Important: this article explains CASL in plain terms and is not legal advice. For complex situations, consult a lawyer familiar with Canadian privacy law. The CRTC enforces CASL; PIPEDA is enforced by the Privacy Commissioner of Canada — they are separate regimes.
What CASL covers (and what it doesn't)
CASL regulates Commercial Electronic Messages (CEMs) — emails, text messages, and social media direct messages sent for a commercial purpose. It does not cover phone calls. If you're calling leads from your Shovel Radar file, CASL does not apply to those calls at all. The CRTC's National Do Not Call List (DNCL) is a separate (and simpler) regime — see below.
Cold calling is unrestricted under CASL. Phone outreach is governed by the DNCL, not CASL. Before calling, check the lead's number against the National DNCL at lnnte-dncl.gc.ca. Registered businesses typically exempt from DNCL provisions when called on their registered business line.
CASL and cold email: the three requirements
To send a cold commercial email under CASL, you need three things in every message:
1. Consent (implied or express)
For B2B contacts in a public registry (business licence, permit applicant, or directory), implied consent applies when:
- The recipient is a registered business with a publicly published email address or contact information, and
- Your message is relevant to their business role or the business activity that caused them to appear in the dataset.
All Shovel Radar records meet these criteria — they come from public open-data sources where the business published its information voluntarily as part of a permit application or business licence registration.
2. Identification
Your message must identify: (a) your name, (b) your company name, and (c) your contact information (mailing address or phone number). These must be in the message body — not just in an email signature.
3. Unsubscribe mechanism
You must include a working unsubscribe mechanism in every email you send. The recipient must be able to unsubscribe with no more than two clicks, and you must honour unsubscribe requests within 10 business days.
The simplest approach: add a line like "Reply STOP to this email if you don't wish to receive further messages from [Your Company]" and honour those replies by removing the address from your outreach list.
CASL-safe email template
I noticed [Business Name] recently [pulled a permit for / received a business licence for] [project scope or address]. I'm reaching out because [Your Company] provides [relevant service] to businesses in [city], and I wanted to see if there's a fit.
If this isn't the right time, just let me know and I won't follow up again. If you'd like to chat, [calendar link / phone number].
Best,
[Your Name]
[Your Company] | [Your Phone] | [Your Mailing Address]
To unsubscribe from future emails: reply to this message with "STOP" in the subject line.
That footer satisfies all three CASL requirements: identification (name, company, phone, address) and unsubscribe mechanism (reply STOP). The implied consent comes from the lead appearing in a public open-data registry relevant to your service.
What you cannot do
Do not:
- Send email without an unsubscribe mechanism.
- Ignore unsubscribe requests — you must remove the address within 10 business days.
- Use the data to send automated bulk email (blast sends to the entire file at once). The data is licensed for human-executed outreach, not automated mass email campaigns.
- Share, resell, or distribute the data to third parties — this violates your subscriber licence, not just CASL.
- Contact leads that have submitted a deletion request via shovelradar.com/privacy.html.
PIPEDA and privacy
PIPEDA governs the collection, use, and disclosure of personal information in commercial activities. The data Shovel Radar delivers is commercial-business contact information — business names, business addresses, business permit records — not personal information about individuals. This places it outside PIPEDA's core scope.
The exception: sole proprietors whose business name is their personal name. Treat those records with the same care you'd give any personal contact information, and honour any deletion requests promptly.
For data deletion requests, see help/data-deletion.html.
National Do Not Call List (DNCL)
If you're calling leads by phone, check numbers against the DNCL before calling: lnnte-dncl.gc.ca. Registered business lines that are publicly listed are generally exempt from DNCL registration, but the check is fast and free — worth doing on any individual who might be a sole proprietor.
Further reading
- CASL for Canadian contractors — full article with more examples
- Canada's official CASL guidance (fightspam.gc.ca)
- Shovel Radar Privacy Policy
- Data deletion requests