Written by Eliott C. Ponte, Law Clerk
At the beginning of the month, Canada’s anti-SPAM legislation (CASL) went into effect. Canada’s legislation, which is most similar to the United States CAN-SPAM Act of 2003, places restrictions on companies sending commercial electronic messages (CEMs) to or from Canada. As it applies to United States credit unions, the legislation and its accompanying regulations place restrictions on when companies (including non-Canadian companies not doing business in Canada) can send CEMs to people living in Canada.
CASL authorizes several Canadian regulatory agencies to enforce this law on companies who do not operate in Canada. While Canada’s laws do not normally apply to companies who do not operate in Canada, Canada will likely work with the regulatory agencies in other countries, like the Federal Trade Commission (FTC) here in the United States, to enforce this law on companies who send CEMs to people in Canada. To date, the FTC has not indicated it will work with Canada to enforce its new law, but Canada has worked with the FTC on several consumer protection matters involving Canadian companies not operating in the United States that were taking advantage of United States consumers. Thus, it is likely that the FTC will return the favor, and credit unions with members living in Canada should be aware of this legislation.
How to Comply with CASL
To comply with the new law, credit unions must receive consent from their members living in Canada prior to sending a CEM. In addition, the CEM must identify the credit union as the sender, offer an opt-out mechanism, and contain truthful and accurate information.
The CASL defines CEMs as:
“an electronic message that, having regard to the content of the message, the hyperlinks in the message to content on a website or other database, or the contact information contained in the message, it would be reasonable to conclude has as its purpose, or one of its purposes, to encourage participation in a commercial activity, including an electronic message that
(a) offers to purchase, sell, barter or lease a product, goods, a service, land or an interest or right in land;
(b) offers to provide a business, investment or gaming opportunity;
(c) advertises or promotes anything referred to in paragraph (a) or (b); or
(d) promotes a person, including the public image of a person, as being a person who does anything referred to in any of paragraphs (a) to (c), or who intends to do so.”
CASL §1(1). Thus, CEMs apply to various forms of electronic communications, including emails, text messages, and social media messages, and various types of communications, including images, text, and sounds.
Consent to receiving CEMs can be either express or implied. Generally, express consent occurs when a member gives an affirmative indication that they wish to opt-in to receiving CEMs, whereas implied consent can be given when the member engages the credit union on a particular subject or has been a member of the credit union before July 1, 2014 (more on this last one below). The specific differences between express and implied consent are clearly stated on Canada’s website. Consent may be received in writing or orally from the member, and the member’s express consent to opt-in to receiving CEMs must be separate from other types of consent.
In each CEM, the credit union must identify itself and list its contact information, which must include its mailing address. In addition, the CEM must provide an unsubscribe mechanism that remains functional for at least 60 days. Canada has issued guidance, with examples, on the unsubscribe mechanism on its website, and this requirement is very similar to the CAN SPAM Act requirements. Last, a credit union must have truth in its advertising (ie. no false or misleading information).
Safe Harbor for U.S. Credit Unions
Credit unions will not violate CASL if the credit union reasonably believes that the member recipient would access the email outside of Canada, and the credit union complies with the CAN SPAM Act (here is a link to the CAN SPAM Act compliance guide). See CASL Regulations §3(f). Thus, a credit union who has no knowledge that a member lives in Canada (the member showed a US driver’s license, has a US mailing address on file, a .com email address, etc.) and complies with the CAN SPAM Act, will likely fall into the safe harbor exception and thereby not violate the CASL.
Grandfather Clause (Implied Consent)
Members of the credit union who joined prior to July 1, 2014 are presumed to have given their consent to receiving CEMs. CASL §10. This provision allows credit unions with members living in Canada to continue sending CEMs to preexisting members without trying to get their express consent, thus making compliance a lot easier. Moreover, the legislation contains no sunset provision, so this implied consent will be valid until the member opts-out.
Other exceptions and resources
The legislation and regulations contain additional exceptions that are not listed on this blog post. Credit unions should check the legislation and regulations before sending messages to members who live in Canada.
Credit Card Advertising: Dotting the I’s & Crossing the T’s
Credit cards increase member loyalty and revenue. Yet regulations governing credit card advertising are difficult and confusing. Gain a greater understanding of the regulatory requirements with this informative webcast. You will learn your way around alternative disclosures and the intricate requirements involved when advertising introductory and promotional rates. We will also provide you with balance transfer promotion best practices.