Canada’s Anti-Spam Legislation (CASL) comes into effect July 1, 2014, creating new requirements for commercial electronic messaging – that is, commercial or promotional information sent through electronic media. Businesses, as well as government and non-governmental organizations, are only permitted to send commercial or promotional messages to recipients who have signed up to receive them. In effect, Canada is switching from an “opt-out” model, in which it is sufficient to include an “unsubscribe” option in messages, to an “opt-in” model, where commercial messages are only sent with prior consent from recipients.
What do I need to read first?
One of the first steps to get acquainted with the Act is to actually pick it up and read it thoroughly. The official CASL website, fightspam.gc.ca, explains the Act in simple terms and has a lot of interesting content.
Does CASL apply to all businesses?
In businesses, it can generally be assumed that all email, communications, or practices are for business (commercial) purposes. Businesses may send information, invite clients, push subscription information, pull data from clients, etc. All of these activities are classified as commercial electronic messages (CEMs).
How does CASL apply to newsletters?
Newsletters may be considered commercial electronic messages if they link to an event calendar, preview a product or a service, or promote a business brand or image. Our assessments can help you discover if your email newsletters are at risk of being perceived as commercial under this legislation. Newsletters, for the most part, contain at least some content that could be considered to be commercial.
How does CASL apply to invitations?
Invitations can and may be considered commercial electronic messages every time they offer a product or a service, or promote a business in general. Promotions are certainly commercial messages.
What is the Impact of CASL on Business Operations?
Operations department messages such as those related to billing, or subscription updates, order fulfilment, or otherwise are governed by CASL.
How should consent be obtained from message recipients?
We recommend the following Consent Acquisition Life Cycle:
Signup Form: This is the first step in the double opt-in process. Potential subscribers fill out your signup form and click the subscribe button.
Signup Notification: Once subscribers fill out your signup form, a new tab will open in their browser instructing them to check their inbox for a confirmation email.
Opt-In Confirmation Email (Double): When your subscribers check their inbox, they will see an email with a link to confirm their subscription. If they don’t click on this link, they won’t be added to your list.
Confirmation “Thank You” Page: After subscribers click the confirmation link from their email, they’ll see a new page in their web browser letting them know they’ve been added to your list successfully.
Welcome Email: After subscribers confirm subscription to your list, they receive a “Welcome” Email. This email includes the personal information submitted by the subscriber and a link to unsubscribe.
Maintenance: Expired accounts should be checked and disabled daily, since consent expires after 2 years.
How does double opt-in help?
Double opt-in lists using the consent process described above have much higher user engagement levels over time, which translates to more opens and clicks and fewer bounces and unsubscribes. Double opt-in blocks people from subscribing another individual, leading to fewer spam complaints. Double opt-in also ensures that individuals do not subscribe using a fake email. Malicious attackers will not be able to claim that you are spamming them, since you will have proof of consent.
Is single opt-in sufficient?
As long as you have captured the consent timestamp and transaction details (i.e. which policy or activity the user subscribed to), single opt-in will cover CASL’s consent requirements. However, double-opt in will provide you with higher assurance, better engagement, and prevent certain malicious activities or fake complaints.
Does purchase of a product indicate consent?
No. You need to collect a positive or explicit indication of consent. This means that whatever method is used to obtain consent, the default setting should indicate that the subscriber does not give consent.
Can email addresses be collected verbally?
This is allowed if a timestamp for the transaction is recorded, but it is preferable to use an email confirmation process.
What is the context for consent?
You are are required to provide certain information to recipients before they indicate consent:
– identify all parties seeking consent (the organization promoted in the message, as well as any service providers that manage messaging)
– provide two ways to contact the involved parties
– indicate how the person can withdraw consent
Does CASL apply to friends and family ?
The legislation provides an exception for friends and family.
What is the likelihood of complaints?
Does CASL affect the number of people or departments sending messages?
CASL rules allow for recipients to consent to receiving messages about single or multiple products and/or services. However, your risk of non-compliance increases exponentially with the number of message entry and exit points.
How does CASL apply to LinkedIn, GooglePlus, Twitter, MySpace, Instagram, and other media?