On July 1st, 2014 we’re going to see a dramatic change when it comes to sending out emails to Canadian IP’s. That’s right, it is the inevitable coming of CASL (Canada’s Anti-Spam Act). Most businesses that advertise, sell, or get customers through emails are at the edge of their seats screaming bloody Mary. However, if you know your facts, you can prepare and calmly await the day that changes all.
Before we jump into what you can do to make sure that CASL doesn’t ruin a good nights’ sleep, there are some raw facts that you have to know. For instance, what does CASL mean and what is its purpose? To quote the actual act itself:
“An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23.”
To take it a step further, CASL is put in place to make sure that no malicious software is sent in an email and no breach of privacy occurs – unless consent is given. It is a noble and much needed act that has had had success in its differentiated versions in countries like Australia or the United States. Another important thing to know is that after the three year transition period is over (more on that later on), the penalty of a violation by an individual can be up to $1 million, whereas for a business it can be even up to $10 million.
Does CASL concern me?
This act has been put in place with commercial business in mind. If you are a politician sending out information to citizens – you are compliant, unless you send out an email persuading citizens to buy your new neon green merch – well, you are not so compliant anymore. Registered charities are also exempt from this act.
The act concerns those who send out a CEM (commercial electronic message). What exactly constitutes a commercial message?
- Advertisement for a product, service, or even a business.
- An offer that encourages people to buy any product, information, or service.
- Promoting businesses or people. Why? Because in a way that is still ‘selling’.
There are however numerous exemptions. For instance you are ok to send one (yes, only one) email to someone by a mistake, you don’t have to worry about sending emails to employees or contractors of a company whom the CEM concerns, family relationships exempt your messages, and most of all – replies to emails are also ok.
The first step to preparing is figuring out whether your messages are of commercial nature or if they promote any sort of commercial activity. The second is to checking out what you link to in your messages. Why? Well, because any link and pages that people are taken to, are under this act too.
To be compliant or not to be.
Now that you have an idea of what CEM’s are, we’re going to assume that you are sending out commercial material.
There are three key things your messages must contain after July 1st, 2014 strikes:
- Provide identification – basically, don’t send an email with random symbols and cheeky nicknames. You need to clearly state who the sender is. If you are emailing on someone’s behalf, you need to state not only your name/company but also the person’s on whose behalf you are writing.
- Provide contact – let your recipients know where they can reach you, this makes you less suspicious and more cautious in their eyes. You must provide your mailing address and telephone number, email address, or a web address where you can be reached. Whatever information you provide, it must be accurate for at least 60 days after it has been provided.
- Provide unsubscribe mechanism – Whether you like it or not, you have to make sure that there is a visible unsubscribe link and the information provided on the unsubscribe page is valid (look point #2). It is also imperative that once someone has unsubscribed you comply with their request within 10 days.
Consider me in!
The second rule of making sure that you are compliant is consent. In fact, pick a nice typeface and put that on a giant poster in your office – When in doubt: CONSENT. There are two types of consent that will put you on the road to compliance:
1. Express consent – the more obvious type of consent which leaves little room for grey area legal interpretations, as there is no grey area! If you have provided the information stated in the previous section you are half way to the finish line! There are however two more things express consent needs to make it rock solid:
- No pre-checked boxes, as these can deceive and confuse potential subscribers. They need to make a decision to opt-in on their own.
- Confirmation links, as these make it clear that you have not barged in on someone with your product or content, they themselves confirmed their consent! – this is why double opt-ins are a great feature to have.
Make sure to keep records of any information, sign ups, IP addresses and other information that proves your “contract” with a customer who has chosen to consent. Remember, once express consent has been, well – expressed, it does not expire unless a recipient explicitly requests a termination of their consent (e.g. by unsubscribing).
2. Implied consent – this is where the grey area settles in. This is more ambiguous and prone to interpretation consent. CASL identifies three types of implied consent:
- The recipient and sender have an existing ‘business relationship’ or an existing ‘non-business relationship’. Basically, a relationship where the sender and recipient have engaged in business in a period of two years since the date that CASL goes up. Another existing relationship can be CASL compliant if in the period of six months before CASL, the recipient made an inquiry.
- A recipient who has published their email address publicly and has not underlined that he or she does not want to receive any unsolicited messages and they will receive any messages that are relevant to their field of work or interest.
- A recipient who openly has given their email address to the sender without specifically requesting that they do not wish to receive messages.
What if I don’t comply?
Unfortunately, the consequences are harsh. Starting July 1st, 2014 the Canadian Radio and Telecommunications Commission has the right to force penalties upon spammers. The maximum amount penalty that an individual can face is $1 million per violation (I repeat – per violation) and $10 million for businesses or other organisations alike. CASL will also allow recipients to apply to court to have a hearing to stop spam.
However, come January 1st, 2017 you can also expect that private rights of action will become available for any recipients. This means that they can then seek compensation for damages caused by a breach of CASL. A mere breach (one singular breach) can cost $200 and may go up to $1 million per day. What’s more – individual damages or expenses do not need to be proven, which means that penalties can be imposed whether you like it or not.
The tidal wave rolling in
There most certainly will be opportunists who will figure out every inch of CASL to gain money. But that is nothing to be afraid of! There is still some time and once July 1st hits, the transitional period (where some minor mistakes won’t cost you a fortune) is 36 months long.
Now that you know what is happening, what you can expect, and what you need to look into – take action! It is best to let key people in your email marketing strategy know what is happening, create a list of what type of messages you send and what CEM’s concern you, check what information is missing from your web forms, emails, and other pages, and get to sorting.
Slowly but surely you can check what needs to be changed or added. If you are unsure of where you stand, it is advisable to reach out to a lawyer to consult on your final stages of preparing for CASL. With some checking, lists, and patience, you do not have to fear any tides at all!