The provisions of Canada’s Anti-Spam Law (CASL) that regulate the installation of software came into force today, January 15, 2015. These provisions create new compliance burdens for businesses that create, distribute or use computer programs and software in the course of business (i.e., most businesses in Canada).
Generally, the CASL software provisions prohibit a person from installing, or causing or permitting to be installed, a computer program on the computer system of another person without the consent of the owner or an authorized user. The law also provides for disclosure requirements and enhanced consent where the software in question can perform any one of a number of specified functions, including the collection of personal information from the computer system. As we have previously discussed, this creates new risks for many businesses, including businesses that offer employees participation in “Bring Your Own Device” programs.
In public presentations given in late 2014, the CRTC – which enforces CASL – gave a preliminary interpretation of the software provisions. Notably, the CRTC initially took the position that certain self-installed software would not fall within the scope of CASL. However, it also cautioned that software capable of performing any of the specified functions may still require disclosure and consent, even if self-installed.
We would accordingly encourage organizations that create, develop, distribute or use software in the course of business to consider their potential exposure under this new legislation.