CASL Compliance Guide
If you have people on your subscriber list who are in Canada or you’re sending messages from Canada yourself, it’s important that you understand the Canadian Anti-Spam Legislation (CASL), the risks of non-compliance and steps necessary to ensure your future compliance.
Please note that this article should not be considered legal advice, but is provided as a helpful resource to assist in the compliance process.
Understanding CASL & The Risks of Violation
The primary motivation behind CASL is to cut down on spam by ensuring the sender receives clear, proper consent to send commercial messages. CASL applies to any “Commercial Electronic Message” or “CEM” sent to and from devices in Canada.
CEM’s include emails, text messages and instant messages (not fax messages) that encourage the recipient to take part in some commercial activity. This includes any email that promotes a company, product, service or a person. Exempt messages include those sent to family, employee, consultants, receipts, quotes and transactional emails.
Penalties for violations of CASL can be a maximum of $1 Million (Individuals) and $10 Million (Businesses). After July 1st 2017, any individual party will be able to bring about a law suit to anyone they believe is sending spam.
Becoming & Staying Compliant
To comply with this legislation now and in the future, it’s important that you take a look at the following areas:
- The Structure of Your Messages
- Your Data Collection Practices
- Obtaining Consent from Current Canadian Contacts (Prior to 7/17)
The Structure of Your Message
When sending any email, you will want to make sure that you obtain consent (covered below), the sending parties are properly identified in the message and that you also provide an functional method for the recipient to unsubscribe. This includes:
- Include a Physical Mailing Address
- Identify Sending Parties by Name
- Supply Contact Information (Tel, Email or Web Address)
- Include a Method to Unsubscribe
With email campaigns managed by us, you can rest assured that you are covered in these areas mentioned above.
Your Data Collection Practices
Moving forward, it’s important to make sure that you have systems in place to allow your subscribers to clearly opt in and give you express consent either in person or in writing. In either case, it is the responsibility of the sending party to prove that they have obtained consent to send the message.
If obtaining consent in person, it needs to be either verified by an independent third party or a complete, unedited recording must be provided. This would be applicable to call centers.
When collecting consent online, requests must be extremely clear to the user and can’t be bundled in a website terms of service. This includes the checking of a box on a page which records the date, time, purpose and manner of consent stored in a database. The actual law itself doesn’t say whether it should be stored in one or more databases.
In a database, we recommend storing the subscriber consent record in a manner similar to this: 12/23/17 at 2:35 PM EST | IPADDRESS | Website Form | Primary Newsletter. By doing this, we have a complete record of the date, time, IP, manner of consent (website form) and the purpose for which the subscriber has signed up.
Examples of Opt-In Forms
Below you will find a variety of common scenarios and acceptable practices for your opt-in forms.
An Opt-In Side Bar Form
An Opt-In During Checkout Form
An Opt-In Form for Multiple Reasons
Let’s assume you want to collect someones email address in exchange for a preference, a contest registration or any other incentive other than the primary purpose being opted-in to your email list. In this scenario, you’ll want to make sure that the priority on the opt-in page is the registration to your email list followed by the actual incentive.
For example, let’s assume you are offering a downloadable eBook in exchange for their email address. In the past, you may have been able to just include some supplementary text that says “Enter your email address to access your free download” for an opt-in. Now, we need to be a little more specific.
In the example below, you’ll see that we clearly state they are going to be registered for our mailing first. Only after that do we mention the incentive.
This method can be used for surveys, contests and a variety of other applications. Alternatively, you can leave an unchecked opt-in box below the registration, but if you want to gain a new subscriber to your email list and a registration for you incentive in one single scenario, this is the way to go.
Obtaining Consent from Current Canadian Contacts (Prior to 7/17)
There is a transition period that ends on July 1st 2017 where individuals and organizations will be entitled to take a private right of action against those that violate CASL. You should make it a priority to get proper explicit consent from existing Canadian contacts on your list before that time.
It’s our recommendation that you isolate all emails with .ca at the end or that you know are located in Canada and run an express consent campaign to collect proof of opt-in. Something like this would be acceptable:
Becoming compliant with CASL may prove to be slightly challenging in the beginning, but in the long run you are protecting yourself and setting the course for a stronger rapport with your subscribers. If your subscribers clearly know what they are signed up for and are receiving transparent messaging, you can expect a higher open rate, less spam reporting and a stronger overall business relationship which will benefit you in the long run.
For more information, please visit the CASL website located at http://fightspam.gc.ca/eic/site/030.nsf/eng/home.