What You Need to Know About Canada’s Anti-Spam Law

On July 1, 2014, Canada’s new Anti-Spam Law (CASL) will take effect. Though that may seem far in the future, it’s important for email marketers to start preparing for the law today. When one email mistakenly taken for spam can rack up a $10 million fine, you’d be crazy not to. That’s why we’ve compiled everything you need to know about the CASL and the updates you’ll need to make to be in compliance.

What is the Purpose of the CASL?

According to the official CASL website, the law is intended to promote efficiency by establishing clear rules for consent in electronic communications.

It’s important to note that CASL applies to any electronic message sent in connection with a “commercial activity.” This means texts and social media will be held to the same standards as email. What’s more, even if the message isn’t intended to produce a profit, it still comes under the jurisdiction of CASL if it’s in a commercial context.

In addition to spam, the CASL also addresses privacy protection. The law prohibits the collection of personal information by illegally accessing a computer system or utilizing an email-harvesting computer program. It also prohibits the unsolicited installation of computer programs (i.e. viruses) and the alteration of data in transit via an electronic message.

What Does the CASL Change In Regards to Email Marketing?

The big focus of the CASL is consent. Anyone who sends commercial electronic messages (CEMs) within, from or to Canada needs the permission of the recipient before sending the message with very few exceptions.

Consent may be written, such as when the recipient fills out a consent form or checks a box on your website. Consent may also be verbally stated. If it’s written, make sure to store the date, time, purpose and manner of the consent in your database. If the consent is oral, obtain an unedited audio recording. And here’s a big change: You can no longer assume consent by pre-checking an opt-in box or including consent language in your terms and conditions of use or sale.

But what about implied consent? This is where things get tough. Implied consent may still apply, but only in three very limited situations:

• If you are sending an email as a result of an existing business or non-business relationship
• If the recipient conspicuously publishes his or her email address without specifying not to send CEMs
• If the recipient willingly sends you his or her email address without specifying not to send CEMs

However, implied consent becomes invalid after six months if the recipient does not become a client and in two years if an existing client does not purchase, subscribe or renew the account.

The CASL also requires you to provide recipients with information that identifies the sender and enables the recipient to withdraw consent. This must include:

• The name of the person or organization requesting consent (or the name of the person on whose behalf consent is sought)
• Contact information that is valid for at least 60 days after the CEM is sent, including a mailing address and either a website, email address, phone number or voice message system where recipients can receive more information
• The identity and contact information of any affiliate or third party used to obtain consent
• A free unsubscribe mechanism that provides recipients two ways to electronically opt-out of all CEMs sent by you or a third party partner, which must take effect within 10 days

For individuals and organizations that violate these regulations, the penalties are painful:

• Fines up to $1 million for individuals and $10 million for corporations, per violation
• Criminal charges for individuals and organizations that make false or misleading representations regarding the sender or subject of a CEM, including vicarious liability for companies whose employees violate the law

Additionally, the Private Right of Action, which comes into force July 1, 2017, allows individual victims to file civil charges and seek damages of $200 per violation and up to $1 million per day.

What Steps Should I Take to Comply with the CASL?

The real question is, “How well do you know your database?” You can no longer dust off an old list and start sending emails if you don’t know whether you have any Canadian recipients and whether those recipients have opted in. And it’s simply not enough to look for obvious domains that end in “.ca”; the stakes are just too high, the penalties too severe.

Instead, we recommend email marketers meticulously check every list they own:

1. Review your opt-in process for all electronic communications-including text and social media- to see what changes need to be made
2. Review any cross-marketing initiatives with affiliates or third-party partners
3. Consult with your ESP and legal counsel about any compliance gaps and systemic changes that might need to be made
4. Develop an implementation plan, which may require establishing a central “do not email” list to ensure compliance across your organization
5. Obtain express opt-in consent from every name on every list
6. Identify who in your organization will be responsible for monitoring compliance on an ongoing basis

As we all know, dirty data and poor email acquisition practices can give all email marketers a bad name. But by understanding the laws and following generally accepted standards, your emails will make it to your customers’ inboxes, boost your conversions and avoid racking up crazy fines!

Do you have additional questions about compliance with CASL? Contact TowerData today for help!

Photo Credit: Ian Muttoo