First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

CRTC’s reminder on record-keeping for CASL compliance

caslThe Canadian Radio-television and Telecommunications Commission (CRTC) issued an enforcement advisory[1] directing businesses and individuals to consider the importance of record-keeping pursuant to Canada’s anti-spam legislation (CASL).

Under CASL, the onus remains on the sender of commercial electronic messages (CEMs) to demonstrate that it had the proper consents in place to send CEMs (whether implied or explicit). This onus of proving consent is applicable even where the sender is relying on an existing business or non–business relationship, regardless of whether this relationship was established prior to or following the implementation of CASL.

Good record-keeping practices not only ensure compliance with CASL, but can assist a business to: (i) identify potential non-compliance issues; (ii) investigate and respond to consumer complaints; (iii) respond to questions about the business’ practices and procedures; (iv) monitor its corporate compliance program; (v) identify the need for corrective actions and demonstrate that these actions were implemented; and (vi) establish a due diligence defence in the event of complaints submitted to the CRTC.[2]

To achieve the benefits of record-keeping listed above, businesses should endeavour to keep hardcopy and electronic records of the following:

    • all evidence of consent in any form from consumers who agree to receive CEMs (e.g., signed consent forms and completed electronic forms);
    • call centre scripts and audio recordings (where verbal consents are sought), campaign records (including text of CEMs), and recipient consent logs;
    • documentation on the methods used to collect consent;
    • all corporate compliance policies and procedures relating to CEMs and CASL, including staff training documents; and
    • all contemporaneous unsubscribe requests and resulting actions.[3]

Although the CRTC’s guidance on record-keeping for the purposes of CASL has been well established, this recent advisory suggests that documentation proving consent is becoming an enforcement focus. As a result, businesses should revisit their CASL compliance policies and ensure that their staff are trained to promptly and adequately obtain – and maintain – records of customers consenting to receive CEMs. For example, if a business obtains verbal consent from a customer to receive CEMS at a point-of-sale, based on this recent advisory, such verbal consent may not be effective without further proof of opt-in consent such as an electronic form.

For more information on this topic, please see the CRTC’s Guidance, Information Bulletin and its Fight Spam website.

[1] Canadian Radio-television and Telecommunications Commission, Enforcement Advisory – Notice for businesses and individuals on how to keep records of consent, online.

[2] Canadian Radio-television and Telecommunications Commission, From Canada’s Anti-Spam Legislation Guidance on Implied Consent, online.

[3] Supra note 1 and 2.

By: Bernice Karn and Belinda Chiu, Cassels Brock & Blackwell LLP

Occasional Contributors

In addition to our regular guest bloggers, Inside Internal Controls blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of risk management and best practices in finance and accounting, information technology, environmental issues, corporate governance, sales/marketing and operations, not-for-profits and business related issues in Canada. If you are a subject matter expert and would like to become an occasional blogger, please contact Yosie Saint-Cyr at If you liked this post and would like to subscribe to Inside Internal Controls blog click here.

, , , , ,

Comments are currently closed.