In 2014, the anti-spam provisions of Canada's Anti-Spam Legislation (CASL) came into force, creating a wide array of compliance requirements for businesses. CASL prohibits a person from sending or causing or permitting to be sent to an electronic address a commercial electronic message unless (a) the message is exempt or (b) the message meets the formality requirements and the person receiving the message has consented to receiving it. While the CRTC has only publicly acknowledged one enforcement action under CASL as of February 12, 2015, this series of posts, "Defending Enforcement under CASL," considers the foundations of a due diligence defence, and how a business can prepare itself.
Generally speaking, CASL puts the onus on the organization subject to an enforcement action to prove that it met its obligations under the legislation. However, the legislation also provides for a defence of due diligence. Section 33(1) of CASL states:
A person must not be found to be liable for a violation if they establish that they exercised due diligence to prevent the commission of the violation.
No court has yet interpreted this provision. However, if an organization wishes to mount a due diligence defence, it appears that it must establish, based on general principles of common law, that:
For a further information, please visit our Anti-Spam Learning Centre. A comprehensive understanding of CASL and how it impacts your business is the first step in compliance with this complicated law. Our other blog posts in the series "Defending Enforcement Under CASL" will be helpful to understand the types of systems and records that will inform a comprehensive compliance strategy.