Canadian Anti-Spam Law (CASL): What You Need To Know
There has been buzz in the media now for months about the looming deadline for the Canadian Anti-Spam Law (CASL). But now that we are less than a month away from the July 1, 2014 compliance date, businesses are scrambling to ensure that their policies are in check. Many businesses have complained that this law is complex to understand and that instructions to organizations about how to best comply are unclear. So, we’ve boiled down the essentials here for you.
The basics of CASL
The CASL focuses on Commercial Electronic Messages (CEMs), which include email. The basic principle of the law is that an organization must collect prior consent before sending a CEM to an individual. This means that all subscription forms and sign-up mechanisms must collect implicit or complied consent before any CEMs are sent.
How do I know if this applies to me?
If you are sending out emails in relation to a commercial activity, it applies. The law specifically applies to a message that “has as its purpose, or one of its purposes, to encourage participation in a commercial activity.”
Are there any exceptions?
Yes, there are several exceptions, including:
- B2B communications, when two organizations have a relationship or when the CEM concerns the activities of the organization to which the message is sent
- Registered charity fundraising
- Politicians and political party fundraising
- Club, association and voluntary organization communications with members
- Communications within an organization
- Communications between two organizations that have a specified relationship
- Communications where there is a family relationship between the sender and the recipient
How do I ensure that i've captured prior consent?
Before any CEMs are sent, organizations must ensure that they have collected prior consent. This can be collected in two ways:
- Implicit consent – direct consent captured verbally or in a sign-up form, either online or in writing. This consent cannot be part of the terms and conditions.
- Implied consent – Implied consent applies to the following:
- There is an existing business relationship over the past two years.
- The consumer has made an inquiry for information in the past 6 months.
- The recipient “conspicuously published” their email address and did not state that they did not want CEMs.
Do I need to change my sign-up forms?
Any sign-up form or process must contain the following:
- The name and organization of the sender – If another organization is sending a communication on your behalf to your list, this must be clearly stated (i.e. Company X is sending this CEM on behalf of Company Y).
- The complete contact info for the sender – This includes the full mailing address and phone number, as well as the email and website address.
- An easy unsubscribe link – this link must be free and be linked directly to a webpage or email address. All unsubscribe requests must be processed immediately (within 10 days).
How else do I ensure compliance?
To ensure compliance:
- Review current lists: See if your current lists meet the criteria above. If not, you may need to send out an opt-in mailer to re-capture consent, or remove contacts from your list before July 1, 2014.
- Review your current forms and processes to ensure they comply.
- Validate with your mailing team that the following are always applied to new CEMs:
- From and reply-to addresses show the info of the sender.
- Subject lines are true to content.
- There is full contact info on every message.
- A clear opt-out is available and working.
This new law can result in very steep fines, in some cases up to $10M, so it’s important to ensure that you take steps to ensure compliance before next month’s deadline.