Canadian Anti-Spam Law (CASL)
For those unaware, the Canadian Anti-Spam Law (CASL) came into effect on July 1, 2014. This is the latest anti-spam law applied to electronic messages, such as texts, emails, and more that companies send for commercial activity. Canada Anti-Spam Legislation regulations controls how organizations collect, use , and disclose personal information while operating their businesses.
The key feature of this law is to take consent from recipients before sending any Commercial Electronic Messages (CEMs). However, Canadian Anti-Spam Legislation or CASL doesn’t apply to such CEMs that are directed through Canada but Canadian as well as global companies and organizations.
In this post, let’s find out more about CASL anti-spam laws and why CASL compliance is important.
What is Commercial Electronic Message (CEM)?
Abbreviated for the commercial electronic message, a CEM is a kind of electronic message that encourages people to participate in commercial activity. It could be an email pitching the latest sale or an SMS communicating a discount.
What is consent, and how to get it?
As per the Canada CASL regulations, one of the important Canada email privacy laws, to send a CEM, companies have to get consent from recipients. This consent could be either in the form of writing or orally. Written consents can be in the form of electronics.
Also, when requesting consent, companies must provide some information to recipients, such as:
- Name of the organization or person seeking consent
- A phone number or an email ID where the recipient can contact
- A statement recognizing the person who is providing the consent
- The contact information and identity of any affiliate or third-party used to get the consent
- A method to allow people to automatically opt-out
How Does Canadian CASL Law Affect You?
Businesses, companies, or individuals doing business in Canada must comply with these laws. For all of the Canadian email addresses added to the list post-July 1 2014, Canadian CASL regulations compliance needs you to get consent, either expressed or implied.
In case you fail to comply with the Canadian email privacy laws, you would have to face severe penalties that may comprise civil charges, criminal charges, personal liability for the company’s directors and officers, and fines upto $10 million.
How to Comply with Anti-Spam Laws?
According to Canada’s Email Privacy laws and Anti-Spam legislation, understanding consent by individuals and businesses is very important.
As per the terms and conditions mentioned in Constant Contact, your list must be permission-based. This means that you should comply with the unsolicited email needs as stated by the email laws:
- To upload contacts, you must agree that you have acquired the consent of every recipient before sending an email
- Your “From” email address is verified and precisely identifies the sender
- Turn the Advanced Email Permissions setting so you can specify if contacts added to the account have provided permission
- You would have to include the postal address in the email campaign, and Constant Contact needs that you must add the physical address before scheduling the email
- Ensure that the address is valid for the organization
- Constant Contact includes an obvious and clear method for contacts to opt-out of future emails
- Constant Contact processes unsubscribe automatically from emails
How Can You Stay CASL Compliant?
Adhering to the law when starting a business is relatively easy. However, when you have established, staying compliant could be challenging. So, to do that, here are a few steps that you can use to remain compliant.
- You can use the Canada anti-Spam legislation regulation or CASL template to request express permission from those contacts who have given implied permission.
- Immediately honour the unsubscribe request coming through an email.
- Ensure that your email campaign’s subject line is concise and straightforward.
- Don’t offer any misleading offers. For instance, don’t showcase 50% off in the subject line and offer just 20%. This is strictly against the CASL law.
- Such email addresses that you have received through implied permission must be deleted after two years unless you have received express permission to send them emails.
- By turning on the Update Profile Form, allow your contacts to decide which list they can use.
- You would have to maintain an audit trail as to when and how you have acquired the consent. For this, the best practice is to record as much information as you can regarding the consent.
What is the meaning of CASL for different executives and officers?
When it comes to varying positions, CASL affects different people in a different manner. Here is how it goes:
- Marketing Executives / CMO: These people have to evaluate the effect of CASL on digital marketing campaigns, such as those that run through social media and email. CMOs and marketing executives should also evaluate how to acquire consent from prospects to talk to them.
- Internal Auditors: They must assess CASL compliance once the business has started its functions and operations.
- Chief Legal Counsel: A chief legal counsel would have to review the requirements of the act, changing rules and commentary from the associations of the functional industry. Post this, regulatory guidance and explanatory guidelines should be monitored as per the release by the government.
- Risk Officer: A risk officer must evaluate the CASL non-compliance risks on the work and business front.
When should you begin the compliance process?
Generally, Canada CASL regulations comprises a substantial amount of work for most organizations, right from reviewing legal implications to comprehending resources across the affected business.
It also includes addressing gaps in governance, technology, process, and people. Larger organizations that have multiple business channels and lines may take months to complete the process. Thus, to avoid any last-minute issues, it is advisable to begin as soon as possible.
What is needed to understand the compliance?
To comply with this law, here are a few major things that you must thoroughly understand:
- The CASL act
- The regulations of CRTC
- Two different sets of CRTC Interpretation Guidelines
- New industry Canada regulations
- The Industry Canada Regulatory Impact Analysis Statement
Check out this article for knowing about the privacy policies required for your website.
In the end, it must be noted that whether you have an already established business or just starting, complying with the laws and policies like CASL anti-spam laws is essential. Not doing so may lead to a big hole in your pocket. So, make sure you follow the criteria mentioned above and abide by the law.