Your Small Business and Canada’s Anti-Spam Law

If you’re a small business owner, you probably rely on mass emails for a large portion of your marketing efforts. After all, email is an efficient, fast, and cost-effective way to get your message out to a lot of potential customers.

But with Canada’s new Anti-Spam Legislation (abbreviated CASL; say it like “castle”) set to take effect on July 1, 2014, you may soon find that some of your electronic communication efforts are considered illegal.

What can you do to prepare your business and its communication strategies to be in compliance with this new, lengthy, and occasionally confusing law? Read on for an easy-to-understand breakdown of CASL, as well as some things to pay attention to before the end of June 2014.

The Basics of CASL

The intent behind CASL is to give everyday internet users more privacy and fewer unsolicited messages to wade through every day.

The law essentially presents a series of regulations about these commercial unsolicited messages, as well as stipulations on how businesses can gather and use information on the internet.

From a small business standpoint, there are three main aspects of CASL that you have to be aware of:

  • consent
  • identification, and
  • opting out


Perhaps the biggest and most publicized part of CASL is consent. Specifically, businesses will need to have prior consent from a recipient in order to send a commercial solicitation email or text message.

This consent must be explicit, active, and affirmative.

In other words, pre-checked boxes next to a "Send me email" line on account set-up forms are no longer allowed. Under CASL, users must actually click to check the box that grants a business permission to send any future messages. The user must opt in to receive messages, which is the opposite of the opt out anti-spam laws in the US and other countries.

A business may legally send commercial solicitations to customers who have made a purchase within the last two years. After that two year period is up, however, the business must obtain explicit consent to continue sending messages.

Also allowed are marketing emails and texts to individuals who have willing shared an email address for the purposes of obtaining more information. Additionally, employees of a company are permitted to email employees of other companies with whom they have an established working relationship.

Emails and text messages of a personal, non-commercial nature are not affected by CASL.

Also part of CASL’s consent portion are rules against malware and spyware. No software of any kind can be installed on a user’s computer without consent, essentially making these virus-type programs illegal.

Furthermore, harvesting emails off the internet is prohibited under CASL, as the unsolicited marketing messages to these harvested addresses would most certainly be in violation of this new legislation.


The second key component of CASL is clear identification of messages. When you send a marketing email (to recipients from whom you have received explicit consent to do so), the subject line must give a clear idea of the content of the message.

This component also extends to any false, misleading, or bait and switch type advertising in electronic communication. For example, a retail company can’t advertise a giant 50% off sale when most of their items are not offered at that discount.

Opting Out

Finally, even though the consent portion of CASL dictates that businesses may send marketing messages to customers who have explicitly opted to do so, customers still must be given a way to opt out at any time.

All marketing emails and text messages must have a fully functional unsubscribe option. If it’s a link, that link must stay active for 60 days from the send date. Once a customer chooses to unsubscribe or opt out of receiving messages, the messages must stop within 10 days. And, businesses are not allowed to double confirm a customer’s decision to unsubscribe. In other words, no follow-up emails asking, “Are you sure you want to unsubscribe?” are permitted.

As part of this opt out component, companies must also provide a straightforward way for customers and message recipients to contact them.

This can be as easy as including a phone number, address, or working email address in the body of a message, though some businesses may prefer to use a link to a contact form.

CASL and Your Business

From a customer’s point of view, CASL will help reduce a large percentage of unwanted emails. But from a business perspective, the regulations imposed by CASL can create a huge legal headache if measures aren’t taken to comply by July 1, 2014.

One of the most interesting, and headache-inducing, parts of CASL is that it not only affects communication originating in Canada — it also applies to communication originating elsewhere that is sent to Canadian recipients.

If your business isn’t located in Canada, you might think that CASL won’t apply to you, but that would be a mistake. If you have Canadians on your contact list, you’ve got some work to do. The Canadian government has the authority, in cooperation with other national governments, to impose any consequences on non-Canadian companies that are found to be in violation of CASL. These penalties can be steep, with fines of up to $10 million, so following the law is important.

What can you do to keep in compliance with CASL?

  • Keep records of explicit consent

    First, make sure you have records of explicit consent from anyone on your email list who might be affected. If you’re in Canada, that’s everyone. If you’re outside of Canada, this applies only to recipients in Canada.

    If you don’t have this consent, you’ll need to get it by July 1, 2014 to be in compliance.

    Also take a look at customers whose consent might be expiring; if their last purchase with your company was close to two years ago, you’ll need to renew their consent as well.

    If you send out a regular newsletter, it’s a good idea to run a prominent announcement letting your customers and recipients know that you’re working to comply with CASL’s July 1 start date.

  • Update your web presence, sign-up forms, and templates

    Now is also the time to update your web presence, sign-up forms, and templates for email communication. You’ll want to ensure that any boxes that give you permission for further contact are initially left unchecked.

    Also, make sure that your unsubscribe option is functional, both as a link and as a way to quickly remove addresses from your mailing list. Finally, all of your communication needs to contain a way to actively contact you and a specific subject line, and must not contain any malware. Updating your templates now can save you a lot of hassle after CASL becomes law.

Canada’s new Anti-Spam Legislation

The full text of Canada’s new Anti-Spam Legislation is daunting: it’s page after small-type page of confusing legalese. However, the details outlined in this article — consent, identification, and unsubscribing — are the points that you and your business need to keep in mind as you move forward in the marketplace.

With CASL’s enactment date of July 1, 2014 quickly approaching, now is the time for all business owners to make sure that their communications will comply with the new law. A few necessary measures can save you a lot of grief, as well as a lot of money, and keep your customers happy while still allowing your company to keep sending marketing emails.