Page Style

  • White/Black
  • Standard

Current Style: Standard

December 15, 2017
Halton Hills Public Library. A world within our doors

Main menu

Library Board Policies - Canadian Anti-Spam Legislation Policy

Canada’s Anti-Spam Legislation (“CASL”) came into force on July 1, 2014. Halton Hills Public Library Board (the “library”) is committed to complying with CASL and its requirements. Following is the library’s CASL compliance policy (the “policy”). 

PART I - DEFINITIONS

  1. In this policy, the following terms have the following meaning:
  • “Canada’s Anti-Spam Legislation” or “CASL” - means the following Act and Regulations:
  1. An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23 (the “Act”);
  2. Electronic Commerce Protection Regulations (CRTC), SOR/2012-36; and
  3. Electronic Commerce Protection Regulations (Industry Canada), SOR/2013-221.
  • “Computer program” - means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function.

Examples of computer programs include, but are not limited to:

  1. software;
  2. applications (apps);
  3. games;
  4. e-books;
  5. any upgrades or updates to an existing Computer Program; and
  6. any other computer code that meets the above description.
  • “Computer system” · means any device that, or a group of interconnected or related devices one or more of which:
  1. contains computer programs or other data, and
  2. pursuant to computer programs,
  1. performs logic and control, and
  2. may perform any other function.

Examples of a computer system include, but are not limited to: a computer; a server; a hard drive; a mobile telephone; a tablet.

  • “Electronic message” or “EM” - means a message sent by electronic means to an electronic address, including, but not limited to messages sent:
  1. by email;
  2. by text message;
  3. by instant message;
  4. via a social media account.

For greater certainty, an EM does not include messages:

  1. sent via posted mail;
  2. sent via fax;
  3. communicated via a two-way voice conversation;
  4. communicated via voicemail to a telephone account; and/or
  5. posted or published on a website (but not sent to an electronic address).
  • “Electronic address” - means an address used in connection with the transmission of an electronic message to:
    1. an email account;
    2. an instant messaging account;
    3. a telephone account;
    4. a social media account; or
    5. any similar account.
  • Exemptions” - means the exemptions to the requirements of subsections 6(1) and/or 6(2) of the Act, as prescribed in CASL.
  • “Express consent” - means the explicit and/or expressed communication by a person that the person wishes to receive EMs from the library.
  • “Implied consent” - means the existence of the requirements prescribed in Part VI herein.
  • “Person” - means an individual, partnership, corporation, organization, association, trustee, administrator, executor, liquidator of a succession, receiver or legal representative.

PART II - GENERAL

  1. The library requires all of its directors, officers, employees and volunteers, and any other person who communicates on its behalf, to comply with this policy.
  2. The Chief Librarian and the Marketing and Communications Specialist are responsible for managing the implementation of this policy.
  3. Notwithstanding anything in this policy, at the library’s sole and absolute discretion, the library may rely on any one or more of the exemptions. A determination as to when a situation would be subject to any one of the exemptions shall be made by the library on a case-by-case basis.
  4. At its sole and absolute discretion, the library may at any time revise this policy to ensure that the library remains in compliance with CASL.

PART III - ELECTRONIC ADDRESSES

  1. No person shall collect an electronic address for the purposes of sending electronic messages to the person who owns that electronic address on behalf of the library, without having first obtained the consent of that person.
  2. All the electronic addresses collected by or on behalf of the library shall be entered, stored and managed by the library in a centralized database, which is connected to and/or managed by the library’s integrated library system (“ILS”).
  3. All individuals who obtain and/or collect electronic addresses on behalf of the library must enter those electronic addresses into the database noted above, in accordance with the library’s policies and procedures respecting collection of personal information.

PART IV - ELECTRONIC MESSAGES (EM)

  1. No EM shall be sent by or on behalf of the library, in the course of carrying on the library’s activities, unless the recipient of the EM has provided his or her express consent or implied consent to receive EMs from the library (as particularly prescribed at Parts V and VII of this policy).
  2. EMs sent by or on behalf of the library in the course of carrying on the library’s activities may only be sent to electronic addresses that have been entered into the database specified for this purpose.
  3. All EMs sent by or on behalf of the library in the course of carrying on the library’s activities must include the following information:
  4. a)      the library’s name and mailing address;

    b)      the library’s email address and telephone number; and

    c)       the library’s unsubscribe mechanism, as prescribed at Part V herein.

