Find out more about CASL: Canada's Anti-Spam Legislation.
Feeling nervous? Well don't get too worried, it's true there will be some big changes when it comes to complying with the new rules set out by Canada's Anti-Spam Legislation (CASL), but we want to help prepare you by giving you an outline of some of the main facts. This new legislation started being formed back in 2004 by Canada's Task Force on Spam and the law was passed in December 2010. It will now go into effect starting on July 1st, 2014.
What is the purpose of CASL?
The law was designed to protect Canadians from the following:
- The sending of messages to a recipient without the expressed consent of that recipient.
- The sending of messages to different destinations than the intended one without expressed consent.
- Installation of computer programs without expressed consent.
- Misleading or untrue representation of products or services.
- Collection of personal information or electronic addresses by the use of a computer program and misusing that information.
Key dates for implementation and transitional period
Most of the main parts of the new law will come into effect starting on July 1st. This includes the sending of Commercial Electronic Messages (CEMs). The regulations that deal with the installation of computer programs (section 8) will come into effect on January 15, 2015.
The regulations that deal with the private right of action will come into force on July 1, 2017. For your existing business and non-business relationships where CEMs are used as a communication tool, there is an implied consent period for 36 months starting on July 1st, 2014.
This will end if the recipient expresses that they no longer wish to receive CEMs. Business must seek expressed consent during this time to be compliant with the new legislation. Preparing for the New Regulations
Make sure everyone, from top management to the HR department, to the sales team, know about the new legislation.
Take time to identify what you need to review, these will likely include all of your current electronic communication practices, text messages, promotional mail layout, sign up pages, auto-replies, customer databases, current subscriber lists, personal emails and any other type of electronic programming and communication that your business uses.
What are the primary requirements of CASL?
Consent
You must have expressed consent to send to a recipient (more on this, see below).
Identification Information
If you are sending a CEM on behalf of someone, you must identify yourself and whom you are sending on behalf of, even if it's multiple persons. If all the information cannot be included (such as in an SMS - text message) then a hyperlink to a webpage with the information is acceptable, but it must be clearly visible in the message being sent.
You cannot "alter transmission data". For example, you cannot mislead the user by having a link to a specific website which then directs them to a site which was not expected.
There must be included a way to contact the sender including a physical address and an alternative way to connect such as an email address or phone number. If you work from home, you still must include an address that you can be reached at, it does not have to be your home address.
It is not permitted to have misleading subject lines, it must be clear who is sending messages and collecting data.
Unsubscribe Mechanism
Every message must provide a clear option for users to opt-out of further communication from the sender.
The unsubscribe mechanism must be easy, cost-free and performed promptly (within 10 days).
Take a Closer Look at your Databases
If you want to make sure there's no doubt about your compliance with the new rules and regulations set out by CASL you will want to seek out expressed consent for everyone in your database.
What does expressed consent mean?
Expressed consent means the user must take an action that confirms their agreement.
The definition of expressed consent in the legislation is described as follows:
"The manner in which you request express consent cannot presume consent on the part of the end-user. Silence or inaction on the part of the end-user also cannot be construed as providing express consent. For example, a pre-checked box cannot be used, as it assumes consent.Rather, express consent must be obtained through an opt-in mechanism, as opposed to opt-out.The end-user must take a positive action to indicate their consent. For example, this can be done by providing a blank box which a user can check off to indicate consent."
(http://www.ic.gc.ca/eic/site/030.nsf/eng/h_00050.html)
How do I prove that I have gotten expressed consent?
Expressed consent can be obtained in writing or orally. If obtained orally, it must be verified by a third party or a "complete and unedited audio recording of the consent" must be kept as a record. In writing, it is acceptable in paper or electronic format which includes checking/ticking a box, filling out a form and retaining the date, time and purpose of the recorded consent.
Learn more about full legal details on consent can be found here.
Liability for not complying with CASL
Here is the answer to that directly from the fightspam.gc.ca website:
"If you commit a violation under any of sections 6 to 9 of CASL, then you may be required to pay an administrative monetary penalty (AMP). The maximum amount of an AMP, per violation, for an individual, is $1 million, and for a business, it is $10 million. CASL sets out a list of factors considered in the determination of the amount of the AMP."
It is up to each business and individual to ensure that they are compliant and stay compliant with CASL.
You can review all the information right on the government of Canada's website.