Anti-Spam Legislation Compliance Checklist

This list has been created to assist units to ensure that they avoid sending unsolicited commercial electronic messages (CEMs).

1. Analyze the messages your unit sends to identify any that constitute CEMs.

2. Review existing mailing lists to flag any addresses for which you do not have consent to send a CEM. If necessary, remove these addresses from the mailing lists.

3. Update mailing lists (whether these are electronic spreadsheets, databases, or Customer Relationship Management (CRM) systems) to include the following fields:

   • For all consents: Whether the consent was express or implied.
   • For express consents: The date the consent was given; and the documentation (e.g. signed form) that proves that the consent was granted.
   • For implied consents: The manner that the implied consent was granted (e.g. business relationship); your proof of consent (e.g. a contract signed by the individual for consulting work); the date the consent came into effect; and the expiry date of the consent.

4. Ensure that your unit has a system in place (preferably automated) to ensure that all future consents and unsubscribe requests are promptly recorded in your mailing lists and that these are effective to prevent you from sending unwanted CEMs.

5. Ensure that all of your requests for consent contain the required information (identification and unsubscribe option).

6. Ensure that all of your CEMs contain the required information (purpose, identification and unsubscribe option).

7. Train all relevant employees on CASL’s requirements and the processes your unit has in place to comply with those requirements.