Canadian Anti-Spam Legislation (CASL)

The Canadian Anti-Spam Legislation (CASL) applies to the majority of organizations in Canada, including York University. CASL, which came into effect on July 1, 2014, is designed to more carefully control spam – unwanted Commercial Electronic Messages (CEMs) in electronic messaging. York faculty and staff are expected to comply with CASL. The penalties for failing to comply are significant, for both organizations and individuals.

The IPO provides resources to assist York University units and individuals to comply with CASL. In addition, a CASL PowerPoint presentation by the Office of the Counsel is available to York employees on YU Link (Passport York login required).

CASL Resources

CASL Basics

Important Note: This FAQ is intended to assist York University staff and faculty to understand their obligations under CASL. It summarizes and simplifies the complex requirements of CASL and is not intended to be a substitute for detailed advice, including legal advice. If you have specific questions about CASL, contact the Information and Privacy Office.

Top 5 Frequently Asked Questions

1. What is the Canadian Anti-Spam Legislation?

The Canadian Anti-Spam Legislation (CASL) is designed to more carefully control SPAM, those unsolicited annoying electronic messages which we all receive from time to time.  CASL also prohibits the installation of computer programs without consent. CASL came into force on July 1, 2014.

2. What kinds of electronic messages are regulated by CASL?

CASL applies to “Commercial Electronic Messages” (CEMs), which are defined as any “electronic messages” that encourage participation in a “commercial activity”.

Electronic Messages
An “electronic message” is any message sent to an electronic account, e.g. an email, a text message, or a message using social media such as Facebook. Interactive two-way voice communications, fax messages or voice recordings sent to a telephone account are not considered to be electronic messages. If you’re telephoning a person to offer a product or service, that’s not an electronic message. (However, promotional phone calls may be regulated by the federal Do-Not-Call List. See for more information about the Do-Not-Call List).

Commercial Activity
A “commercial activity” is broadly defined as “any particular transaction, act or conduct or any regular course of conduct that is of a commercial character, whether or not the person who carries it out does so in the expectation of profit”. Examples of commercial activities include purchasing, selling, bartering or leasing products, goods or services, or land; providing a business, investment or gaming opportunity; or advertising or promoting any of these activities.

So, a CEM must meet both definitions of “electronic message” and “commercial activity” for CASL to apply. If you are in any doubt about whether an electronic message is subject to CASL, contact the Information and Privacy Office.

3. How does CASL affect York University?

CASL applies to most organizations in Canada, including York University. However, CASL does not apply to the core educational activities of the university. Accordingly, electronic messages concerning the core educational activities of York University are not subject to CASL because such messages are not of a “commercial character”. However, some electronic messages sent by York University may be of a commercial character (e.g., emails encouraging people to purchase York University merchandise) and would fall under CASL. In the case of messages that contain both non-commercial and commercial content, CASL does apply.

4. What are the exemptions to CASL?

Messages that do not relate to the core activities of the University may nevertheless be exempt from CASL. The exemptions are:

(a) Messages sent by or on behalf of a registered charity such as York University, which have as their primary purpose raising funds;
(b) Messages sent by or on behalf of an individual to another individual with whom they have a personal or family relationship;
(c) Messages sent to a person who is engaged in a commercial activity and consist solely of an inquiry or application related to that activity;
(d) Messages sent within the University that concern the activities of the University;
(e) Messages sent between organizations with a relationship that concern the activities of the receiving organization;
(f) Messages sent in response to requests, inquiries or complaints, or otherwise solicited by the recipient;
(g) Messages sent to satisfy, provide notice of, or enforce a right, legal or juridical obligation;
(h) Messages sent on an electronic messaging service if the required information and unsubscribe mechanism are readily available on the user interface, and the recipient has consented to receive the message;
(i) Messages sent to a limited-access secure and confidential account to which messages can only be sent by the person who provides the account;
(j) Messages that a sender reasonably believes will be accessed in a listed foreign state, and conform to the anti-spam laws of such foreign state.

5. What are the penalties for non-compliance with CASL?

Penalties for non-compliance are significant.

The penalty for noncompliance with CASL is a fine of up to $10 million for the institution. Also, beginning July 1, 2017, a person who receives a CEM without having given his/her prior consent has a private right of action against the organization sending the CEM, and may be entitled to receive up to $200 per violation (class actions are possible, too). Officers, directors and agents can be held personally liable for their organization’s failure to comply with CASL.

CASL Flow Chart

CASL Flow Chart – Process Summary (PDF)

CASL Compliance

Compliance Worksheets

To determine whether you are compliant with the CASL requirements related to CEMs, complete the Compliance Checklist. (PDF)

See the Model Language (PDF) to ensure that your CEM-related messages are compliant with the legal requirements.

More Information

Portions of CASL webpages adapted from McMaster University, with permission.