CASL Compliance: What You Need to Know

It’s not too late to get compliant!

The three-year transition period for the Canadian Anti-Spam Legislation (CASL) ends on July 1, 2017; however,  there is one piece you don’t have to worry about (at least for now) — the Canadian government has suspended the private right of action which would have allowed individuals to sue anyone for sending spam. Earlier this month, the Canadian government announced:

Canadians deserve an effective law that protects them from spam and other electronic threats that lead to harassment, identity theft and fraud. At the same time, Canadian businesses, charities and non-profit groups should not have to bear the burden of unnecessary red tape and costs to comply with the legislation. 

The Government supports a balanced approach that protects the interests of consumers while eliminating any unintended consequences for organizations that have legitimate reasons for communicating electronically with Canadians. 

For that reason, the Government will ask a parliamentary committee to review the legislation, in keeping with the existing provisions of CASL.

So, what does this mean for you? No matter your location, if you send commercial electronic messages (email, text, or instant messages) to anyone with a Canadian address, you must still comply with CASL. Violations may result in steep fines from the government not to mention the potential damage to your firm’s reputation or your relationships with clients and contacts.

While many of you have likely taken the necessary steps to ensure compliance, there is still time for those of you who have not. Here are a few suggestions:

  • Visit the Canadian government’s site at http://fightspam.gc.ca to familiarize yourself with CASL and any recent updates.
  • Review your mailing lists. If you don’t have a record of consent, get it now!
  • Update your email templates to include:
    • Company name
    • Physical mailing address
    • Telephone number
    • Email address
    • Website URL
    • Unsubscribe option
      • Unsubscribe requests must be processed within ten days of receipt

Effective July 1, 2017, you may only send messages to those with express consent. There are two exceptions to this: you may send messages to individuals up to two years after a purchase or up to six months following an inquiry, but it is recommended that you obtain consent during this time.

Lawyers, accountants and others in professional services industries may be understandably concerned about their ability to reach out to referrals. A single message on the basis of a referral is allowed with the following stipulations:

  • The message must include the full name of the person making the referral
  • The referrer should have a relationship (familial or otherwise) with the person to whom you’re sending the message

CASL is a complex law and it is likely that questions will continue to arise. If you have questions about CASL compliance, or how you can use ContactEase or additional products, such as Mailing List Manager, to ensure that your firm remains compliant, contact us!

If you are working with a third party email system, you may find that their policies are stricter than the CASL requirements. You will also likely find that most of these concerns have already been addressed for you.

Did you know that ContactEase now integrates with Constant Contact and other email systems? Contact us today to learn more about this exciting add-on feature!

Advertisements

Canada’s Anti-Spam Legislation: Consent and Burden of Proof

So far in our series about Canada’s Anti-Spam Legislation (CASL) we have covered the basics and commercial electronic messages. In this post we will cover the different types of consent and the burden of proof.

Consent = Permission

There are two different types of consent that apply to CASL, express and implied. Express consent means an individual must take affirmative action to “opt-in” to your list willingly. Implied consent is when a relationship exists, but the recipient is added to your list without any affirmative action.

With both types of consent there a is “burden of proof” that is required. This means that it is your responsibility to track, record, and document the information necessary to prove that you have consent to be contacting that person. Best practices include ensuring that all records of your compliance procedures and policies are maintained, and that proof of consent is documented and tracked. This information may support a due diligence defense at a later point in time if your firm is ever called into question.

So let’s see this in action….

EXPRESS CONSENT

Jeff's Business Card

You collect someone’s business card and after meeting them send an email to confirm that you met them and they have requested more information or to be added to a list. This allows you to have the necessary information needed for the burden of proof.

Filled out form

 

Someone fills out a form on your website with the intent of being placed on your list. A confirmation email would then be sent which requires a recipient to click a link to confirm they wish to be placed on the list. When they click the link, the date/time and IP stamp should be recorded.

Phone

A person gives you their email address over the phone with the intent of being placed on your list. The same process of sending a confirmation email applies, but express consent could be proven if you recorded the conversation for each recipient.

IMPLIED CONSENT

Interest

If someone expresses interest in your business as part of the sales process or enters their email address on your website to download educational material, they are to be considered “prospects” and implied consent is given to send commercial electronic messages for a period of 6 months only.

 

 

 

 

Checkmark

If a recipient is added automatically or is required to un-check a box to opt-out during a process, this method is considered implied and not express consent under CASL. As a best practice this should be avoided anyways as it will typically generate a large volume of emails flagged as spam which negatively affects your reputation as a sender. In order for it to be express consent, a recipient must go through an opt-in mechanism, as opposed to opt-out. The end-user must take a positive action to indicate their consent.

Check back as our next post will cover the fine print of CASL and processes that can be used during the three-year transition period in case you are not going to meet the July 1st deadline!

Canada’s Anti-Spam Legislation: Commercial Electronic Messages

In our previous post about Canada’s Anti-Spam Legislation we briefly covered the law and provided some recommendations and considerations. In this post we will cover Commercial Electronic Messages. As defined by the law a Commercial Electronic Message (CEM) is any electronic message that “encourages participation in a commercial activity” regardless of whether there in an expectation to profit. CEMs include:

  • Emails
  • Instant messages
  • Text messages
  • Any other electronic correspondence

Examples of CEMs:

  • Offers to purchase, sell, barter or lease a product, goods, a service
  • Offers to provide a business, investment or gaming opportunity
  • Promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so

Parts of a message to examine to determine if it encourages participation in a commercial activity include:

  • Content of the message
  • Hyperlinks in the message to website content or a database
  • Contact information in the message

Accordingly, businesses should consider removing all promotional messaging, including messaging promoting the business itself (e.g. an award or ranking) from electronic messages that are not categorized by the business as being a CEM to avoid having such messages caught by CASL.

In our post next week we will cover the four key requirements of CASL and specifically the types of consent and the burden of proof.

Canada’s Anti-Spam Legislation: Is Your Firm Prepared?

With Canada’s Anti-Spam Legislation entering into effect in two weeks, this blog series will focus on how to become and remain compliant. Once the law is in force, it will help to protect Canadians while ensuring that business can continue to compete in the global marketplace.

If you haven’t already determined if the law applies to your firm, it is critical to understand that CASL applies to any commercial electronic messages (CEMS) where a computer system located in Canada is used to send or access the electronic message. Here is a great infographic created by CakeMail to help you determine if CASL applies to your firm:

CASL Infographic

With the impact of CASL and the scope of its liability, it is crucial for firms who are impacted to have a strategy in place. Here are a few recommendations we suggest considering if you haven’t already:

  • Review all existing communication practices internally
  • Assess whether your communications are CEMs and whether they are subject to CASL
  • Determine which entity in your organization should “own” the consents
  • Take steps to collect necessary express consents in the next two weeks. This cannot be done after July 1, 2014 using CEMs
  • Identify such communications where consents are not required but the informational requirements and formalities are still required
  • Develop a database of your contacts that enables all consents to be tracked, retained and retrievable; and allows any waiver or variation of such consent to be readily tracked and implemented
  • Maintain policies to ensure that CEMs are not sent where there is no consent or where implied consent has expired
  • Create and maintain an easy-to-use and effective unsubscribe mechanism for the CEMs
  • Ensure that all records of your compliance procedures and policies are maintained (as such documentation may support a due diligence defense at a later point in time)

To learn more about the key requirements of CASL and how to become and remain compliant check back for our latest post in the series.