Are you ready for July 1, 2017? An Update on Canada’s Anti-Spam Legislation (CASL)Brought to you by

Hi,We’re from TechSoup Canada.

Our mission is to help nonprofitsuse tech effectively.

Nonprofits can save money on tech products through the Technology Donations Program

Register your charity, nonprofit or library to see which products you’re eligible for: www.TechSoupCanada.ca/Getting_Started

You have access to free nonprofit tech resources

facebook.com/techsoupcanada

techsoupcanada.ca/learning_centre

techsoupcanada.ca/webinar

@techsoupcanada

techsoupcanada.ca/blog

techsoupcanada.ca/newslettersubscribe

We are part of the TechSoup Global Network.

TSGN is a partnership 60+ civil society organizations that aims to improve lives globally

through the use of technology.

Together, we’ve reached more then 735,000 organizations and saved nonprofits more than

$5.8 B (USD) in tech tools and services.

meet.techsoup.org

We are a program of the Centre for Social Innovation.

CSI is a coworking space, community and launchpad for people who are changing the

world.

Find us @ Spadina, Annex, Regent Park in Toronto (ON)

and in New York (NY).

socialinnovation.ca

GoToWebinar Logistics

1 3

2

1. Close/expand GoToWebinar panel2. Submit a question/comment via

Chat3. View and select your audio

You can hear us, but we can’t hear you! Can’t hear? Try turning up your volume or call in Have a question? Use the Q&A box

Recording & slides will be available post-webinar

Please fill in the post-webinar survey!

About the speaker

Maanit Zemel, Esq.

• Maanit Zemel is a lawyer and the co-founder of Zemel van Kampen LLP, a

Technology Law & Litigation boutique law firm in Toronto

• Ms. Zemel has substantial experience and expertise in internet law,

including CASL, online defamation, cyberbullying and commercial litigation

• She has advised multiple non-profit organizations and charities on CASL

compliance and drafted their template compliance policies, including for

large umbrella organizations.

• Ms. Zemel is also a part-time member of the Ontario Landlord and Tenant

Board, and teaches business law at The University of Toronto and Ryerson

University

Lawyer and Co-founder of Zemel van Kampen LLP

Canada’s Anti-SpamLegislation (CASL)

Presented by: Maanit Zemel

Partner, Zemel van Kampen LLP (formerly MTZ Law)

Webinar hosted by Techsoup CanadaMarch 22, 2017

DISCLAIMER

This presentation is provided as information only. The information is not meant as legal opinion or advice. Viewers are cautioned not to act on information provided in this publication without seeking specific legal advice with respect to their unique circumstances.

Overview

1. Overview of Canada’s Anti-Spam Legislation (CASL)

2. Commercial Electronic Messages (CEM)

3. The Charities Exemption

4. Recommendations

What is Canada’s Anti-Spam Legislation (“CASL”)?

The problem:

What is CASL? (cont’d)

• CASL regulates all “Commercial Electronic Messages” sent or accessed from a computer in Canada

• CASL also regulates broad range of electronic / online activities including:• The installation of computer programs

• Misleading advertising and marketing practices

• Privacy invasion via your computer

• Collecting email addresses without consent (email harvesting)

Enforcement of CASL

• Anyone can complain to the regulators by filing a complaint at: www.fightspam.gc.ca

• 3 Regulating Bodies

1) CRTC – CEMs and installation of computer programs

2) Privacy Commissioner – collection of personal information and address harvesting

3) Competition Bureau – misleading online advertising and marketing practices

Significant Consequences for Non-Compliance

• Administrative monetary penalties:• Individuals – fines up to $1 million per violation• Corporations – fines up to $10 million per violation

• Private rights of action – July 1, 2017

• Class actions - July 1, 2017

• Vicarious liability of organization for employees

• Liability of officers and directors for acts of corporation / organization

• Sweeping investigative powers (search and seizure orders)

