The CRTC recently issued a media advisory entitled Enforcement Advisory – Notice for businesses and individuals on how to keep records of consent. It doesn’t add anything new – but reinforces what the CRTC is looking for. This is important because CASL requires a business to prove that they have consent to send a CEM (Commercial Electronic Message). CASL has a complex regime of express and implied consent possibilities.
The advisory states: “Commission staff has observed that some businesses and individuals are unable to prove they have obtained consent before sending CEMs. The purpose of this Enforcement Advisory is to remind those involved, including those who send CEMs, of the requirements under CASL pertaining to record keeping.”
The problem in practice is that keeping those records can be a herculean task. I’m concerned that the difficulty of getting this right will make many businesses fodder for CASL breach class action lawsuits when that right becomes available in 2017.
My personal view continues to be that the prime effect of CASL is to add a huge compliance burden to legitimate businesses. It may give some tools to attack actual spam, but its approach is fundamentally flawed, and the cost/benefit is way out of whack.