Avoid a $10 Million Dollar Mistake: The Canadian Anti-Spam Law
On July 1st 2014 the Canadian Anti-Spam Law came into effect.
How does it affect you?
Maybe by now you have already segmented your lists, cleaned out purchased contacts, and are in the process of requesting explicit consent from some existing contacts. If not, there is no need to panic just yet. With the transitional period currently in place, the chances of avoiding that $10 million fine are pretty good.
What is the Canadian Anti-Spam Law?
The Canadian Anti-Spam Law (CASL) is CAN-SPAM on steroids. Primarily, the CASL prohibits the sending of Commercial Electronic Messages into or out of Canada without explicit consent. This means you cannot simply update or remove all .ca emails from your list; CASL applies to any recipients or senders who access a computerized system in Canada.
What is CEM?
As defined by the Canadian Government defines Commercial Electronic Messages (CEM) as “Any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.” This includes, but is not limited to:
- Text messages
- Direct social media messaging
Although a CEM is a broad umbrella, there are electronic means of communication that are excluded from the CASL. These include:
- A single message to a recipient without an existing relationship on the basis of a referral. The full name of the referring person must be disclosed in the message.
- Current customers or those who have inquired to be customer in last 6 months
- Messages sent on behalf of a charity or political organization for the purposes of raising funds or soliciting contributions.
- Transactional Emails.
- Messages that include security information.
You will notice transactional emails are excluded from being a CEM. However, your transactional emails cannot include any promotional information in it. This means your 70:30 rule needs to be thrown out the window for your Canadian contacts and senders. You can no longer include sidebar banners, links, offers of a free trial, etc. in your transactional emails.
What Defines Consent
According to CASL, consent has been broken up into categories – implied and expressed. Implied consent can be received from various different sources. These have come to include:
- Purchased or harvested email addresses that have not explicitly requested not receive solicited emails.
- The recipient has purchased a product or service in the last 24 months from your company.
- Personally obtained business cards.
- Email address posted on a “Contact Us” page. In this case, the contents of the email must pertain to the business or role of the recipient.
- You are a charity or political organization and recipient donated, has volunteered, or attended a meeting organization.
- Messages sent to a recipient with whom the sender holds a personal relationship. Relationships strictly held through social media are not defined as a personal relationship.
Expressed consent must be obtained if your recipient does not fall into any of the above categories. The recipient must have a documented agreement to receive the emails you have expressed to be sending. However, this is not where the law ends.
Additional Aspects of the Law
The CASL requires senders to do more than just gain explicit consent. Obtaining expressed consent must follow certain guidelines and your email must content specific information.
In order to legally obtain expressed consent, you must:
- Have not obtained the recipients information from a pre-checked box. All pre-checked opt-in boxes are now illegal.
- Include clear and concise description of your purpose to obtain consent.
- Describe the messages you will send.
- Requestors name and contact information.
- State they may unsubscribe at anytime.
The following are important aspects of the CASL that are often overlooked:
- You must provide identification for yourself and the persons on whose behalf your CEM is sent. When a CEM is sent on behalf of multiple persons, then all of these persons must be identified in the CEM.
- Identification is defined as you and or your companies name, your physical mailing address, and contact information.
- If identification is too lengthy to be included in the email, a link to an external site containing the above information is allowed. The link must be readily available and free to access.
- Your email must provide a conspicuous and easily accessed unsubscribe button. Subscription must be removed in 10 days.
- The contents of your email must pertain to the information your recipient explicitly agreed to receive.
- Requests for consent are also covered by the law.
- You cannot send messages with false or misleading information in the content or header.
- May not install computer programs without the end user’s consent.
Although the above must be included to avoid conviction under the CASL, these are general practices you should already be practicing to maintain a healthy and beneficial relationship with your contacts.
Additionally, there may be further requirements that your email service provider upholds in their Terms and Agreements. Pinpointe does not have any tolerance for Spam and requires explicit consent to all recipients. Brush up on our own Terms of Service to ensure you not breaching your agreement.
As of July 1st 2014, the Canadian Radio-Television and Telecommunications Commission (CRTC), the Competition Bureau, and the Office of the Privacy Commissioner of Canada may investigate and litigate against any persons or organizations who don't adhere to CASL. Fines per violation are $1M for individuals and $10M for businesses. However, until July 1st 2017 citizens do not have the right to private legal action.
The transitional period is the three years until citizens can press charges a breach in CASL. To avoid being prosecuted during the transitional period, how you obtain your consent must follow a few regulations during the transitional periods.
The following are details about the transitional period and the consent that must be obtained:
- After July 1st 2014, you may not send to any contacts that have not given implied or explicit consent.
- No new contacts can be added under the pretense of implied consent after July 1st 2014
- After July 1st 2016, all contacts must be have given explicit consent.
What You Can Do
The first step to prepare, and continue, to safely follow CASL is to keep a record of the obtained explicit consent from all your contacts. With Pinpointe, you don’t need a massive filing cabinet with hand written dates and registration information. For any contact that fills in a form or registration form we automatically track the IP address for location and generate a timestamp of the registration.
Additionally, while updating your lists for the transitional period, consider segmenting your lists. One option is to segment geographically. This allows you to remove any recipients in Canada. If you do this, ensure you have accurate data on all your contacts locations. The second option is to segment by those you have received explicit consent versus those you only have implied consent. Make sure to get explicit consent for all your Canadian recipients by July 1st 2016.
Please note that the above information is summarized from various reputable sources to serve as a reference. This is not constituted as legal advice as I am not a lawyer. To ensure your company is 100 percent compliant, please seek additional legal counsel familiar with this subject.