CASL Enforcement so far…

• As of Feb 2016 – over 500,000 complaints filed with CRTC

• CRTC tribunal decisions:• Rapanos (individual) - $15,000

• Blackstone – $50,000

• Notices of violation:• CompuFinder – $1.1 million

• Undertakings:• Kellogg - $60,000

• Rogers - $200,000

• Porter airlines - $150,000

• Plentyoffish - $48,000

Due Diligence Defence

An absolute defence to alleged CASL violation Available to an organization that develops and

implements a comprehensive and effective CASL compliance policyIt is not enough to have a policy – must implement

and train on policy

Commercial Electronic Messages (“CEM”)

Commercial Electronic Messages (“CEM”s)

• What is a CEM?CEM is a message sent by any electronic means (i.e., email, text, instant message, tweet) that has, as its purpose, or one of its purposes, to encourage participation in a “commercial activity”

What is a CEM (cont’d)

• “Commercial activity” is:

“any particular transaction, act or conduct that is

of a commercial character whether or not the

person who carries it out does so in the

expectation of profit”

CEM Definition (cont’d)

• Definition of “commercial activity” very broad

• Applies to any “transaction, act or conduct” suggests there does not have to be an exchange

• Applies to non-profit activities

• Applies to charitable funds

Do Charities / NPOs Transmit CEMs?

• Yes!

• Examples of CEMs:• Emails seeking donations

• Emails selling tickets to an event / lottery

• Emails promoting services

• Emails promoting a charitable event / activity

• Emails promoting the organization / charity

• E-Newsletters

• What is not a CEM? message with purely educational purpose & content

CEM Requirements

• You are prohibited from sending a CEM to an electronic address unless:

1. The receiver has already consented to the receipt of the CEM – it is an “OPT IN” regime;

2. The CEM contains certain prescribed information; and

3. The CEM contains an unsubscribe mechanism

CEM Consent Requirements

• CEMs may only be sent with recipient’s express or implied consent

• Onus of proving consent rests with sender

• An electronic message requesting consent is a CEM and is therefore prohibited

Express Consent

•Request for express consent may be obtained orally or in writing

•There are specific requirements as to what should be included in request for consent

Implied Consent (cont’d) –“Non-Business Relationship”

• Consent is implied when:• Sender is registered charity (as defined in ITA)

and recipient made donation or performed volunteer work in preceding two years

OR• Sender is a non-profit org and recipient has

been a valid member in the preceding two years

Implied consent (cont’d)

• The 2 year period for donors/volunteers begins to run at the last date of donation /volunteering

• The 2 year period of implied consent for members begins to run when the membership is terminated.

• There are other prescribed circumstances for implied consent (e.g., existing business relationship; “conspicuous publication” etc.)

Warnings re: Implied Consent

• Expires at the end of the relevant period

• Must keep track of the relevant period

• You must still include prescribed information and unsubscribe mechanism

• Ends when person unsubscribes (opts out)

• You must implement requests to unsubscribe

• 3 Year Transitional Period:

• For parties who were in an existing business or non-business relationship prior to July 1, 2014 and were sending CEMs - implied consent is extended until July 1, 2017

• This means that charities have implied consent to send CEMs to their former donors / volunteers until July 1, 2017

Implied consent (cont’d)

Information Requirements for CEMs

• All CEMs must include:• Name, mailing address and either email / tel. #/ website

• A means by which to contact the sender (to be effective for at least sixty days)

• An “unsubscribe” mechanism

• When not practical to include in CEM, this information must be posted on a website and the CEM must include a link to that website, which is clearly and prominently set out in message and is readily accessible

“Unsubscribe” Mechanism:

• Must be effective for 60 days

• Must be given effect within 10 days of request

• Must be at no cost to requester

Exemptions to CEM Requirements

• Complete exemptions:

• Exempts organization from complying with all CEM requirements (i.e., consent & info & unsubscribe)

• Partial exemptions:

• Exempts organization from complying only with consent requirement

• Must still include prescribed info & unsubscribe in CEMs

• The organization must prove that it meets one of those exemptions

• Due to time constraints, I will only be covering the Registered Charities Exemption in this presentation (contact me for details of other exemptions)

Registered Charities Exemption

CEMs sent by or on behalf of a registered charity and “the message has as its primary purpose raising funds for the charity”

Charities Exemption

• Org must be a registered charity

• NOT A BLANK EXEMPTION will depend on the content of the CEM

• According to Industry Canada – “raising funds” is broader than “fundraising” (as defined by CRA) –includes the sale of tickets and services (e.g., galas) as long as funds are intended for the charity and not another recipient

Charities exemption (cont’d)

• According to CRTC staff (FAQs posted July 4, 2014):

• “The “primary purpose” of a CEM means the main reason or main purpose of the CEM. There could be a secondary or additional purpose to the message, but the principal purpose of the CEM must be to raise funds for the charity.”

