The Canadian Anti Spam Legislation is intended to promote efficiency by establishing clear rules for consent in electronic communications. As outlined by Industry Canada, a common misconception is that this law only applies to email which is not the case. It applies to any electronic message that is sent in connection with a “commercial activity”. That includes text messages, and social media which will be held to the same standards. Also, even if the message is not meant to produce profit, the law still applies. Another important part of this law is around privacy protection. Personal information cannot be accessed illegally using a computer system or an email harvesting computer program. The installation of unsolicited software is also strictly prohibited as one might expect (viruses for example).
Here are the Facts:
- Comes into effect on July 1, 2014
- You need to start preparing today
- Fines for a mistake can reach as high as $10 million
What is CASL
How does this affect your email marketing
The most important factor impacting your email marketing program is consent and the type you have. It can be broken up into one of the following:
- Express Consent – is when the recipient gives clear permission to email them. This could be checking a box as a customer creates an account asking to receive a newsletter. It is important to note this box cannot be pre-checked. They must opt-in, not opt-out. Consent also, it cannot be in the terms and conditions of the website or sign up process. A more difficult alternative to a check box, is getting oral or written consent but there must be a stored record of this for each instance it was obtained.
- Implied Consent – is granted when there is an existing business or non-business relationship between the sender and recipient. A “business relationship” is one where a customer has made a purchase from the business or entered into a contract. If someone purchases something from a business, then that business can send them emails for 2 years from their purchase date under the implied consent criteria. During that time the business must obtain expressed consent in order to email them after the two year mark. Although, if this same person buys from the business again during the two year period, the clock resets and the business has two more years.
If the recipient conspicuously publishes his or her email address without specifying not to send CEMs (Commercial Electronic Message), implied consent is granted but this is only valid for 6 months. If the recipient does not become a client within 6 months, or within two years, if an existing client does not purchase, subscribe, or renew the account, no further messages can be sent.
What are the risks?
There are very aggressive penalties for individuals and organizations:
Fines up to $1 million for individuals &
$10 million for corporations, per violation
What should I do to ensure my company is compliant?
It is very important to carefully examine your database and know purchasing a list went from a no no to very illegal.
- Review your opt-in process for all electronic communications—including SMS and social media
- If there are places you are collecting emails that are run by a 3rd party, that is still your responsibility, so find out the exact process
- Consult with your ESP and legal counsel about any compliance gaps and systemic changes that might need to be made
- Develop an implementation plan, which may require establishing a “do not email” list across your organization
- Obtain express opt-in consent from every name on every list. That means no pre-checked boxes!
- Choose someone to be your CASL compliance officer and ensure they stay up to date, because there’s likely to be ongoing changes
eBook: Achieving CASL Compliance
To help you better understand the new legislation and a deep dive on how to prepare, download our eBook on Achieving CASL Compliance.
If you have questions or concerns we haven’t touched on drop us a line at firstname.lastname@example.org