In 2014, the anti-spam provisions of Canada's Anti-Spam Legislation (CASL) came into force, creating a wide array of compliance requirements for businesses. CASL prohibits a person from sending or causing or permitting to be sent to an electronic address a commercial electronic message unless (a) the message is exempt or (b) the message meets the formality requirements and the person receiving the message has consented to receiving it. While the CRTC has only publicly acknowledged one enforcement action under CASL as of February 23, 2015, this series of posts, "Defending Enforcement under CASL," considers the foundations of a defence to liability under CASL, including the potential availability of exemptions.

CASL provides for a number of exemptions available to senders of commercial electronic messages (CEM) (see Defending Enforcement Under CASL: What is a Commercial Electronic Message?). For example, CASL does not apply to a CEM where the recipient is engaged in a commercial activity and the message consists solely of an inquiry or application related to that activity – in other words, many electronic communications intended to solicit leads in a business to business context may be exempt. Registered charities and political parties that send CEMs are also exempt in certain circumstances. Other important exemptions are the so called "B2B" and intra-organizational exemptions. CEMs to other employees, contractors or franchisee's of another organization that your business has a business relationship with at the time the CEM was sent is exempt from CASL compliance, so long as the message concerns the affairs of the business or the recipient's role, function or duties within or on behalf of the organization. Similarly, CEMs between individuals of the same organization that concern the business of the organization are also exempt.

If you are subject to an enforcement action under CASL, establishing that an exemption applies to the transmission of the purportedly-illegal CEM would likely serve as an absolute defense to liability. Under CASL, the burden of proof respecting consent and exemptions rests on the party subject to the enforcement action. Therefore, a key element in establishing a defence under CASL is preparedness – for example, maintaining accurate and complete records which would establish an exemption. Further, as many of the CASL exemptions rely on a pre-existing commercial or family or other relationship, the foundation of a defense based thereon rests on records of such relationship, which is significant especially in the case of an existing business relationship. Proving an existing business relationship is not based only on the existence of a past transaction, but may also include, among other things, negotiations, inquiries, and investments. Where possible, an individual or business should maintain documentation relating to this history in case an exemption needs to be proven.

For many commercial enterprises, effective customer relationship management (CRM) software and records will play an important role in defending against CASL enforcement. For the best protection, CRM programs should be modified and integrated with messaging platforms to track business relationships. Furthermore, and particularly for larger enterprises, internal controls should be integrated into communication policies.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.