CASL - spam and other electronic threats 


Recognizing the importance of electronic communications to today's commerce, Canada has enacted some of the world's most aggressive anti-spam and anti-malware laws, colloquially known as Canada's Anti-Spam Law or CASL. CASL imposes significant restrictions on sending electronic messages with any commercial purpose (and significant penalties for non-compliance), but it does not stop there. It also regulates handling of electronic transmission data and the installation of software. Organizations that only think of CASL as anti-spam legislation risk missing the broader intent and scope of the legislation. It is important to recognize that the statute does not differentiate between nuisance emails sent by parties commonly known as "spammers", and electronic messages sent by regular commercial participants, including common communications with consumers and other businesses. Subject to a few narrow exceptions, CASL's rules apply to most electronic interactions, if the communications are directed at Canadians or conducted in Canada. Importantly, this means that CASL applies not only to Canadian organizations but also to foreign businesses who interact electronically with Canadians.

McMillan's professionals understand CASL at a practical level, not only its impact on day-to-day business activities, but also the potential risks inherent in CASL's complicated and untested regulatory regime. We can help clients lead by:

  • Advising Canadian and foreign businesses on their CASL obligations
  • Assisting in the identification and amendment of electronic interactions to ensure they are CASL compliant
  • Drafting, reviewing and advising on Anti-Spam statements and policies, including internal and external CASL policies and procedures
  • Reviewing and advising on CASL compliance in electronic communications
  • Drafting and reviewing data protection agreements and privacy provisions in service agreements with suppliers and other third parties
  • Preparing for the "private right of action" where private litigants will, through the courts, enforce CASL
  • Designing audits or providing questionnaires for current consent-gathering or electronic interaction practices
  • Helping organizations develop the role of a CASL compliance officer for their business
  • Advising in cases of CASL breaches
  • Advising on issues related to "outsourced" electronic interactions, including ensuring that service providers and sub-contractors are, themselves, CASL-compliant
  • Responding to access requests, disclosure requests from government authorities, private litigants and regulatory investigations
  • Representing clients in CASL-related litigation