All you wanted to know about Canada’s new Anti-Spam Law (CASL) but were afraid to ask.

First things first, answer the following questions about your business and your list.

  1. Are you a Canadian-based business?
  2. Is your email provider based in Canada?
  3. Do you have Canadian-based individuals or businesses on your email list?

If you’ve answered yes to any of the three questions above, the new Canadian Anti-Spam Law (CASL) applies to you.

What does that mean to you and how you do business?

This means that you MUST have consent to email those subscribers.  Consent in this new law comes in two forms: Express and Implied. Your next step is to determine if ALL of your subscribers fit into one of these two buckets:

Express Consent.  This means that the subscriber opted in to receive your marketing messages through a compliant form. This consent doesn’t expire unless it is revoked by the subscriber. Any express consent received before July 1, 2014 will be considered compliant even if the new elements of the law weren’t included as long as you were compliant with the law prior to that time in Canada or the laws of other countries.

Implied Consent. This means that the person on your list has an existing relationship with you or your business. Most times this means that they’ve done business with you (clients and former clients), but can also mean, in rare occasions, they have a non-business relationship with you (usually someone who’s volunteered to you, made a donation, etc.). This consent expires after two years, which means during this two year period, you should be trying to get these people, if they’re important to your list, to give you express consent (see above).

Where people came from who are on your list is crucial with CASL. If someone complains that you aren’t in compliance with the law, the responsibility lies with you to prove where you got their name and address and which bucket of consent they fall in.

Maintaining good records with sign-up date, opt-in confirmation, and showing good list maintenance procedures will be important in proving you’re working with a compliant list.

Still confused about what constitutes Express Consent? Read on.

Express consent is defined as an affirmative action taken on the part of the subscriber to enter an email and click submit or actively checking a box and clicking send or submit.  Pre-checked “subscribe me to this” boxes are NOT compliant and should be reworked on your forms and comments sections if you have them there.

The form (including website AND Social Media forms) also has to have the following information:

  • Identify yourself – what organization will be sending the emails?
  • Clear statement that the subscriber will receive commercial / marketing emails from you.
  • A statement letting them know they can unsubscribe at any time
  • Minimum of one piece of contact info (email, website address, physical address).

Now that we’ve covered the opt-in form, let’s cover what each of your messages need to contain going forward:

Identify who the heck you are. This may sound easy, but you also need to identify all third parties involved if you’re sending out an email on someone’s behalf (think solo mailers).

How can they contact you?  Don’t use This does NOT comply with CASL and is a violation that will get you in trouble. Instead, use a physical address, a working and monitored email address or both to ensure you’re in compliance.

How can they remove themselves from the list? There are a few rules with this one that you must adhere strictly to.

  • The unsubscribe method (link, email address, etc.) must be functional for a minimum of 60-days after you’ve sent out an email. This means if you switch list providers (i.e. aweber, etc.) you must keep this in mind when deactivating services.
  • There can NOT be any cost to unsubscribing to the person trying to unsubscribe.
  • The unsubscribe method can be link or email (or both).
  • You MUST process requests immediately with no delay.  There is a 10-day maximum here that must be adhered to.

This seems like a lot of bother. What if I don’t comply?

The penalties might make you think again.

The Canadian Radio-Television Commission can hand out up to $10 million in administrative fines PER MESSAGE that they find is non-compliant.

In addition, individuals can sue you for actual and punitive damages.

Are there exemptions to these new rules?

Yes, of course there are:

  • Warranty, safety or recall information
  • Information messages
  • Messages about an ongoing subscription or membership
  • Employment related updates
  • Ongoing information about a purchase
  • Transactional emails, like order confirmations, shipping notices and confirmations, etc.
  • Quotes or estimates on your products or services
  • Purely informational or educational emails – these emails can NOT have any advertising or promotion at all…no exceptions.
  • Warranty, safety or recall information on products, services (i.e. “your 30 day money back guarantee is expiring”)
  • Messages directly delivering a product, good or service (be careful here about upsells though).

Additionally, there are other messages where the new law doesn’t apply either.

  • You have a personal or family relationship and have had voluntary contact before the mailing.
  • Registered charities raising funds
  • Political candidates or organizations soliciting contributions.
  • Emails sent in response to a direct request for information.
  • Between businesses with an ongoing relationship (careful here, the message MUST be directly related to the nature of THIS relationship – not general marketing or sales related).
  • Emails enforcing a legal right or obligation

Wow, this seems like a lot to do before July 1, 2014!

Take a deep breath here.  Yes, the law does take effect at midnight on July 1, 2014, but there is a three-year transition period built into the law for transition for many of the provisions.

  • You have 3 years (July 1, 2017) to get express consent from all implied consent subscribers.
  • Penalties for message content violations will be pursued during the three-year window.
  • Private actions cannot be brought during the three-year period, meaning individual subscribers cannot sue for damages until after July 1, 2017.

What’s the bottom line?

Bottom line is simple, know your subscribers and make sure you can prove they’ve opted in properly going forward. Yes, there’s a bit of work to do to ensure compliance, but isn’t it worth it to know your list is in compliance and full of people who truly WANT to receive information from you?


A few examples you may not have thought of:

  1. You’re promoting 40% off of your product or service via Facebook, Twitter and your website. If you intend to add them to your list and email them upsells or promotions later, this promotion form MUST include all the information found on an opt-in form to comply with the law.
  2. You enter into a joint venture with a complimentary service provider. As part of the JV agreement, you are provided with a copy of the list they developed for the JV attendees. Because they developed the list, they MUST have on their opt-in form that they will be sharing the list with “partners” and that those partners will have permission to email them. Additionally, you must continue to work with your partners long after the JV is completed. The law states that all parties are held accountable for managing consent, meaning if a user requests to be removed from one “partner” they MUST also be removed from all “partner” emails, including the original sender. As you can imagine, this could get tricky.
  3. You have your opt-in structured that if people buy something there’s language that says “we will include you in future promotional emails” and a link to unsubscribe at that time. If this is the case, you do NOT comply with express consent.  Express consent requires that the person subscribing take ACTION to subscribe. Their purchase is NOT action to subscribe, it is simply an action to buy a product or service. If someone buys from you, yes, there is implied consent – you have 2 years to get them to express consent or you need to remove them.

1. Determine this by the email addresses (.ca,,, etc), their billing address if they’re current customers, their mailing addresses, etc. It is your responsibility to do your due diligence with your list and ensure you’re in compliance with the law in any country you do business with.


Click an icon below to share and recommend this post:
  • Twitter
  • Facebook
  • LinkedIn
  • Reddit
  • Digg
  • StumbleUpon
  • Google Bookmarks
  • RSS