What is Canadian anti-spam legislation (CASL)? - Definition from WhatIs.com

Definition

Canadian anti-spam legislation (CASL)

Part of the Compliance glossary:

Canadian anti-spam legislation (CASL) is enacted regulations requiring any individuals or organizations that send commercial electronic messages (CEM) to obtain express consent from all Canadian recipients. 

CASL was created to cut down on spam and, as a result, to reduce the frequency of phishing, viruses, identity theft and other cybercrimes. The legislation applies to all commercial messages transmitted through email, social media, voicemail, text and instant messages. CASL's opt-in model is more stringent than the opt-out model common in other countries, which merely requires that recipients can easily elect not to receive a marketer's messages.  

CASL went into effect July 1, 2104. The legislation mandates fines of up to one million dollars (Canadian) for individuals and 10 million for organizations. A three-year grace period allows senders to continue communicating with current recipients for whom they have implied consent. However, express consent must be obtained to send to new recipients; senders must also obtain express consent from current recipients within that time span. 

The American Bar Association (ABA) has called CASL "the toughest anti-spam law in the world." Critics of the legislation predict that it will cause a lot of problems for legitimate organizations without having a significant impact on problematic spammers, who are typically located outside of North America (which makes enforcement difficult) and are already non-compliant with any anti-spam legislation. 

This was last updated in July 2014
Contributor(s): Ivy Wigmore
Posted by: Margaret Rouse

Related Terms

Definitions

  • Health information technology (health IT or HIT)

    - Health information technology (health IT) is a segment of the healthcare industry that involves the implementation and maintenance of electronic data and records systems. (SearchHealthIT.com)

  • PCI gap assessment

    - A PCI gap assessment is the identification, analysis and documentation of areas of non-compliance with the Payment Card Industry Data Security Standard (PCI DSS). PCI gap assessment is the first st... (SearchSecurity.com)

  • PCI DSS merchant levels

    - Merchant levels are used by the payment card industry (PCI) to determine risk levels and determine the appropriate level of security for their businesses. Specifically, merchant levels determine th... (SearchSecurity.com)

Glossaries

  • Compliance

    - Terms related to compliance, including regulatory definitions and words and phrases about governance and mitigating IT risk.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About Canadian anti-spam legislation (CASL)Powered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.