ICYMI: 4 Common CASL Mistakes

DMAC's Derek Lackey highlights some of the myths and misconceptions surrounding CASL compliance


In June, the federal government announced that it was suspending the private right of action under Canada’s Anti-Spam Legislation (CASL), originally scheduled to come into force on July 1, 2017. While this announcement was welcomed by many businesses, it has had the unintended consequence of reducing the urgency surrounding CASL compliance. All other provisions of CASL are still in effect and enforced by the CRTC.

Here are four ways your business may not be complying with CASL, the world’s strictest anti-spam law governing electronic communications.

1. You think CASL, or parts of CASL, are optional.

CASL is the law. Anyone who sends a commercial electronic message to a Canadian must obey CASL. There are no exceptions for the size of the company or where the company is located. Derek Lackey, president of the Direct Marketing Association of Canada, CEO of -30- Strategic Communications—a division of Newport Thomson—and author of “CASL Compliance: A Marketer’s Guide to Email Marketing to Canadians” explained, “Businesses are either choosing to ignore it or self-select. They’re saying, I’ll take care of the unsubscribe portion, but the consent thing is silly. These people are making a conscious decision to take a chance.

Derek Lackey

“Just because you have a working unsubscribe in every email does not make you compliant. That’s such a small piece of the picture.”

2. You don’t understand the difference between obeying the law and compliance.

Obeying the law of CASL means getting consent, only sending emails if you have consent, having a working unsubscribe function and making it clear who you are. That’s following the actual law of CASL.  

But what if one of your employees accidentally sends an email to 10,000 people on your unsubscribe list? How do you prove to the CRTC that it was an actual accident?

“It’s not good enough to just obey the law; you must have policies and procedures around your email marketing programs,” said Lackey. “You need to know how the people got on your list and why they’re there. You need to train your staff so they’re not breaking the law on your behalf. You need to track it all. That’s compliance.

“If you can prove you’ve trained your staff, you’ve got a manual, you’ve done the checklist, then the CRTC is going to say, ‘Okay, we buy that this was a one-time mistake.’ But if that mistake happens and you don’t have any of that back up in place? You’re going to get charged.”

3. You don’t have a manual.

Lackey says he can determine in one question if a business is CASL compliant, “Can you show me your policies and procedures manual?”

To be CASL compliant and prove it during a CRTC investigation, you need a written policies and procedures manual outlining your email marketing programs. And you need to demonstrate that your employees are familiar with its content. Without it, you’re not compliant.

4. You don’t know your current consent relationship with every contact on your email list.

“Almost no one can answer this question: Do you know how every single individual on your email list got there and what your current consent relationship is?” asked Lackey. “That is CASL. And as of July 1, it’s black and white. You either have consent or you don’t.”

It’s not enough just to obtain consent, you need to maintain records of that consent and ensure that your consent falls within the timeframe required by CASL. Need a refresher on the consent requirements under CASL? Download “CASL: The Five Types of Consent and How to Achieve Them.”

There are clearly many misconceptions surrounding CASL, and compliance audits are one way to clear up the myths surrounding CASL and help businesses design compliant programs.

“When I first encountered CASL, I would have agreed with some lawyers that it’s the worst written law that I’ve seen,” said Lackey. “But the more time I spend applying it, the more I realize that it is beautifully crafted because it lets your company be your company without prescribing what to do with your email program. Most companies don’t appreciate the latitude they were given.

“The Alliance for Audited Media helps you put a compliance program together that reflects your company. It wraps the blanket called CASL around your company so that it is as comfortable as possible and email becomes effective again.”


Joan Brehl is vice president and general manager of AAM’s Canada office where she works with a wide range of traditional and digital media clients to help them find trusted and accountable solutions to satisfy their business needs.