By Laura K. Williams
By now, your organization is likely aware that new legislation commonly referred to as Canada’s Anti-Spam Law (CASL) is coming into effect on July 1, 2014.
In fact, your IT, sales and marketing teams have probably been scrambling to adjust your processes and procedures to comply with the legislation.
The federal government introduced the bill after years of complaints on the part of individuals and businesses whose inboxes were constantly being inundated with unsolicited electronic messages, otherwise known as spam. There is merit to those complaints. According to a 2013 report by Mountain View, a California-based Internet security firm Symantec Corporation, a whopping 66 per cent of emails sent daily are spam.
Enter CASL. One of the strictest pieces of existing legislation regulating electronic messages, CASL’s purpose is “... to promote the efficiency and adaptability of the Canadian economy by regulating commercial conduct that discourages the use of electronic means to carry out commercial activities.”
Specifically, the Act regulates organizations that send commercial electronic messages (CEMs), which include text, sound, voice and image messages that encourage or solicit participation in a commercial activity. This includes a CEM that offers to purchase, sell, barter or lease a product, good, service or land, or that promotes a person who is connected to these commercial activities.
The key requirement under this legislation is that as of July 1, organizations sending CEMs from or to Canada need to obtain the consent of their recipients to send the message, subject to certain exceptions and where consent is implied. This compliance dead- line is significant because, after July 1, even the message requesting consent will be considered a CEM and regulated accordingly.
Don’t think it’s worth the trouble to comply? The “stick” that has made many organizations pay serious attention to CASL is the serious penalties that may be imposed on offenders, which top out at $10 million for corporations. Criminal charges can be laid where organizations are alleged to have made false or misleading representations regarding CEMs. And unlike most legislation, CASL allows private rights of action. This means businesses and/ or consumers can seek damages of $200 per spam violation, to a maximum of $1 million per day, with officers and directors of companies who knowingly violate the legislation potentially being held personally liable.
Of course, CASL includes several exemptions, which make its compliance requirements somewhat less onerous. Electronic communications sent within a business and between businesses that are in an ongoing business relationship are one example. Also exempted are messages sent to customers in response to a request for information, quotes or complaints; messages sent to enforce a legal right, such as those related to enforcing contractual obligations or collecting a debt; and third-party referrals where the CEM sender discloses in the message the full name of the person who made the referral and the individual making the referral has an existing personal or business relationship with both the send- er and the recipient.
Under CASL, consent to send a CEM can be implied in certain situations. Examples include where an organization sends a CEM to a person with whom they are in an existing business or non- business relationship, such as where the recipient has previously bought or leased a product or service from the sender; been involved in an investment opportunity; or has entered into a written contract with the sender in the last two years or made an inquiry or application to the sender within the last six months.
IMPLICATIONS
CASL will have a profound impact on an organization’s ability to market its products or services, not to mention prospect new business leads. Most importantly from an HR perspective, CASL will force organizations of all sizes to develop new measures and protocols to control the sending of electronic messaging across their workplaces.
While organizations will make efforts to meet their compliance obligations under CASL by July 1, 2014, unfortunately many will leave themselves susceptible to violating these new rules by failing to implement compliance measures that are sustainable. In this respect, certain workplaces are particularly vulnerable – think companies that employ a large sales force, employees who are charged with maintaining customer accounts or conducting business development or promotional activities.
Often these employees have been performing their sales roles under the broad mandate of closing the sale by whatever means necessary, and in our digital age, this has meant heavy reliance on CEMs.
It is critical for employers to ensure their employees understand and are held accountable for adhering to CASL because under the legislation, companies whose employees are not in compliance will be held vicariously liable for violations.
Employers need to take steps to protect themselves by:
Familiarizing themselves with the legislation – In particular, organizations need to understand how CASL will impact their operations, what they need to do to meet their compliance obligations and what sanctions they could face for violations.
Seeking consent – As mentioned, even messages seeking permission to send CEMs will be considered spam after July 1. This means there is simply no time to waste in obtaining that critical consent, which could be as simple as sending a message to a current email recipient from the company’s contact list and requesting permission to continue receiving electronic communications. Remember that you must also save that email confirmation in case your electronic messaging practices are called into question by the Canadian Radio-Television and Telecommunications Commission, which will be enforcing the Act.
Understanding compliance gaps – There should be a robust evaluation of where your company may be exposed to not meeting compliance on an ongoing basis. This means assessing everything from your marketing initiatives, sales processes to individual staff practices to understand where you could run afoul of CASL.
Implementing policies – One of the keys to avoiding vicarious liability exposure under CASL is creating and implementing CEM workplace policies. These policies should make sense in the context of day-to-day operations and be communicated in a manner that gains employee buy-in. The policies must be simple to follow and avoid burdening employees who could ultimately revert to their old CEM tactics if they think the new methods are too onerous. To compel adherence to these workplace policies, the consequences for breaches must be clear and employees should be required to sign off signifying their understanding and agreement to comply.
Training employees – Employers should not expect that by implementing policies, staff will immediately fall in line with the new practices that your organization will be required to implement under CASL. Employers must train all employees on their new CEM policies, and any new systems adopted to support CASL compliance, e.g. new Customer Relationship Management (CRM) software. Training is critical, particularly in environments that will need to help employees break historical non-compliant CEM habits. Everyone in your organization needs to understand their obligations under CASL and what steps are required to meet ongoing compliance.
Monitoring compliance regularly – Compliance is an ongoing exercise. This means that organizations not only need to establish procedures for sending electronic messages, but they also need clear metrics for assessing compliance. This could be as simple as insisting that all CEMs are sent via your CRM software, which is programmed to support and regulate ongoing compliance with CASL. Whatever the case, compliance monitoring means conducting regular internal audits to ensure that employees are following the proper procedures. Also critical is ensuring that someone is specifically designated within the organization as being accountable for monitoring ongoing CASL compliance.
While CASL regulations may seem burdensome at first, focus on the positive. This legislation offers your organization the opportunity to refocus sales and marketing strategies, improve promotional content, vet customer and prospect lists and reinforce solid practices and procedures. It could also possibly rein in rogue sales staff, and help employees work more productively and effectively. What may seem like a business and HR nightmare at first could instead present an opportunity for operational improvement and bottom-line growth.
Laura K. Williams is principal with Williams HR Law Professional Corporation.