforcing a foreign judgment in the U.S.;
  • Effective July 2017, CASL creates a private cause of action for the recipients of any unauthorized commercial electronic message in Canada, imposing statutory damages that will most likely be brought by way of costly class actions; and
  • CASL holds U.S. employers vicariously liable for the violations of their employees, and can even impose personal liability upon corporate directors and officers who authorize or acquiesce in a violation of CASL.

If you send business-related electronic communications to Canada, it is time to take a closer look at what you (and your employees) are sending and whether you have prior documented consent to send it.  Preferably before the Canadian government decides to take a closer look at you.

By Jason Van Dam, you may contact him at jvandam@rcolaw.com or 419-418-6936.

 

Hosted on the FirmWisesm Platform