Canadian Minister of Industry the Honorable James Moore announced on Wednesday that Canada’s Anti-Spam Law (CASL), called by advocates “the world’s most stringent anti-spam law,” will be enforced starting on July 1, 2014.
The announcement follows another last week by Treasury Board of Canada President Tony Clement that Industry Canada’s regulations had been approved.
The law was lobbied for by the Coalition Against Unsolicited Commercial Email (CAUCE) and others. CAUCE was formed in 1997, and addressed a parliamentary committee reviewing CASL in 2011 as part of an extensive consultation process.
“CASL makes Canada a place where abusive messaging will no longer be tolerated; it provides a toolkit to protect lawful businesses and consumers from the bad actors ruining the online experience of millions, by putting a hard stop to email spam and all types of messaging abuse, while laying out clear and workable standards for proper opt-in online marketing,” said CAUCE president John Levine.
The law will be enforced by the Competition Bureau of Canada, the Office of the Privacy Commissioner of Canada, and the Canadian Radio-television and Telecommunications Commission.
According to a Spiceworks survey released in September, anti-spam solutions are the most popular cloud security service, as the venerable online annoyance continues to hound companies and end-users alike. A recent WHIR blog post examined outbound spam and how to deal with it.
The new Canadian law will likely by adapted and adopted by other countries if it proves successful, which could be bad news for companies which offer spam protection, such as Halon, which announced its entry into the US market at HostingCon 2013.
The new law requires that all commercial electronic messages be consented to by the party receiving the message before they are sent. Consent (or “opt-in”) is implied in the case of email addresses supplied in the course of business, or when a business relation has been carried out over multiple years, and exceptions include personal relationships and responses to requests for information. Breaking the law will be punishable by fines of $1 million for individuals and $10 million for corporations.
In a case like that of the spam sent from Dropbox last year, where a stolen employee password was used, the corporation would undoubtedly challenge any finding of liability in court, arguing that they are not the true origin of the offending messages.