All Collections
Regulations, privacy, and security
Compliance
Am I CASL compliant?
Am I CASL compliant?

If you send marketing emails from or to contacts who reside in Canada, then CASL is directly applicable to you and your business.

Gareth Burroughes avatar
Written by Gareth Burroughes
Updated over a week ago

This is not legal advice

We're not providing legal advice in this article. You must not rely solely on the information given here to ensure you're CASL compliant. The responsibility to ensure you're being CASL compliant lies with you and your company, so seek further relevant advice if you're unsure in any way.

On 1 July 2014 the Canadian Anti-Spam Legislation (CASL) came into effect. This not only affects how Canadian businesses send emails, but also any business that sends marketing emails to Canadian recipients. It is designed to combat unsolicited email, whilst it also tackles Malware proliferation, hacking and identity theft.

If you send marketing emails from Canada, or if you send marketing emails to anyone in Canada regardless of where your company is based, or even if your recipients access their emails from Canada, then CASL is directly applicable to you and your business.

Enforcement of CASL is carried out by by three different agencies – the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau, and the Office of the Privacy Commissioner of Canada. Penalties for infringing the law can range from up to C$1 million for individuals, and C$10 million for companies. The CRTC has the ability and authority to operate trans-border, and to bring proceedings against offshore organisations.

CASL explained

In general, we feel CASL follows existing email marketing best practices, which we encourage you to use as far as is possible.

We strongly recommend that your legal team review CASL’s regulatory documents in order to understand all of its consequences.

  • First, it’s important to note the Canadian Government’s definition of a marketing email:
    “[A Commercial Electronic Message] is an electronic message sent by any means of telecommunication that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.” - 81000-2-175 (SOR/DORS) Canadian Government

  • Second, is the definition of consent. CASL separates consent into two categories - express consent and implied consent.

    • Express consent: Express consent means that a recipient has explicitly asked to receive your emails, either through a clearly labelled form, a signup link in a service email (e.g. purchase receipt) or has clearly opted in at some point during the purchase phase.

    • Implied consent: Implied consent means that a relationship exists between customer and organisation, but the recipient has not explicitly asked to receive emails – for example, after a purchase.

    Under CASL, implied consent expires after 24 months. After this point, your marketing emails are considered unsolicited and liable. Express consent has no expiry point (until your recipient unsubscribes).

Implementation period

The Canadian Government gave businesses until 1 July 2017 to collect and demonstrate express consent from their current marketing lists.

More information on CASL is available directly from the Government of Canada’s website at fightspam.gc.ca.

Becoming CASL compliant

If you follow the best practice guidelines for email marketing, you may be CASL compliant already. However, there are a few simple steps that you can take to help ensure your compliance:

  • Make sure all of your contacts have a last subscribed date.
    This is recorded by the platform by default for any contacts subscribing from 15th October 2014 onwards. For contacts who last subscribed prior to this date, Unknown is displayed.
    However, you can set the last subscribed date by uploading or re-uploading contacts in an Excel or .CSV file and including it as a column called lastsubscribed. Alternatively, you could manually enter a last subscribed date by editing a contact record.

    This means that you're able to establish at a glance when someone subscribed to your emails, no matter whether they completed a signup form, came through a manual import, a survey, the API or any other method. Additionally, this date can be included in your exports for easy reporting.

  • Make sure you use the default unsubscribe page, which clearly explains what unsubscribing means, so there's no confusion.
    It makes the point that by unsubscribing the contact no longer receives commercial and marketing related messages, but one-to-one emails (such as responses to password reset requests) and transactional emails (such as order or shipping confirmations) are still sent.

  • Make sure you include a brief summary of what your contacts can expect to receive when signing up.
    You can do this by filling in the Consent text field when creating a signup form. It allows you to explain exactly what contacts are consenting to when they sign up. If you use the Pages and forms tool for signups, then you can include the purpose as part of a consent block or using a simple text box.

Related Articles
Get started with transactional email
Edit a contact's email opt-in type
Create a signup form
Am I CAN-SPAM compliant?
Turn on double opt-in for WooCommerce subscribers
Did this answer your question?