Organizations need to take steps to ensure employees comply with CASL
A sweeping piece of federal legislation is poised to have a profound impact on your organization’s IT, marketing and business development initiatives.
Canada’s Anti-Spam Legislation (CASL) should be a top priority for organizations across the country. That’s because CASL regulates all forms of commercial electronic messages (CEMs) originating from organizations, including emails, text and voice messages, as well as the sending of images. In the digital era we live in, one would be hard-pressed to find an organization whose employees did not engage in the commercial transmission of these sorts of messages — and if yours is like virtually every business in Canada, then it will fall under the jurisdiction of CASL when the legislation comes into effect on July 1, 2014. CASL is the result of years of countless complaints by individuals and businesses tired of being inundated by unsolicited electronic messages, commonly known as spam. In response, the new law covers any CEM sent with the intent to purchase, sell, lease or barter a good, product, service or land, or even promote the person connected to those commercial activities. This covers the gamut of CEMs an organization might transmit in the course of regular business. CASL doesn’t ban commercial email or text messages, of course. But beginning in July, organizations sending CEMs from or to Canada will need to have secured the consent of those recipients if they wish to continue sending them messages. Consent needs to be sought immediately because, after July 1, even messages requesting consent will be considered spam. There are several exemptions to the law. An organization may still send emails to existing or potential customers with whom there is an ongoing business relationship, or who may have requested information or lodged complaints about goods or services. Also exempted are messages sent to enforce a legal right such as a contractual obligation or to collect a debt or, in the case of a third-party referral, where that individual has an existing personal or professional relationship with both the sender and recipient, subject to certain conditions. Offenders risk high financial penalties Many CEOs will presume that the Canadian Radio-Television and Telecommunications Commission (CRTC) — which is charged with enforcing the act — will focus its attention on egregious offenders. That remains to be seen, but monetary penalties are unusually high, topping out at $10 million per violation for corporations and $1 million per violation for individuals, including officers and directors of companies personally. The legislation also permits criminal charges to be laid in cases where organizations are alleged to have made false or misleading representations regarding CEMs. In addition, as of July 1, 2017, CASL will allow private rights of action, meaning any person affected by a violation of CASL can sue for actual and statutory damages. At first glance, CASL seems like an IT challenge — namely, when considering the requirement to track recipient consent either manually or through a customer relationship-management (CRM) platform. In reality, however, the legislation will significantly impact human resources because in many cases, companies lack clear, formalized policies governing how their employees market or sell to current or prospective customers. In other words, CASL will create a significant ongoing compliance challenge for many Canadian companies — particularly those with sales employees who manage customer accounts or who conduct regular business-development, networking or promotional activities. Protective steps for employers As with any HR law challenge, this one needs to be put into perspective. CASL doesn’t have to derail carefully-crafted sales and marketing initiatives — it could, in fact, improve them. What it will require is a set of sustainable measures that control the transmission of every CEM originating from the organization. These measures will also help the organization establish the necessary due diligence defence to successfully defend against any possible CASL violation, investigation or complaint. Organizations should: Obtain express recipient consent immediately. There simply isn’t time to waste in obtaining the gold standard of express permission from CEM recipients because any request sent after July 1 requesting consent will be considered spam. Not sure where to start? It can be as simple as sending an email to a contact — such as an e-newsletter recipient, for example — requesting express permission to continue receiving messages. Whether that process is managed using simple direct emails or a customer relationship management platform, all email confirmation must be archived in the event the organization is audited by the CRTC or is challenged in court by another corporation or individual. Identify compliance gaps. Virtually every organization that sends CEMs will face compliance gaps as they attempt to meet CASL requirements. That’s to be expected. The first step is identifying those gaps by mapping out the organization’s various IT, sales and marketing processes (assuming they’re formalized) and working with individual employees to assess their daily business practices. It’s only by taking these critical steps that an organization can begin to address the compliance challenges posed by CASL. Update policies. One of the benefits of CASL is the opportunity it provides to better understand and formalize sales and marketing processes across the organization. That includes developing new policies to regulate CEM transmission. Bear in mind these new policies could raise the ire of employees used to simply firing off emails at will. It’s the reason they need to make sense in the context of day-to-day operations and in driving the continued success and growth of the organization. They also need to be communicated in an employee-friendly way to ensure they’re widely embraced, implemented and maintained. That means the policies should be simple and have clear consequences for breaches. If not, many employees will simply revert to old CEM tactics. Also, be sure to have all employees sign in writing their understanding and agreement to comply. Train all employees and managers. As with any major workplace shift, extensive training in both new policies and procedures (including the use of customer-relationship management software) is a requirement to ensure full and sustainable CASL compliance across the workplace. That includes employers, who need to understand the legislation, its implications and be ready to spot signs of non-compliance. Monitor compliance on an ongoing basis. Human nature will prompt virtually anyone to find the path of least resistance, which in this case means reverting back to historical CEM habits. It’s the organization’s responsibility to ensure that doesn’t happen by developing clear metrics for assessing compliance and then enforcing all CEM policies and procedures. How? Regular internal audits are an effective way to assess compliance, while enforcement responsibilities should be assigned to a specific individual who can then be held accountable for the organization’s compliance. Shannon Anthony is a lawyer with Williams HR Law where she practices employment, labour and human resources law. She can be reached at (905) 205-0496 or [email protected]
