Is CASL Still Relevant?

Updates Regarding CASL’s Private Right of Action Provision

The Canadian Anti-Spam Legislation (CASL) is a series of regulations that are placed on businesses that market to Canadian consumers and businesses. Almost all electronic means of communications for commercial purposes fall under the scope of CASL. Forms of communication covered include email, text, instant messages, social media messages, and installation of computer programs.

Although CASL was enacted in 2014, the Private Right of Action (PRA) provision was not set to go into effect until July 1st, 2017. This provision was established to allow lawsuits to be filed against entities for alleged violations of the legislation and to enable fines of up to $200 per infraction not to exceed $1,000,000 per day. Simply, the PRA would give businesses a disadvantage in marketing and communications and would have enabled major class action law suits.

However, the PRA has been suspended indefinitely and will NOT go into effect on July 1st.

According to its press release, “the Government of Canada is suspending the implementation of certain provisions…in response to broad-based concerns raised by businesses, charities and the not-for-profit sector.” Although this is great news for businesses, penalties for non-compliance remain up to $1,000,000 per violation for individuals and up to $10,000,000 per violation for organizations. Thus, compliance with CASL should still be a priority for commercial electronic messaging campaigns.

According to CASL, each of the following would be considered violations of the requirements:

  • Sending of commercial electronic messages without the recipient’s consent (permission), including messages to email addresses and social networking accounts, and text messages sent to a cell phone;
  • Alteration of transmission data in an electronic message which results in the message being delivered to a different destination without express consent;
  • Installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee;
  • Use of false or misleading representations online in the promotion of products or services;
  • Collection of personal information through accessing a computer system in violation of federal law (e.g. the Criminal Code of Canada); and
  • Collection of electronic addresses by the use of computer programs or the use of such addresses, without permission (address harvesting).

We understand compliance with these requirements can be difficult to manage. Please feel free to reach out to for more information on the requirements regarding CASL, how to comply, or any other privacy, security or compliance matters.

Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.