• “Given that legitimate messages sent by registered charities raising funds are exempt under the Act, the CRTC will focus on messages sent by those attempting to circumvent the rules under the guise of a registered charity.”

• E-Newsletters – may be exempt if contain a request for donations or a logo of a corporate sponsor; BUT not exempt if promote / advertise commercial activity that is not of the charity (e.g, a corporate sponsor)

• Warning! it is questionable whether the “primary purpose test” would be interpreted and applied the same as the CRTC by a court in a civil action

• Concern - “Primary purpose” may be interpreted from the point of view of the receiver of the email and not of the sender

Charities exemption (cont’d)

Best Practices Recommendation

• It is recommended that registered charities not rely exclusively on this exemption

• Develop and implement a consent-based policy

• If choose to rely on exemption, do so only for CEMs for “primary purpose of raising funds” and designate a qualified person (e.g., legal counsel; compliance officer etc.) to vet content of CEMs

Basic Recommendations for CASL Compliance

Recommendations

Tip #1: Get Your Board Onboard. • Decisions respecting CASL should form part of

the organization’s overall risk management strategies

• Decisions must be made at board and executive levels

• If you are not getting the board to pay attention –remind them of the D&O liability

Recommendations (cont’d)

TIP #2: CONDUCT AN AUDIT

1. What forms of electronic communications does the organization use to communicate with internal and external parties?

2. On behalf of which entities does the organization send electronic communications?

3. What third-parties send electronic communications on your organization’s behalf?

4. To whom does the organization send electronic communications?

5. What do these communications contain?

6. What is the purpose of sending the electronic communications?

• TIP#3: Develop and Implement CASL Compliance Policies and Procedures

• Due Diligence Defence - a complete defence to CASL violations

Recommendations (cont’d)

Compliance Policies (cont’)

Develop and implement procedures for:requesting, maintaining and implementing

consentskeeping track of implied consents implementing “unsubscribe” requests

Develop and implement CASL compliant language

• TIP #4: Training and Education Train and educate management, employees

and volunteers on CASL requirements Develop a training program Ensure all new hires / volunteers receive

training Consider training third-parties that are

sending CEMs on your behalf

Recommendations (cont’d)

• TIP#5: Review your contracts with third parties – require CASL compliance and include indemnification provisions for non-compliance

• TIP#6: Consider buying insurance for CASL

• TIP#7: Consult with IT specialists

Recommendations (cont’d)

Other CASL Requirements (non CEM)

1) Installation of computer programs2) Unauthorized electronic collection of personal

information3) Email address harvesting4) Prohibition against misleading marketing /

advertising in electronic format

Electronic Collection / Use Of Personal Information and Address Harvesting

• CASL prohibits anyone from using electronic systems to collect and use personal information and email addresses without the express consent of the person whose information is collected / used

• Review your online marketing strategy - does it perform any of these functions?

• If yes - consider eliminating the practice altogether or obtaining consent

How Can I Help You?

• Auditing of current and future practices

• Advice on developing and implementing CASL compliance

• Drafting and review of compliance policies, processes, and documentation

• Drafting and review of third party contracts

• Compliance training

• Representation before regulators and courts

QUESTIONS?

Maanit Zemelwww.casllaw.ca

mzemel@casllaw.ca / maanit@canadatechlaw.com

(416) 937-9321

Twitter: @maanitzemel

LinkedIn: www.linkedin.com/in/maanit-zemel-9995223

© All rights reserved. This presentation may not be reproduced and redistributed without the prior written consent of the author.