Login Enterprise
Speak to an Email Marketing Expert
877-789-ELITE (3548)
 
For the most complete information about CASL (Canada’s Anti-Spam Legislation)
please review the complimentary

Elite Email CASL Survival Guide

It took nearly 10 years of hard work and much debate, but Canada’s new anti-spam legislation (known as CASL, or Bill C-28 for those that like to get technical) now has a start date.

All marketers in Canada and elsewhere need to circle July 1, 2014 on their calendars because this is the milestone moment when arguably the world’s toughest spam law will take effect.

It’s been a long journey for this game-changing piece of legislation that has it’s original roots way back in 2004 when the Task Force on Spam was established. Canada was on a mission to wage war on unsolicited email (…cue the fight music…!). After much effort, the bill gained Royal Assent in December 2010 but that set off a slew of debates, complaints, concerns and general wariness about whether this new law would actually afford Canadian inboxes with more protection or just add to the administrative burden of businesses.

On November 28, 2013, the Treasury Board of Canada President (and all around anti-spam superhero), Tony Clement approved the final Industry Canada regulations. These final regulations will be published in The Canada Gazette on December 18, 2013, but at this point we essentially know what is covered.

Yesterday, on December 4, 2013, Industry Minister James Moore announced that Canada’s anti-spam law (CASL) will come into force on July 1, 2014 with these wise words:

Our government does not believe Canadians should receive emails they do not want or did not ask to receive. These legislative measures will protect consumers from spam and other threats that lead to harassment, identity theft and fraud. We are prohibiting unsolicited text messages, including cellphone spam, and giving Canadian businesses clarity so they can continue to compete in the online marketplace.”

This announcement gives marketers 6 months to whip their mailing lists & other databases into shape to ensure CASL compliance.

For those that want to really get into the nitty-gritty details, CASL is actually being rolled out in a phased deployment. Although the bulk of the CASL regulations that impact marketers will take effect on July 1, 2014, there are some components only taking effect down the road.

Here is the technical breakdown from the official order:

  • July 1, 2014 as the day on which sections 1 to 7, 9 to 46, 52 to 54, 56 to 67 and 69 to 82 of the Act, subsections 12(2) and 12.2(2) of the Personal Information Protection and Electronic Documents Act, as enacted by section 83 of the Act, subsection 86(2), section 88 and subsection 89(1) of the Act come into force;
  • January 15, 2015 as the day on which section 8 of the Act comes into force; and
  • July 1, 2017 as the day on which sections 47 to 51 and 55 of the Act come into force.

Based on this, it would appear that starting in July 2014 the government is enforcing the administrative monetary penalty for those that violate the new set of rules. It should be noted there are actually three government agencies tasked with enforcing CASL: Competition Bureau of Canada, Office of the Privacy Commissioner of Canada, & Canadian Radio-television and Telecommunications Commission (CRTC).

Then, in July 2017, things go a bit broader because individuals will be able to apply to the courts to seek compensation for CASL violations. Of course, things may change between now and then, but certainly having individuals file CASL claims takes things to a whole new level because now anyone and everyone can be enforcer of the stringent new rules.

CASL Timeline:

  • May 25, 2010 :: Bill C-28 First Reading
  • Dec. 15, 2010 :: Royal Assent (Passed)
  • July 2011 :: Regulations Drafted
  • July 2011 :: Regulations “gazetted” for Review
  • Sept. 7, 2011 :: Draft Regulations Comment Deadline
  • Mar. 2012 :: CRTC Regulations Gazetted
  • Jan. 5, 2013 :: Industry Canada Draft Regulations Published for Comment
  • Mid 2013 :: Industry Canada Final Regulations
  • July 1, 2014 :: CASL Takes Effect (or at least the majority of the rules)
  • January 15, 2014 :: CASL Rules Related to Installing Computer Programs Takes Effect
  • July 1, 2017 :: CASL Rules Related to People Bringing CASL Violations to the Courts Takes Effect

CASL is not something that can be ignored. So, if you’re one of those marketers who has been turning a blind eye to this, secretly hoping that the new law would never rock your world, then it’s time to wake up and face the music. The penalties for violations are intense (… Canada is not messing around with this!…) and can go as high as a $1 million fine for an individual or $10 million for companies.

Or, maybe you’re the marketer in the USA (or any other country) who is saying “Oh Canada…. who cares about their rules, they don’t effect me…”. Well, you are wrong. Very very wrong. The new regulation doesn’t only effect Canadian organizations, it effects anyone who sends a commercial electronic message (CEM) that is accessed from a device in Canada. What this means is that if you’re a retail store in Florida, but you’ve got some folks on your mailing list who live in Canada (and probably visited your establishment when escaping the cold Canadian winter), then CASL is fully in effect when you message them. The CRTC (in Canada) will be working closely with the Federal Trade Commission (FTC) in the USA to enforce the new laws. So, playing the “but I’m in America” card, will not work!

It should also be noted that CASL isn’t just an “email” law (similar to the CAN-SPAM Act), it covers other digital channels such as text messages (SMS). That means becoming CASL-compliant isn’t an exercise focused exclusively on email mailing lists, but other databases as well.

Show Me The Money Consent

Is it still OK to be using quotes from Jerry Maguire? I figure if CASL started in 2004, then referencing a movie from 1996 is fair game…. and, I’m going to use that to drive home the point that what people are going to be talking about in regards to the new CASL rules is consent, consent, consent.

So much of the new regulations are rooted in acquiring proper express consent to ensure you are only sending messages to people that specifically asked for them. Gone are the days of tricking people into joining your mailing list; gone are the days of having a small pre-checked box that secretly said “receive future emails”; and really gone are the days of doing anything that is not out in the open and super obvious. Keep in mind, the goal of CASL isn’t to stop the use of email/SMS for commercial messages, the goal is to make sure that people only get the messages they asked for.

It should be mentioned that there is no special “grandfather” clause for existing databases. Just because you’ve been emailing someone, does NOT mean you can continue emailing them if you haven’t gotten affirmative consent. This means you need to comb back through your database and anyone you don’t have a really solid opt-in paper trail for, you will need to re-confirm.

There are certainly some exemptions to the new intense explicit consent rules, but the majority of these won’t apply in a typical email marketing or text message marketing scenario. Exemptions include:

  • Messages between organizations that already have a relationship
  • Messages sent internally within an organization
  • Messages sent on behalf of registered charities
  • Messages sent on behalf of a political party or political candidate
  • Messages sent based on a referral made by a third party (although the third party must be disclosed)
  • Messages sent to existing family and personal relationships (phew, your mom can’t sue you for $1 million for inviting her to Sunday brunch!)

OK, I Get It… This is Serious…. What Do I Do Now?

First, take a deep breath. So many marketers are going into panic mode and that is both unnecessary and not helpful.
You still have 6 months to get organized, so we’re not in an emergency situation.

In my previous post All About CASL (Canada’s Anti-Spam Legislation) in Plain English I have an entire section about what you should be doing to prepare. That to-do list is still very accurate and will certainly provide an excellent starting point on the road to becoming CASL compliant.

I should also mention that if you are a customer of Elite Email with a signup form (or link to Subscription Center) on your website, then you are already following the proper double opt-in process that CASL requires. After someone signs up through that form/link, they are sent a welcome/confirmation email to double-check they want to join your list. We capture that confirmation consent, date stamp, and log the IP, so you have that paper trail automatically. On the mobile marketing side, we have already made updates in response to the recent TCPA Guidelines, which really overlaps a lot with CASL in relation to SMS/text-message marketing. This means you can easily enable a double opt-in process on your mobile channels as well.

Will This End Up Being Good For Legitimate Marketers?

For now this new set of regulations is going to add a lot of work for marketers…. and no one likes “extra work”. So, in the short term, there will be grunts and groans.

However, there is a school of thought that once all the dust settles and everyone gets off the ledge (don’t jump!), legitimate marketers will actually have a better & easier time of getting their message through. Since non-compliant messages will be weeded out, we’re going to end up in an era where people really only get the emails they asked for. This means that the average consumer won’t have to sift through unwanted email to find your wanted message. It may only be your fully CASL compliant message sitting in their inbox, where they can eagerly see it, open it, and interact with it. Of course, only time will tell whether there is a net ROI gain for marketers who may see their list size decrease but engagement increase, but certainly there does remain a silver lining as everyone works towards implementing CASL compliance.

CASL Goes Live July 1, 2014

This blog post is intended to provide our general comments on the new law. It is not intended to be a comprehensive review nor is it intended to provide legal advice. Readers should not act on information in the publication without first seeking specific advice from their lawyer. In short, I am not a lawyer, nor do I pretend to be a lawyer.

 
For the most complete information about CASL (Canada’s Anti-Spam Legislation)
please review the complimentary

Elite Email CASL Survival Guide

If you’re an email marketer you have undoubtedly heard of CASL, which is the acronym for “Canada’s Anti-Spam Legislation”.

Does this new set of rules apply to you? YES!
Do you need to care about it? YES
Do you understand it? Well, uhh, hmm, kind of, maybe….

There’s lots of information about CASL already available online, but a lot of it is complicated, often riddled with legal jargon, and frankly just not written in plain English so you can gain some sort of handle on what this is all about. That is why we have customers calling us and saying they’ve read all about the new laws, but don’t understand it and are more confused when they started.

Let’s fix that and get you up to speed on the who, what, where, when and why of Canada’s Anti-Spam Legislation!

What is CASL (Canada’s Anti-Spam Legislation)?

CASL is the Canadian Government’s new weapon (or so they hope) in the fight against spam. It outlines new requirements and rules for how commercial electronic messages (CEM) are sent. The highlight reel for the goals of CASL are to prohibit:

  • Spamming (…I’m a prince from a far off land, can I borrow your bank account to park my billions of dollars…) [section 6]
  • Hacking (… imagine what I could do if I controlled your computer…) [section 7]
  • Malware / Spyware (…you didn’t know it, but you just installed a program on your computer so prepare for nonstop pop-up banner ads…) [section 8]
  • Fraud (… this week we’re having a 75% off sale… but surprise, it’s really only 15%….) [section 75]
  • Harvesting (… I’ll build a big email database by grabbing every email address ever published on the web…) [section 82 (2)]
  • Privacy Invasions (… I’ll just help myself to all of your personal information even without your permission…) [section 82 (3)]

The stated purpose of the law is: “An Act to promote the efficiency and adaptability of the Canadian economy.”

Does This Law Affect Me?

Are you sending email from Canada? If so, the answer is yes.

Are you sending email to anyone in Canada even if you are located somewhere else? If so, the answer is yes.

The reason CASL could have a huge impact is because of this second question. The law is not just limited to Canadians, it takes effect any time a Canadian computer is used to access the email (or any commercial electronic message). So, if you’re in the USA, but your email newsletter also goes to those north of the border, then all these rules apply. Even if you’re somewhere overseas, the claim is that CASL is still in force.

This is what Andrea Rosen, the CRTC’s chief compliance and enforcement officer said:

If the spammer is offshore, we have the ability under the law to co-operate with foreign governments, to share information and to bring proceedings together against individuals that are offshore.

I don’t want to go into this quote too much…. but…. (please read this with the highest degree of saracasm)… good luck Canada!
I look forward to hearing about the case: CRTC vs. Random Spammer X located in a cave in a far off land sending emails about the best ways to enlarge your (use your imagination)

The funny thing is that all those “buy drugs from Canada” spam messages we receive usually aren’t sent from within Canada, so the enforcement is going to require this offshore cooperation. Again, good luck Canada!

It should be noted that there is a special exemption in CASL if the sender does not know or could not expect to know that the receiver was in Canada.

What are the main requirements of CASL?

The entire law is long (really long), but in a nut shell, these are the key requirements:

  • Permission must be obtained before sending email.
  • The permission must be able to be proved with clear consent.
  • No pre-checked boxes on forms. The consent must be an affirmative action. [<< Make sure you take note of this for any forms you use!]
  • No false or misleading subject lines or from names. The sender must be clearly defined.
  • Working unsubscribe mechanism. Any unsubscribe requests must be processed within 10 days and the unsubscribe link must be valid for 60 days after the send date.
  • You are not allowed to confirm unsubscribes by sending an “Are you sure you want to unsubscribe?” email.
  • Must include a valid postal mailing address (P.O boxes are fine) and one of the following: web address with contact form, email address or phone number.
  • If you are sending “on behalf of” another organization, both organizations must be identified.

It should also be noted that charity organizations are included in CASL if they are selling or soliciting anything.
If you’re an existing customer of Elite Email, then your email marketing activities are already abiding by a lot of these requirements.

What is Exempt from CASL?

There are a variety of things that are specifically excluded from the rules outlined in CASL. My theory is that this list will be expanded before things are finalized, but here are the main exemptions right now:

  • Email between family or people you have a personal relationship with (… phew, you won’t go to prison for emailing your aunt!)
  • Employees at one company emailing employees of another company, if the companies have a business relationship.
  • Responding to an inquiry that could be in the form of a question, complaint or solicitation.
  • Work-related emails sent between employees at the same company.
  • If someone requests more information from your company (could be for a quote, estimate, general information, membership inquiry, etc) then you can reply to them.
  • A charity can contact someone if they made a donation in the past 18 months.
  • Any legal message relating to a recall, copyright notice, or debt collection request.
  • One non-consent email can be sent for third party referrals provided that the person/organization making the referral has either a non-business or personal relationship with the recipient and sender. On top of that, the sender must clearly state who made the referral.
  • Transactional emails that do not contain any marketing language (<– We’re for sure going to see this further clarified.)

How Does CASL Define Consent?

The underlying key to CASL is consent, consent, consent. You just cannot do anything without consent.

CASL has mapped out four different circumstances that would qualify as consent.

  • Explicit Consent
    This is when the recipient gives you direct permission to email them. For example, if someone signs up for your mailing list using an online signup form that would qualify as explicit consent. But, remember, this type of consent cannot be obtained through opt-out, so make sure you don’t pre-check the “Yes, I want your mailings” box because that voids everything (… and then you do not pass go, do not collect $200, and you go straight to jail).
    You can also get oral or written consent, but this starts to get tricky because you have to be able to prove that consent was obtained. If you’re planning on getting consent using these methods, make sure you document everything very carefully so you can provide your case if it comes to that.
  • Implied Consent
    This type of consent takes the form of an existing business or non-business relationship between the sender and recipient. In the eyes of CASL, a “business relationship” is one where a customer has made a purchase from you or entered into a contract. A “non-business relationship” would be if someone does volunteer work for you or actually becomes part of your organization.
    One really important thing to note is the “2 Year Rule”. If someone purchased something from you in the past 2 years, then you can send them emails for 2 years from their purchase date under the implied consent criteria. However, during that time you must obtain explicit consent if you want to email them after the two years. Keep in mind that if this same person buys from you again during the two year period, the clock resets and you’ve got two more years before you need explicit consent.
  • Conspicuous Publication
    This is definitely an interesting part of the current draft of CASL. If you obtain someone’s email address and it meets these criteria, then you have qualified as having enough consent to email them. (1) Their email address is clearly published for viewing; (2) The address is not accompanied by a statement saying that they do not want to receive unsolicited messages; (3) the message is directly related to the person’s business or official role.
    Two important things to be aware of is that the clear publishing of the person’s email address must be done by the person directly or with the authorization of the person. So, a company website that lists an employee roster is legit, but some random website that posts a bunch of contact info is not OK. Also, the email you send must be highly related to the person’s job/role , which is very vague in the current draft. But, as an example, you can email a lawyer about a new law book, but you cannot email them about the cool new t-shirts you’re selling.
    The last thing on this topic is to keep in mind that PIPEDA prohibits the harvesting of addresses, so you cannot use a program to automatically capture this information from the web.
  • Shared Email Address with the Sender
    I call this the “business card” rule. If someone gives you their business card then you can email them stuff that is related to their job/role. Of course, they can also give you their email address in other ways, but the main thing is that they are willingly supplying you with their email address and not saying that they do not want to receive emails from you. Although, I can tell you that if someone hands you their business card and says “don’t email me” that probably isn’t a really good sales lead.

When Does It Take Effect?

Before we look at where we’re going, lets take a look back at where CASL has been:

  • May 25, 2010 :: Bill C-28 First Reading
  • Dec. 15, 2010 :: Royal Assent (Passed)
  • July 2011 :: Regulations Drafted
  • July 2011 :: Regulations “gazetted” for Review
  • Sept. 7, 2011 :: Draft Regulations Comment Deadline
  • Mar. 2012 :: CRTC Regulations Gazetted
  • Jan. 5, 2013 :: Industry Canada Draft Regulations Published for Comment
  • Mid 2013 :: Industry Canada Final Regulations
  • Mid 2014 (maybe?) :: CASL Takes Effect

So, the answer to when CASL will go live is still a topic of much debate. (Insert gasp here that the Canadian government moves slowly!)

CASL was recently delayed for a few reasons:

  • Still ironing out details as there are many unhappy parties (more on this later)
  • There is disagreement between Industry Canada and the CRTC about how the law should be regulated
  • There are expected mid-term cabinet changes and these shifts could skew priorities.

If you really want to make a note in your calendar, then current speculation is that the law will not be enforced until the Fall of 2014. This follows a one year grace period after everything is published this year. However, don’t be surprised if this gets delayed yet again.

On top of that, CASL will have a transition period once it comes into effect so that organizations have ample time to obtain the neccessary consent to ensure they are playing by these new rules.

What is the Penalty for Violating CASL?

Canada’s anti-spam law is not fooling around when it comes to the punishment for breaking the rules.

Penalties for violations can range from up to $1 million for individuals and $10 million for companies.

Three interesting things to note about the enforcement of this are:

  • Any person can bring this law against a sender up to $1 million. But, if they are found to be incorrect, they will be required to pay court/legal fees. So, it’s not like if you avoid sending emails to the RCMP you can avoid getting in trouble because anyone can make a claim under this new legislation.
  • If you can demonstrate that you made very strong efforts (due diligence) to comply with all the rules and done everything to obtain proper consent, then that will play a factor in the event a lawsuit comes up. It is for this reason that it’s super important you keep track of everything so you can cover yourself later with a stronger case if things get messy.
  • Officers of an organization can also be held accountable for the messages sent out by their organization. Bottom line, YOU are responsible if you do bad things.

What is the Difference Between CASL and the U.S. CAN-SPAM Act?

There’s a long list of differences between these two sets of regulations, but the major differences are:

  • CASL requires express consent to send commercial messages. Basically, the recipient must “opt in” as opposed to the CAN-SPAM Act that mandates “opt out”. So, under the US law, you can send someone a first email as long as they can request no further messages, whereas under the Canadian law even that first email has you breaking the rules.
    Note: Email marketing best practices already encourages the opt in procedure as opposed to opt out.
  • CASL requires specific disclosure when an organization requests consent. Senders must clearly state the reason they are requesting consent, clearly identify themselves, provide contact information, and explain that consent can be withdrawn later. None of this appears in the CAN-SPAM Act.
  • The coverage for CASL covers email, text messages, instant messages, directly pushed social media messages, and installation of computer programs. The CAN-SPAM Act covers email.

 What Should You Be Doing to Prepare for CASL?

The good news is that if you are a customer of Elite Email, then you are already doing most things to comply with CASL. Built right into our online email marketing software is a process that makes sure you’re covered on a lot of these items. But, there are still some things I want to highlight so you’ve got a good checklist of items on your radar that you can be aware of.

  • Consent, consent, consent… it’s all about consent! We want to have bulletproof iron-clad proof that we’ve obtained consent properly and legitimately.
    • Record all sign-ups from your website.
    • Capture and record the IP address when the signup is first initiated and later confirmed.
    • Document how your relationship with someone began. Did they purchase from you? Did they signup online for your newsletter?
    • If you’re getting oral or written consent, make sure it’s something you can later prove. (This could be a challenge, so online signups or something with a digital papertrail is better.)
  • Take a detailed look at your database and try to figure out who you need to re-confirm with proper provable consent.
    • Are there customers who purchased from you 2 years ago that you won’t be able to email if they don’t re-confirm?
    • Are there contacts where you’d have a hard time proving their consent?
    • Are there contacts who haven’t engaged with your emails (opened or clicked) in a long time? If so, try to re-engage them or take them off your list.
  • When someone signs up for your mailing list, send them a welcome email to verify their subscription.
    • This double opt-in or closed-loop subscription process is important not only to comply with CASL, but also to make sure that a sneaky individual didn’t come to your website and signup using their arch enemies email address…. because then you might get spam complaints as well.
  • Make sure your subject lines and sender names are correct, clear and consistent. (The three “C’s” if you will.)
  • Have a working unsubscribe link and valid contact details so someone can reach you if they want to.
    • This includes monitoring replies you receive from your email so if someone says “remove me”, then you can do it right away.
    • Sending your emails from a no-reply address is a BAD thing.
  • Make sure your postal address is in your emails.
  • Take a look at your privacy policy as it relates to data collection to ensure it’s up-to-date and aligned with all the new CASL rules.

Remember that CASL is still evolving and being refined. No one knows yet exactly what the final set of rules will look like. So, while the above steps will keep your best foot forward, make sure you keep an ear to the ground so that if something does change you are not caught off-guard. Rest assured, the compliance team at Elite Email is also all over this!

What Are Some of The Criticisms of CASL?

There’s been a lot of backlash since CASL was originally proposed. For instance, there was a two month consultation period (ending on Sept. 7, 2011) where 55 different organizations raised their concerns to Industry Canada. As a result of that, a revised regulation was published on Jan. 5, 2013, but the criticisms certainly have not stopped.

I don’t want to go too much into this, however if you want to read more, Marketing Magazine has a good article titled “The Hidden Costs of Canada’s Anti-Spam Law“.

The one over arching theme from everyone who is complaining about this is not that they are against stopping spam. Everyone is on-board with stopping spam as no one needs more junk mail. The criticism is that this new law will do nothing to actually stop spam. It enforces a new, broad and strict set of rules on organizations that are already trying to do things properly, while really doing nothing to stop the worst offenders who are sending spam from a far off land. So, CASL is giving us more red tape and hoops to jump through, but what is it actually doing to benefit Canadian citizens?

On top of that, many in the small business community are outraged because to some it feels like these new laws put up serious barriers to using email effectively because they cannot afford to invest resources to wade through all the red tape. There has been a shift from sending paper flyers through Canada Post to email because it’s more effective, more measurable, more affordable, and definitely more environmentally conscious (to the joy of trees everywhere!). But, if the Canadian Government wants to clamp down on what can be sent through email, will it result in more junk filling up your physical mailbox?

Personally I think there are some good parts of CASL. In certain spots of the legislation you can really see the positive intent of what they are trying to accomplish. But, it’s gotten so bloated with this scenario and that scenario, that I fear the true intent is getting lost and in realty it may only result in punishing the people who were doing everything 99% correctly anyway.

You can get more information direct from the Canadian government at http://fightspam.gc.ca.

CASL - Canada's Anti-Spam Legislation

 

This blog post is intended to provide our general comments on the new law. It is not intended to be a comprehensive review nor is it intended to provide legal advice. Readers should not act on information in the publication without first seeking specific advice from their lawyer. In short, I am not a lawyer, nor do I pretend to be a lawyer.

 

The government of Canada has released a new infographic that outlines 5 things to look for to raise some serious red flags that a message is spam.

While most people will probably find these things obvious, I do think it acts as a quick reinforcement of what should get your spidey sense tingling.

The infographic is all part of Canada’s imitative to crack down on spam (which is a good thing for legitimate email marketers and all email users) as the country prepares to roll out it’s new Anti-Spam legislation. The infographic really applies to everyone, not just those within Canada, since the traits of spam are almost universal.

Worried It's Spam: 5 Things To Look For

Worried It’s Spam: 5 Things To Look For

© 2013 Elite Email Inc. Blog Admin