Browse Definitions :
Definition

Canadian anti-spam legislation (CASL)

Contributor(s): Ivy Wigmore

Canadian anti-spam legislation (CASL) is enacted regulations requiring any individuals or organizations that send commercial electronic messages (CEM) to obtain express consent from all Canadian recipients. 

CASL was created to cut down on spam and, as a result, to reduce the frequency of phishing, viruses, identity theft and other cybercrimes. The legislation applies to all commercial messages transmitted through email, social media, voicemail, text and instant messages. CASL's opt-in model is more stringent than the opt-out model common in other countries, which merely requires that recipients can easily elect not to receive a marketer's messages.  

CASL went into effect July 1, 2104. The legislation mandates fines of up to one million dollars (Canadian) for individuals and 10 million for organizations. A three-year grace period allows senders to continue communicating with current recipients for whom they have implied consent. However, express consent must be obtained to send to new recipients; senders must also obtain express consent from current recipients within that time span. 

The American Bar Association (ABA) has called CASL "the toughest anti-spam law in the world." Critics of the legislation predict that it will cause a lot of problems for legitimate organizations without having a significant impact on problematic spammers, who are typically located outside of North America (which makes enforcement difficult) and are already non-compliant with any anti-spam legislation. 

This was last updated in July 2014

Continue Reading About Canadian anti-spam legislation (CASL)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close