Everything you should know about CASL (Canadian Anti Spam Legislation)

The Canadian Anti Spam Legislation is intended to promote efficiency by establishing clear rules for consent in electronic communications. As outlined by Industry Canada, a common misconception is that this law only applies to email which is not the case. It applies to any electronic message that is sent in connection with a “commercial activity”. That includes text messages, and social media which will be held to the same standards. Also, even if the message is not meant to produce profit, the law still applies. Another important part of this law is around privacy protection. Personal information cannot be accessed illegally using a computer system or an email harvesting computer program. The installation of unsolicited software is also strictly prohibited as one might expect (viruses for example).

Here are the Facts:

  • Comes into effect on July 1, 2014
  • You need to start preparing today
  • Fines for a mistake can reach as high as $10 million

What is CASL


How does this affect your email marketing

The most important factor impacting your email marketing program is consent and the type you have. It can be broken up into one of the following:

  • Express Consent – is when the recipient gives clear permission to email them. This could be checking a box as a customer creates an account asking to receive a newsletter. It is important to note this box cannot be pre-checked. They must opt-in, not opt-out. Consent also, it cannot be in the terms and conditions of the website or sign up process.  A more difficult alternative to a check box, is getting oral or written consent but there must be a stored record of this for each instance it was obtained.
  • Implied Consent – is granted when there is an existing business or non-business relationship between the sender and recipient. A “business relationship” is one where a customer has made a purchase from the business or entered into a contract. If someone purchases something from a business, then that business can send them emails for 2 years from their purchase date under the implied consent criteria. During that time the business must obtain expressed consent in order to email them after the two year mark. Although, if this same person buys from the business again during the two year period, the clock resets and the business has two more years.

If the recipient conspicuously publishes his or her email address without specifying not to send CEMs (Commercial Electronic Message), implied consent is granted but this is only valid for 6 months. If the recipient does not become a client within 6 months, or within two years, if an existing client does not purchase, subscribe, or renew the account, no further messages can be sent.

What are the risks?

There are very aggressive penalties for individuals and organizations:

Fines up to $1 million for individuals &
$10 million for corporations, per violation

Criminal charges will be applied to individuals and organizations that make false or misleading representations regarding the sender or subject of a CEM, including vicarious liability for companies whose employees violate the law. On top of these very aggressive fines, the legislators of this law did a very poor job of defining “commercial”. As reported by The Magill Report, some sloppy wording in Canada’s anti-spam act has led the Canadian Radio-television and Telecommunications Commission to interpret it to mean that transactional emails are commercial messages and, therefore, subject to the various provisions of the law. This means marketers who want to be conservative on this law must include an unsubscribe process on all transactional email messages. That includes receipts, warranty notices and other messages that have no aspect of selling in them.

What should I do to ensure my company is compliant?

It is very important to carefully examine your database and know purchasing a list went from a no no to very illegal.

  1. Review your opt-in process for all electronic communications—including SMS and social media
  2. If there are places you are collecting emails that are run by a 3rd party, that is still your responsibility, so find out the exact process
  3. Consult with your ESP and legal counsel about any compliance gaps and systemic changes that might need to be made
  4. Develop an implementation plan, which may require establishing a “do not email” list across your organization
  5. Obtain express opt-in consent from every name on every list. That means no pre-checked boxes!
  6. Choose someone to be your CASL compliance officer and ensure they stay up to date, because there’s likely to be ongoing changes

eBook: Achieving CASL Compliance

To help you better understand the new legislation and a deep dive on how to prepare, download our eBook on Achieving CASL Compliance.

If you have questions or concerns we haven’t touched on drop us a line at hello@demacmedia.com