Canada’s Anti-Spam Legislation (CASL)

We are committed to reducing the harmful effects of spam and related threats. Our goal is to help create a safer and more secure online marketplace. To that end, we help enforce what we call Canada’s Anti-Spam Legislation (external link).

In partnership with Canada’s Competition Bureau and the Office of the Privacy Commissioner, we work together to enforce this legislation.

We have the primary enforcement responsibility, including powers to investigate and take action against violators, and set administrative monetary penalties. We target those who send commercial electronic messages without the recipient’s consent or install programs on computers or networks without express consent. This includes malware, spyware and viruses in computer programs, in spam messages, or downloaded through infected Web links.

We also work to promote compliance among organisations and individuals, ensuring that businesses have the information they need to compete in the global marketplace.

More on how the CRTC helps protect Canadians.

Working together to Fight Spam (Transcript)

Services and information for businesses

Frequently asked questions

Sending messages, consent, identification, unsubscribing, installing computer programs, registered charities, enforcement approach.

Compliance tips

Consent, contact lists, internal do not call list, corporate compliance programs, accurate records.

Guidelines on the Commission’s approach to section 9 of CASL

Compliance guidelines, best practices, who it applies to, potentials for violation, managing risks for compliance, due diligence, preventions and safeguards, potential enforcement actions (Information Bulletin CRTC 2018-415).

Developing corporate compliance programs

Components of a program, senior management involvement, risk assessment, policy, records, training, monitoring, corrective action (Information Bulletin CRTC 2014-326).

Using toggling to obtain expressed consent

Commercial electronic messages (CEMs), opt-out consent mechanism, pre-checked boxes, explicit consent (Information Bulletin CRTC 2012-549).

Keeping records of consent (external link)

Record-keeping practices, electronic and hard copies of evidence.

Requirements for installing computer programs

Self-installed software, causing software installs, offline installations (CD/DVDs purchased at a store), get consent, consent for cookies, consent for operating systems, upgrades, updates.

Interpreting the Electronic Commerce Protection regulations

Unsubscribe mechanisms, info in a request for consent, written consent, oral consent (Information Bulletin CRTC 2012-548).

Guide for businesses doing e-marketing (PIPEDA) (external link)

Harvesting addresses, hired suppliers, collecting and selling email addresses.

Memorandums of understanding

List of MoUs with organizations and countries.

Most requested

Partners

Enforcement Advisories

What we are doing

Policy and Guidance

Consultations, Events and Activities

All consultations

Date modified: