Under CASL, Compliance Is No Longer Casual
Email Marketing | best practices | social and digital marketing
On July 1, 2017, the Private Right of Action (“PAR”) provision of the Canadian Anti-Spam Law (CASL) allowing individuals the right to file suit against spammers takes force, bringing with it fines of up to $10M per violation. For those of you working in associations, with membership open to Canada, there are some things to keep in mind, to ensure compliance when interacting with Canadian subscribers after the upcoming cut-off date.
- You can only send messages to those who have already opted-in with express consent, or whose implied consent is currently valid under CASL. With this, implied consent is (still) valid for subscribers who have made a purchase within the last 24 months, or an inquiry in the last six.
- Express consent does not just apply to email – you must have express consent to send any form of commercial electronic message (CEM), instant messages, text messages, automated voicemails and messages directly distributed across various social media platforms included.
- Not all Canadian subscribers have .ca email addresses. Regardless of whether a message is sent to or from a Canadian recipient, if individuals can access it from a computer system located in Canada, the message must comply. To avoid (accidental) violation, only send messages existing customers, and individuals who have deliberately opted-in to your commercial communication.
- Un-check all the boxes. You can no longer use pre-checked sign-up boxes to automatically opt individuals in to receive your promotional communication. Under CASL, an individual must manually and explicitly opt-in by checking the box him/herself.
- Be more than just mindful of your transactional message content. While the law does not restrict you from sending transactional communication for things like password reset, purchase confirmation, and shipping information, it does stipulate that a transactional message contain no promotional content. To avoid violation, it’s best to take a zero-tolerance approach to commercial intent when communicating for transactional purposes.
- Always provide a way to unsubscribe. Every email you must contain a working unsubscribe link. With this, you are required to honor an individual’s request to unsubscribe as quickly as possible - you must remove his/her email address from your list within (10) ten business of receiving an unsubscribe request. Similarly, it is important to remove email addresses from your lists when (implied) consent expires.
- Do your due diligence in documenting consent. Under CASL, you, the sender, are held directly accountable for messages you send. With this, you are also held liable for incompliance. In documenting your efforts to comply, there are some key pieces of information you should collect and record regarding express consent:
- How was consent acquired, orally (in-person or over the phone), or transcribed (hand-written or electronically)? Note: Consent acquired orally must be in the form of an unedited audio recording, or in a way that is verifiable by an independent third party.
- When was consent obtained (date and time)?
- Where consent was obtained (via website, in a physical location, etc.)?
- What was the specific method used to obtain consent?
- Since implied consent expires, it is critical that you also keep record of how and when consent was obtained, to accurately determine and track when it expires.
Given the heightened risk inherent in violating CASL’s PAR provision, it is important you understand what is involved in maintaining your compliance. If you have questions about CASL compliance, schedule a consultation with us today!