Risk & Business Magazine Cooke Insurance Group Spring 2016 | Page 6

FAQs on Canada’s Anti-Spam Legislation & Customer Experience Management O n July 1, 2014, most provisions of Canada’s Anti-Spam Legislation (CASL) came into force. This law brings sweeping changes to Internet privacy protocols. Companies must update electronic marketing practices as well as customer database records in order to comply. What is the timeline? July 1, 2014: Portions of the Act that govern Commercial Electronic Messages (CEMs) came into force. January 15, 2015: Sections of the Act governing installation of computer programs or software will come into force. July 1, 2017: The Private Right of Action provisions come into force. The three year transition period for CEMs ends. Is there a transition period? On July 1, 2014, a three-year transitional period began. During this time, consent to send CEMS will be implied for any pre-existing business and non-business relationships. A similar consent window will exist for the installation of updates or computer programs. This consent can be revoked by the recipient at any time. Who does this impact? Anyone who makes use of CEMs, produces or installs computer programs or is involved with the alteration of transmission data is impacted. All organizations in Canada, with very limited exceptions, are impacted as well as any international organization that sends CEMs, installs programs or transmits data into Canada. What is a CEM? CEMs are messages that encourage participation in commercial activity. Even if a commercial message is not sent with an expectation of garnering a profit, it still qualifies as a CEM. What do I need to know before sending a CEM? CASL outlines requirements regarding recipient consent as well as content requirements for CEMs. Generally, senders must be able to prove that the recipient has consented to receive the message and must include sender contact information and an unsubscribe mechanism in the message. Does this law only apply to CEMs? The Canada Radio-Television and Telecommunications Commission, the Competition Bureau, and The Office of the Privacy Commissioner share responsibility for enforcement of CASL. 6 SPRING 2016 No. CASL regulates other electronic threats to commerce, like the installation of computer programs, the alteration of transmission data and the installation of malware. It also prohibits unauthorized collection of electronic addresses and personal information (address harvesting) and false or misleading digital representations. What if I don’t comply? The financial penalties for noncompliance with CASL are severe. Penalti