Spam and other electronic threats are a real concern to individuals and businesses alike, in any location. They can range from the annoying, unwanted commercial messages that clutter inboxes, to malicious communications with devastatingly harmful consequences. To help “protect Canadians while ensuring that businesses can continue to compete in the global marketplace”, Canada passed a set of anti-spam legislation in December 2010 that entered into effect on July 1, 2014.
To be sure you and your business are in compliance with Canada’s Anti-Spam Legislation (CASL), review ALL the guidelines specified at (or send your legal team over to) fightspam.gc.ca. To get you started, here is a brief overview that hopefully won’t make your eyes glaze over:
CASL regulations apply to any “Commercial Electronic Message” (CEM) sent from or to Canadian computers and devices in Canada. Regardless of the type of organization, including charities and not-for-profit organizations, if your electronic message promotes a product, business, service, investment opportunity, or person who does one of those things and the message is sent to an electronic address such as an email account, instant messaging account, social networking accounts, text messages sent to a cell phone, or any similar account, then you are subject to the legislation.
Generally, the legislation places heavy emphasis on consent and prohibits:
With few exceptions, including existing business relationships and communications regarding purchases, express consent is now required for all commercial electronic messages. As a result, it becomes extremely important to understand the difference between express and implied consent.
Express consent exists if a person has clearly agreed (orally or in writing) to receive commercial electronic messages, the basic opt-in model. The manner in which you request express consent cannot presume consent on the part of the end-user. It is important to note that silence or inaction on the part of the end-user also cannot be construed as providing express consent. For example, a pre-checked box cannot be used, as it assumes consent. Auto opting-in abandoned shopping carts and e-receipts for promotional mail are also outlawed.
Implied consent is given when the recipient has made an inquiry or submitted an application, made a purchase, accepted a business opportunity, or bartered for something from the sender any time in the past.
Moving forward, make sure you gain a consumer’s consent prior to sending commercial electronic messages. Also worth noting, the law specifies that the onus is on the person sending the message to prove that he/she has obtained express consent to send the message.
For existing databases, the legislation includes a 36-month transitional provision relating to consent requirements, allowing businesses time to adjust. This means, if your database includes any existing subscribers that have provided implied consent only, you will need to make a request for express consent by July 1, 2017. And if you don’t have consent to send messages, you had better just not!
Under the new anti-spam legislation, your messages must not have false or misleading sender information, subject matter information, URLs and/or metadata. To comply, clearly identify yourself and your organization and include the following in every communication:
This law is already in place and carries some serious penalties. Although there are no automatic penalties, legitimate complaints about unsolicited emails may be investigated and if judged in violation, penalties for the most serious violations of the Act can go as high as $1 million for individuals and $10 million for businesses. It’s important to note that individuals and companies, including directors, officers and other agents, are responsible and liable for the messages they send.
It’s as simple as that folks. There are three general requirements for sending a CEM to an electronic address. You need (1) consent, (2) identification information, and (3) an unsubscribe mechanism. If your business is operating in the US and your marketing practices are already inline with the CAN-SPAM legislation, you should have no trouble adjusting to the new CASL rules. The main difference is CAN-SPAM is an opt-out model versus opt-in. With many other countries adopting similar models and consumers expectations and knowledge base expanding, it is time to evaluate your marketing practices and transition to an opt-in model. In addition to avoiding costly fines, you may also find that you improve deliverability, trust, and your brand’s reputation.
Note: This post provides a loose interpretation of the law and should not be taken as legal advice. Refer to information bulletins at fightspam.gc.ca and seek your own legal advice regarding how to comply.
If you need more clarification, check out these great infographics: