fb pixel

Compliance Checkup

CASL Compliance Checkup

The below questions are designed to assist University offices in checking their compliance with CASL. Offices that do not reply affirmatively to all questions should contact the Data Privacy and Compliance Office for assistance in meeting CASL's requirements.

Commercial Messages

  1. Are commercial messages sent to only those recipients who have provided valid implied or express consent?
  2. Does every commercial message identify its sender, including the sender's name, mailing address and any one of telephone number, email address or website address?
  3. Does every commercial message contain an unsubscribe mechanism whereby the recipient may indicate not to receive further commercial messages?
  4. Are unsubscribe requests processed within 10 business days?

Recordkeeping

For all commercial messages sent since July 1, 2014, are records retained to demonstrate for each recipient:

  1. How the email address, phone number, or direct message account was obtained?
  2. The type of consent obtained?
  3. The business or non-business relationship that supports the consent?
  4. The date the consent was obtained?

Additional Documentation

Are records retained to demonstrate:

  1. All procedures for obtaining email addresses, phone numbers, and direct message accounts?
  2. All procedures for obtaining and managing consent?
  3. All procedures for actioning unsubscribe requests?
  4. All unsubscribe requests and subsequent actioning?