Since the December 2010 passage of Canada’s Anti-Spam Law (CASL), marketers have been anxiously awaiting the announcement of a date when the provisions would take effect. Last month, Industry Canada announced CASL will officially take effect on July 1, 2014.
In light of the pending enforcement date, it’s a good idea to review the provisions of the law and any changes you may need to ensure compliance. This post from April 2013 outlines the key tenets of the law, so we’d recommend re-reading it. In the meantime, we’ll provide some additional thoughts about preparing for the enforcement date.
NOTE: Any information provided here should not be construed as legal advice. We recommend you contact your legal, compliance, or regulatory department to discuss business requirements under the law.
Does it apply to you?
In preparation for the passage of CASL, it’s important to first determine whether you’re subject to its provisions. The law applies to commercial electronic mail either sent from, or received by, a Canadian mail server. If you’re sending commercial email and you’re located in Canada, you’re subject to CASL. If you’re not in Canada, but you have subscribers who are, you are likely subject to CASL, as well.
While CASL does provide some exceptions for senders who have no “reasonable expectation” their recipients would be in Canada, the law leaves room for interpretation on that point. If an address ends in a .ca extension, for example, the reasonable assumption is the server resides in Canada. For domains such as Gmail.com, though, there could be other pieces of information indicating the recipient’s location, such as physical address.
In some cases, non-profit and political organizations are exempt, but only if the intended recipient has volunteered for, donated to, or been a member of the organization in the preceding two years.
Permission is required
Unlike the U.S. CAN-SPAM Act, the CASL makes it mandatory senders have affirmative permission before sending an email to a recipient. This means sending messages to email addresses obtained through purchase, harvesting, or list sharing is in violation of the law. Even if the contacts were obtained before the CASL takes effect, these provisions would still apply – if the recipient didn’t specifically request your mailings, it’s a violation to send him or her a commercial email.
The regulations allow limited exceptions for the “transition period.” During the first three years of the law’s enforcement, marketers are allowed to send commercial mail to recipients with whom they have a “pre-existing business relationship.” This means the recipient provided his or her email address while making a purchase, requested information on goods or services directly from your company, and so on.
There are likely some senders who would assert they obtained a list through purchase/sharing/etc. years prior and have been sending regular emails to those contacts, thus constituting a business relationship. However, this isn’t the case under CASL. Any contact who didn’t opt in to receive emails from your company or organization must be sent a confirmation request prior to July 1 to reaffirm his or her desire to receive your mailings.
Another important point to note is the burden of proof lies on the sender. If a complaint is brought up by a recipient, it will be up to your organization to provide the details of when and how the email address was obtained, as well as proof the process was compliant with the law.
Don’t check that box!
In addition to ensuring all your existing contacts have given valid permission, it may be necessary to update your opt-in process for compliance with CASL. A pre-checked box in a checkout process or on a website form isn’t an acceptable opt in – the user must check the box on his or her own in order to be compliant.
The CASL also places some additional requirements about the opt-in process. Not only must the subscriber proactively affirm his or her opt in, but the marketer must convey specific information during the sign-up process. This information includes:
- Physical mailing address of the marketer (PO Box is acceptable)
- Telephone number OR web address OR email address
- A notice the recipient can unsubscribe at any time
Failure to include any of these items in the opt-in form means any email address obtained through the form isn’t compliant with the law and hasn’t given affirmative permission.
If your organization needs to make changes to ensure compliance with CASL, the time to start is now! Reconfirming subscribers, modifying opt-in forms, or beefing up your data retention policies are just a few of the steps you may need to take. Internal processes can take weeks or months for approval and implementation, and the enforcement date is just over six months away. With possible fines of up to $10 million per email, CASL compliance should be a top priority for your organization.