Perhaps the most difficult compliance challenge arising from CASL – the new Canadian anti-spam law – is how to deal with one-off emails sent by individual employees.  A new online service called CASL-cure provides an outbound email filter solution to this problem.

CASL requires either express consent, or one of a complex series of implied consents, before you can send email that is even slightly promotional in nature.  Just 1 non-compliant email sent by 1 employee can put a business at risk for significant sanctions, including multi-million dollar fines, personal director and officer liability, and starting in 2017 private rights of action including class action suits.  The onus is on the sender to prove compliance, so records must be kept to show how and when express consent was obtained, or how the recipient fits into an implied consent category.  The email itself must contain specified contact info and an unsubscribe mechanism.

That is a lot to expect any employee to understand, let alone comply with, regardless of how much training they get.

CASL-cure solves this challenge in two ways.  First, it automatically adds CASL compliant contact information and an unsubscribe mechanism to every email.  Second, it compares the outbound email addresses to a whitelist of emails that have consent.  If it detects an address that is not listed, it holds the email and sends a reply to the sender saying that the intended recipient is not on the CASL approved list, and offers a menu that the sender can use to enter the details of the nature of the consent.  Once the sender completes that information, that consent detail is added to the whitelist and the email is released.

This solution significantly reduces the risk of sending non-compliant emails.  And since it records how and who added the consent details to the database, it is easy for the business to deal with an employee who tries to cheat the system.  It also helps immensely with a defense under CASL if an investigation results from a complaint.  First, because the system records consent details.  Second, if a non-compliant email does get through for some reason, such as an employee entering false information, it provides a due-diligence defense showing that the business did as much as it possibly could to prevent a violation.

Transparency disclosure – the providers of CASL-cure are clients of mine.