First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Marketing compliance news

The Internet has matured to the point where e-commerce is a reality rather than just a promise. Statistics Canada reports that in 2013 Canadian businesses sold more than $136 billion in goods and services over the Internet, an increase of 11 percent from the previous year.

The opportunities for non-profits are tremendous. The costs of distributing information or a newsletter have plummeted. Large advertising budgets are no longer necessary for reaching a broad audience. Volunteers can be more easily coordinated, charitable receipts issued relatively inexpensively, special events registration managed with far less human intervention required. This is all good news for non-profits. But along with this new e-reality have come new e-headaches.

There is an expanding regime in Canada to protect the privacy of individuals and to safeguard them from unwanted contact by telephone or email. While the laws and regulations governing contact with individuals and the use of their personal information take into account the needs of non-profits, it is important to ensure that all marketing activities comply with the legal requirements.

Anyone with a telephone number or an email address knows the irritation of constant noise that comes from auto-diallers and spam. Some have been unfortunate victims of e-scams or identity theft made so much easier by the existence of the Internet.


The federal Personal Information Protection and Electronic Documents Act (PIPEDA) came into effect in 2004 and a Privacy Commission was established to regulate and enforce the Act. PIPEDA sets standards for the collection and use of personal information for organizations that have national or multi-provincial operations or for organizations that operate in any province in which substantially similar legislation does not exist.

Do not call

Many charities and some non-profits make use of direct calls by volunteers or third-party call centres to solicit donations for their organization, to build donor databases, and sometimes for advocacy purposes. These organizations should be aware of do-not-call regulations.

Telemarketers and telemarketing are regulated by the Canadian Radio-television and Telecommunications Commission (CRTC). In general, telemarketing phone calls may only be made weekdays between 9:00 a.m. and 9:30 p.m. or weekends between 10:00 a.m. and 6:00 p.m., where the time zone is that of the individual receiving the call. Telemarketers must identify at the beginning of each call:

  • The name of the individual placing the call
  • The name of the organization placing the call (even if this is different from the organization on whose behalf the call is being made)
  • The purpose of the call

They must also, upon request, provide a local or toll-free number or name and address allowing the individual to speak to or write about any concerns they may have. The individual’s call or letter must be responded to promptly.

Most importantly, the CRTC has established a National-Do-Not-Call (NDNC) Registry. Individuals can make a phone call or visit a website to register their telephone number as “Do Not Call.” The do-not-call registration is good for five years and then must be renewed. All telemarketers are legally obliged to respect the NDNC registry.

Non-profit organizations, other than registered charities and political parties, are subject to the NDNC registry and related regulations. Registered charities and political parties are exempt from the registry, but even exempt organizations must maintain their own do-not-call registries in order to respect individuals’ rights. Internal do-not-call registries must honour a do-not-call request for three years.

It should be noted that since this is the new standard of behaviour for the vast majority of organizations, consumers will expect this behaviour from all, so even if your organization is exempt, you will want to ensure that you are respecting the principles behind the NDNC registry. If you are using a third-party call centre service, you will want to assure yourself before signing a contract that the call centre is in compliance in order that your own reputation will not be affected by consumer irritation or backlash.


Canada’s Anti-Spam Legislation (CASL) is the nickname for the law more formally titled, An Act to Promote the Efficiency and Adaptability of the Canadian Economy by Regulating Certain Activities that Discourage Reliance on Electronic Means of Carrying out Commercial Activities, and to Amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

CASL was enacted in December 2010 and came into force on July 1, 2014. It is a companion piece to the national do-not-call registry in that it regulates the use of electronic messages for commercial purposes. Put simply, the CASL prohibits the sending of commercial electronic messages (CEMs) to individuals unless they have given their express consent, or in some limited cases, their implied consent.

CEMs include email, text messages and messages sent through social media. Since even a request to consent to future CEMs is subject to consent standards, plain old outreach is a prohibited activity under the new regulations, unless the organization is exempt.

Registered charities enjoy an exemption from these consent regulations for CEMs sent with the primary purpose of raising funds for the organization. This exemption applies both to charities and to organizations or individuals operating on their behalf for this purpose. If your organization is a non-profit without registered charity status, then it is subject to the same rules and regulations as normal business, but may be able to take advantage of certain exemptions related to collecting consent.

These new rules do exactly what they are intended to do: discourage unasked-for electronic messages. Nevertheless, the value of Internet-based communications to businesses and non-profits alike is so great that organizations should not be discouraged from using electronic communications. They just need to play by the rules. And the rules are relatively simple:

  • Don’t send a CEM without consent unless you or your message is exempt
  • If you want to send CEMs, obtain consent from the intended recipients
  • If you want to send CEMs, ensure that they have the content required by the regulations

A number of exemptions at the CEM level have been introduced as a result of extensive public consultation by the CRA. These exemptions are typically messages that common sense would tell you are not spam. Here are a few examples:

  • CEMs sent between individuals where there is a personal or family relationship between them
  • CEMs sent between businesses engaged in a commercial activity together or where an existing business relationship exists and the messages are related to that business relationship
  • CEMs in response to an individual’s request, complaint or inquiry
  • CEMs sent by or on behalf of a political party or organization with the purpose of soliciting a contribution

Written by Stephanie F. Smith, BComm, MBA
Co-author of Finance and Accounting PolicyPro and
Not-For-Profit PolicyPro

Occasional Contributors

In addition to our regular guest bloggers, Inside Internal Controls blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of risk management and best practices in finance and accounting, information technology, environmental issues, corporate governance, sales/marketing and operations, not-for-profits and business related issues in Canada. If you are a subject matter expert and would like to become an occasional blogger, please contact Yosie Saint-Cyr at If you liked this post and would like to subscribe to Inside Internal Controls blog click here.

, , , , , , , , , , , , , , , , , , , , ,

Comments are currently closed.