Am I CASL compliant?

Am I CASL compliant?

Summary

On July 1, 2014 the Canadian Anti-Spam Legislation (CASL) came into effect. This not only affects how Canadian businesses send emails, but also any business that sends marketing emails to Canadian recipients. It is designed to combat unsolicited email, while it also tackles Malware proliferation, hacking and identity theft.

If you send marketing emails from Canada, or if you send marketing emails to anyone in Canada regardless of where your company is based, or even if your recipients access their emails from Canada, then CASL is directly applicable to you and your business.

Please note - if you're unsure of any of the above, it is your business' responsibility to find out.

Enforcement of CASL is carried out by by three different agencies – the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau, and the Office of the Privacy Commissioner of Canada. Penalties for infringing the law can range from up to C$1 million for individuals, and C$10 million for companies. The CRTC has the ability and authority to operate trans-border, and to bring proceedings against offshore organizations. These two factors combined makes CASL even more stringent than America’s CAN-SPAM Act or European PECR laws.


In light of this, it's best to make sure you're compliant! And we can help with that.

Overview of CASL

In addition to the full CASL text above, we provide an overview of it below. In general, we feel CASL follows existing email marketing best practices. However, we'd highly recommend that your legal team review CASL’s regulatory documents in order to understand all of its consequences.

1. Firstly, it’s important to note the Canadian Government’s definition of a marketing email:

 “[A Commercial Electronic Message] is an electronic message sent by any means of telecommunication that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.”

81000-2-175 (SOR/DORS) Canadian Government

2. The second main feature is the definition of consent. CASL separates consent into two categories - express consent and implied consent.

Express consent: Express consent means that a recipient has explicitly asked to receive your emails, either through a clearly labeled webform, a signup link in a service email (e.g. purchase receipt) or has clearly opted in at some point during the purchase phase.

Implied consent: Many businesses currently operate on ‘implied consent’ with regards to who they believe has opted into their marketing lists. Implied consent means that a relationship exists between customer and organization, but the recipient has not explicitly asked to receive emails – for example, after a purchase.

Under CASL, ‘implied consent’ expires after 24 months. After this point, your marketing emails are considered unsolicited and liable. Express consent has no expiry point (until your recipient unsubscribes, that is).

Implementation period

The Canadian Government has given all businesses until July 1, 2017 to collect and demonstrate express consent from their current marketing lists.

More information on CASL is available directly from the Government of Canada’s website at fightspam.gc.ca.

Helping to make you CASL compliant

If you follow best practice guidelines, you may be CASL compliant already. However, there are a few simple steps that you can take to ensure your compliance.

  • Make sure all of your contacts have a ‘last subscribed’ date. This is recorded by default for any contacts subscribing from October 15, 2014 onwards. For contacts who last subscribed prior to this date, 'Unknown' will be displayed. 

    However, you can set the 'last subscribed' date by uploading or re-uploading contacts in an Excel or .CSV file and including it as a column called 'lastsubscribed'. Alternatively you could manually enter a last subscribed date by editing a contact record. 

    last_subscribed_edit_contact.png

    It means you're able to establish at a glance when someone subscribed, no matter if they completed a signup form, came through a manual import, a survey, the API – anywhere. Additionally, this date can be included in your exports for easy reporting.

  • Ensure you use the default unsubscribe page, which clearly explains what unsubscribing means, so there's no confusion. It makes the point that by unsubscribing the contact will no longer receive commercial and marketing related messages, but one-to-one emails (such as responses to password reset requests) and transactional emails (such as order or shipping confirmations) will still be sent. 

    unsub_default_message.png

  • Ensure you include a brief synopsis of what your contacts will receive when signing up. You can do this by filling in the 'Description' field when creating a signup form. It allows you to express ‘the purpose’ of consent. If you use the surveys and forms tool for signups, then of course you can include the purpose as you’ve always done.

    sign_up_form_description.png