CASL Survey Report: Bridging the Gaps in Understanding and Compliance

In March 2017, the Direct Marketing Association of Canada (DMAC) and Fasken Martineau DuMoulin LLP set out to determine the current state of understanding and compliance with Canada’s anti-spam legislation (CASL) across small, medium and large organizations. Anecdotal evidence at the time suggested that organizations were operating under a false sense of security about their CASL comprehension and compliance, despite the legislation being in force for almost three years. To gain a deeper understanding of these matters, a survey was composed and circulated to mailing lists for DMAC, Blazon.Online and Fasken Martineau.

The results are in. With well over 200 respondents, our CASL survey provides a revealing spot check on the extent to which organizations understand CASL, and what is required to implement effective compliance strategies and due diligence defence measures. Survey results were provided by those who would be familiar with the legislation – over 80% of respondents were either extremely involved or very involved in the design and implementation of their organization’s CASL strategy.

Findings

The results of the survey are detailed in the appendix to this report, together with correct answers and associated commentary. Of significant concern is that many fundamental aspects of CASL are still not well understood – such as the types of messages governed by CASL, whether the sending of certain CEMs requires consent or an exemption, and how express consent can be obtained. The results also indicate a need to better understand the content requirements for CEMs.



Some of the confusion may result from a mistaken belief that CASL’s requirements mimic those found in corresponding US legislation. On the contrary, CASL establishes a higher standard than the US’s CAN-SPAM Act. The US legislation may have been the cause for the apparent confusion about whether CASL applies to CEMs sent into Canada from the US (or from any other jurisdiction).

When it comes to the consequences of non-compliance, many respondents did not appreciate the extent of potential AMPs, or when AMPs could be imposed by the CRTC. Many were also unaware that directors and officers could be held personally liable for breaches of CASL. It would also appear that the exposure to statutory damages is not well understood.



Of equal concern is the apparent lack of appropriate policies and procedures, including record- keeping programs, within many organizations to support and evidence compliance with CASL. Respondents stated that their organizations lack compliance programs involving written policies, employee training and regular compliance audits. Few have confidence that their organization could establish how consent was obtained, or that CEMs sent by their organization contained the required content and a properly functioning unsubscribe mechanism.

Many fundamental aspects of CASL are still not well understood.

More than half of respondents could not confirm that their organization had written contracts with their e-marketing service providers – exposing them to additional risk.

The results of the survey are somewhat alarming, given that organizations are currently exposed to enforcement action by the CRTC (and potentially the Privacy Commissioner of Canada and the Competition Bureau). In light of the survey results, organizations should be taking this opportunity to avoid greater liability exposure by addressing shortcomings prior to the private right of action coming into force.

Many organizations appear to lack appropriate policies and procedures, including record-keeping, to support and evidence compliance with CASL.

DOWNLOAD The Report

 

0 Comments Write your comment

    1. Loading...