  1. EMs sent:
  2. a)      between employees of the library; and/or

    b)      from employees of the library to employees of other libraries,

shall concern the activities of the library only.

  1. If an employee of the library sends an EM to another employee of the library or to an employee of another library, which promotes, markets, advertises or otherwise encourages participation in commercial activity associated with an organization other than the library, the sending employee must:
  2. a)      use his/her personal electronic address and not an electronic address owned by the library to send the EM; and

    b)      obtain the express consent of the recipient employee prior to sending the EM.

PART V - EXPRESS CONSENT

  1. The library shall endeavour to obtain express consent from all persons to whom it sends EMs, at all reasonable opportunities.
  2. Express consents provided to the library shall be entered into the library’s database in accordance with the library’s procedures, and shall specify:
  3. a)      the date and time the express consent was given;

    b)      the types of EMs the person has consented to; and

    c)       the manner in which the express consent was given.

  4. All requests for express consent made by or on behalf of the library in writing (whether electronic or in hard copy format), must include the following:
  5. a)      a request that the recipient consent to receive EMs from the library;

    b)      the purpose for which the consent is being sought (e.g., for receiving EMs);

    c)       the library’s name and mailing address;

    d)      the library’s email address and telephone number; and

    e)      a statement that consent may be withdrawn at any time.

  6. Express consent shall not be sought by or on behalf of the library by sending an electronic message to an electronic address, unless the library has implied consent (as prescribed at Part VI herein) from the person to whom the electronic message is being sent.
  7. All requests for express consent made in writing shall not include pre-checked boxes.
  8. All express consents provided to the library in hard copy format shall be scanned and saved in the ILS database.
  9. All requests for express consents made by or on behalf of the library orally shall follow the following procedure:
  10. a)      The individual requesting the consent shall disclose to the person from whom the consent is being sought:

    i. that the consent is being sought on behalf of the library;

    ii. the purpose for which the consent is being sought (e.g., for receiving EMs; for installing a particular computer program);

    iii. the library’s mailing address;

    iv. the library’s email address and telephone number; and

    v. that the person may withdraw the consent at any time.

    b)       If consent is requested in person, the individual seeking the consent shall request that the person sign a form stating: “I hereby consent to my/my child’s e-mail address being used by the Halton Hills Public Library staff for electronic communications regarding materials on hold and overdue, upcoming service changes, free and fee-based programs and special events”.

    c)       If consent is requested by telephone, the individual seeking the consent shall request that the person send an email or text message to the Access Services Librarian with the following sentence: “I / we hereby consent to receive electronic communications from the Halton Hills Public Library”.

  11. Any individual who obtains express consent on behalf of the library shall enter the express consent into the database specific for this purpose within 10 business days of receiving the express consent, or as soon as is reasonably possible, in accordance with the library’s procedures.

PART VI – IMPLIED CONSENT

  1. The library has implied consent to send EMs to the following:
  2. a)      Persons who are current, active cardholders of the library;

    b)      Persons who were cardholders of the library but who ceased to be cardholders in the 24 months preceding the date of the sending of the EM;

    c)       Persons who entered into a financial transaction with the library in the 24 months preceding the date of the sending of the EM;

    Tracking of the 24 months period is performed through the library’s Integrated Library System.

  3. (a) For the purposes of this section, the following terms have the following meaning:
  4. Transition cardholders: means individuals:

    i. who were cardholders of the library prior to July 1, 2014;

    ii. who ceased to be cardholders of the library prior to July 1, 2014; and

    iii. to whom the library has sent EMs prior to July 1, 2014.

    (b) Prior to July 1, 2017, the library has implied consent to send EMs to transition cardholders, in the course of carrying out library activities. 

    (c) After July 1, 2017, no EMs may be sent to transition cardholders by or on behalf of the library in the course of carrying out library activities, unless:

    i. there is implied consent to send those persons EMs, in accordance with section 21 of this policy; and/or

    ii. there is express consent to send those persons EMs, in accordance with Part V of this policy.

