Canada’s Anti-Spam Legislation: Consent and Burden of Proof

So far in our series about Canada’s Anti-Spam Legislation (CASL) we have covered the basics and commercial electronic messages. In this post we will cover the different types of consent and the burden of proof.

Consent = Permission

There are two different types of consent that apply to CASL, express and implied. Express consent means an individual must take affirmative action to “opt-in” to your list willingly. Implied consent is when a relationship exists, but the recipient is added to your list without any affirmative action.

With both types of consent there a is “burden of proof” that is required. This means that it is your responsibility to track, record, and document the information necessary to prove that you have consent to be contacting that person. Best practices include ensuring that all records of your compliance procedures and policies are maintained, and that proof of consent is documented and tracked. This information may support a due diligence defense at a later point in time if your firm is ever called into question.

So let’s see this in action….

EXPRESS CONSENT

Jeff's Business Card

You collect someone’s business card and after meeting them send an email to confirm that you met them and they have requested more information or to be added to a list. This allows you to have the necessary information needed for the burden of proof.

Filled out form

 

Someone fills out a form on your website with the intent of being placed on your list. A confirmation email would then be sent which requires a recipient to click a link to confirm they wish to be placed on the list. When they click the link, the date/time and IP stamp should be recorded.

Phone

A person gives you their email address over the phone with the intent of being placed on your list. The same process of sending a confirmation email applies, but express consent could be proven if you recorded the conversation for each recipient.

IMPLIED CONSENT

Interest

If someone expresses interest in your business as part of the sales process or enters their email address on your website to download educational material, they are to be considered “prospects” and implied consent is given to send commercial electronic messages for a period of 6 months only.

 

 

 

 

Checkmark

If a recipient is added automatically or is required to un-check a box to opt-out during a process, this method is considered implied and not express consent under CASL. As a best practice this should be avoided anyways as it will typically generate a large volume of emails flagged as spam which negatively affects your reputation as a sender. In order for it to be express consent, a recipient must go through an opt-in mechanism, as opposed to opt-out. The end-user must take a positive action to indicate their consent.

Check back as our next post will cover the fine print of CASL and processes that can be used during the three-year transition period in case you are not going to meet the July 1st deadline!

Canada’s Anti-Spam Legislation: Commercial Electronic Messages

In our previous post about Canada’s Anti-Spam Legislation we briefly covered the law and provided some recommendations and considerations. In this post we will cover Commercial Electronic Messages. As defined by the law a Commercial Electronic Message (CEM) is any electronic message that “encourages participation in a commercial activity” regardless of whether there in an expectation to profit. CEMs include:

  • Emails
  • Instant messages
  • Text messages
  • Any other electronic correspondence

Examples of CEMs:

  • Offers to purchase, sell, barter or lease a product, goods, a service
  • Offers to provide a business, investment or gaming opportunity
  • Promoting a person, including the public image of a person, as being a person who does anything referred to above, or who intends to do so

Parts of a message to examine to determine if it encourages participation in a commercial activity include:

  • Content of the message
  • Hyperlinks in the message to website content or a database
  • Contact information in the message

Accordingly, businesses should consider removing all promotional messaging, including messaging promoting the business itself (e.g. an award or ranking) from electronic messages that are not categorized by the business as being a CEM to avoid having such messages caught by CASL.

In our post next week we will cover the four key requirements of CASL and specifically the types of consent and the burden of proof.

Canada’s Anti-Spam Legislation: Is Your Firm Prepared?

With Canada’s Anti-Spam Legislation entering into effect in two weeks, this blog series will focus on how to become and remain compliant. Once the law is in force, it will help to protect Canadians while ensuring that business can continue to compete in the global marketplace.

If you haven’t already determined if the law applies to your firm, it is critical to understand that CASL applies to any commercial electronic messages (CEMS) where a computer system located in Canada is used to send or access the electronic message. Here is a great infographic created by CakeMail to help you determine if CASL applies to your firm:

CASL Infographic

With the impact of CASL and the scope of its liability, it is crucial for firms who are impacted to have a strategy in place. Here are a few recommendations we suggest considering if you haven’t already:

  • Review all existing communication practices internally
  • Assess whether your communications are CEMs and whether they are subject to CASL
  • Determine which entity in your organization should “own” the consents
  • Take steps to collect necessary express consents in the next two weeks. This cannot be done after July 1, 2014 using CEMs
  • Identify such communications where consents are not required but the informational requirements and formalities are still required
  • Develop a database of your contacts that enables all consents to be tracked, retained and retrievable; and allows any waiver or variation of such consent to be readily tracked and implemented
  • Maintain policies to ensure that CEMs are not sent where there is no consent or where implied consent has expired
  • Create and maintain an easy-to-use and effective unsubscribe mechanism for the CEMs
  • Ensure that all records of your compliance procedures and policies are maintained (as such documentation may support a due diligence defense at a later point in time)

To learn more about the key requirements of CASL and how to become and remain compliant check back for our latest post in the series.