PART VII - UNSUBSCRIBE MECHANISM

  1. All EMs sent by or on behalf of the library in the course of carrying out library activities shall include a mechanism by which the person receiving the EMs may unsubscribe, i.e., opt-out from receiving electronic messages from the library (the “Unsubscribe Mechanism”).
  2. The unsubscribe mechanism shall be prominently displayed in the body of all EMs sent by or on behalf of the library. All requests to unsubscribe shall be communicated by the individual who receives the request to the Access Services Librarian, or if the Access Services Librarian is unavailable, to the IT Specialist, within 2 business days of the receipt of the unsubscribe request.
  3. All requests to unsubscribe shall be entered into the library’s database specified for this purpose by the Access Services Librarian, or if the Access Services Librarian is unavailable, to the IT Specialist, within 2 business days of being notified of the request, in accordance with the library’s procedures.
  4. No EMs shall be sent by or on behalf of the library to any person who made a request to unsubscribe, 10 days after the request was made and thereafter, unless the person provides his or her express consent to receive EMs from the library, or unless the EM meets one of the exemptions (to be determined by the library on a case-by-case basis).

PART VIII - THIRD-PARTIES

  1. For the purposes of PART VIII of this policy, the following terms have the following meaning:
  2. Third Party - means a person who is not a director, officer or employee of the library, who sends EMs that promote, advertise, market, or otherwise encourage participation in the library’s activities.

  3. The library requires that all third parties have express consent or implied consent (as prescribed at Parts V and VI of this policy) from the persons to whom the EMs from the library are being sent, prior to the sending the EMs.
  4. The library shall not be held liable for any and all EMs sent by third-parties that are not sent in compliance with this policy.
  5. All third parties agree to defend, indemnify and hold harmless the library and its directors, officers, employees, agents and trustees, from and against any and all complaints, claims, actions or demands resulting from, and/or arising out of, the third parties’ breach of this policy, including, but not limited to, for any and all regulatory proceedings, warrants, preservation demands, disclosure requests, compliance notices, administrative monetary penalties, fines, damages, injunctive relief, class actions, legal fees, expert fees and disbursements.
  6. At its sole and absolute discretion, the library may, from time to time, enter into agreements and/or arrangements with third parties that may not necessarily be in compliance with this policy, but which ensure the library's compliance with CASL.
  7. Notwithstanding anything in this policy, at its sole and absolute discretion, the library may rely on one or more of the exemptions for EMs sent by third parties. A determination of whether a particular EM sent by a third party is subject to an exemption will be made by the library on a case-by-case basis.

PART IX - COMPUTER PROGRAMS

  1. In the course of conducting library activities, no person shall cause a computer program to be installed on a computer system.
  2. Notwithstanding section 33, there is no requirement to obtain express consent to install the following computer programs on behalf of the library:
  3. a)      A cookie;

    b)      HTML code;

    c)       Java Script; and

    d)      An operating system.

PART X – USE OF THE LIBRARY’S COMPUTERS / INTERNET CONNECTION

  1. Any person who uses:
  2. a)      a computer system owned, operated and/or controlled by the library; and/or

    b)      an Internet connection owned, controlled and/or provided by the library (including any wireless connection),

    must carry out his or her activities in a manner that is compliant with CASL.

  3. Any person who contravenes this part shall defend, indemnify and hold harmless the library and its directors, officers, employees, agents and trustees, from and against any and all complaints, claims, actions or demands resulting from, and/or arising out of, that person’s actions, including, but not limited to, for any and all regulatory proceedings, warrants, preservation demands, disclosure requests, compliance notices, administrative monetary penalties, fines, damages, injunctive relief, class actions, legal fees, expert fees and disbursements.

PART XI – TRAINING

  1. Within 60 days of the implementation of this policy, the library’s directors, officers, employees and volunteers are required to attend mandatory training on this policy (the “Training”).
  2. The Training shall be prepared and conducted by the Chief Librarian.
  3. Records of attendance at the training shall be taken and tracked by the library.
  4. New hire Training: all new directors, officers, employees and volunteers of the library shall be required to attend the training, within 60 days of joining the library and/or becoming a volunteer for the library.
  5. Refresher Training: Refresher training shall be conducted every 24 months. Attendance at the refresher training shall be mandatory on all directors, officers, employees and volunteers of the library.

PART XII – AUDIT

  1. Once every 12 months, the library shall conduct an audit of its electronic communication practices, to ensure compliance with this policy (the “Audit”). The audit shall be conducted and managed by a member of the library’s Leadership Team.
  2. Notwithstanding section 36, at the library’s sole and absolute discretion, the library may from time to time conduct an audit of its electronic communication practices to ensure compliance with this policy (the “random audit”).
  3. In the event the annual or random audit discloses discrepancies between this policy and the library’s communication practices, such discrepancies shall be addressed by the library to ensure compliance with the policy, as soon as is reasonably possible.

Revised/Approved: September 13, 2017

Approved: January 14, 2015

Next Scheduled Review: January 2022