Brace Yourselves… CASL is Coming!
Noticed a lot of slightly desperate sounding emails popping up in your inbox recently asking if you still want to be friends a subscriber? Well there’s a reason for that! On 1 July 2017, Canada’s Anti-Spam Legislation (CASL) hits the deadline of its 3-year implementation plan that began in July 2014.
What is CASL? As the name suggests, it’s legislation put in place to reduce the amount of unwanted spam (wait, is any spam wanted?) we’re inundated with. Essentially it regulates commercial electronic messages (CEMs) sent to electronic addresses – including unsolicited emails, texts, and social media messages – and is an attempt to control the often hard-to-pin-down world of websites that capture and use your personal information.
It’s a blight on the scourge of unsolicited electronic messages. Yay!
CASL also, interestingly, prohibits and regulates the following:
- the use of false or misleading representations online in the promotion of products or services (no false offers please!)
- alteration of transmission data in an electronic message which results in the message being delivered to a different destination without express consent
- installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee
- collection of personal information through accessing a computer system in violation of federal law
- address harvesting, i.e. the collection of electronic addresses using computer programs or the use of these addresses without permission
Perhaps the complexity of all of this accounts for the 3-year roll out?
So, how does this affect you?
Well, if you use electronic channels to promote or market your organisation, services, or products in, to, or from Canada, then you need to ensure that you’ve specifically asked for consent from those receiving your CEMs. Still not sure if this applies to you? The CASL website says it does if you answer “yes” to these three questions :
- Do you use email, SMS, social media or instant messaging to send commercial or promotional information about your organization to reach customers, prospects and other important audiences?
- Do you install software programs on people’s computers or mobile devices?
- Do you carry out these activities in or from Canada?
According to the Government of Canada, “Penalties for the most serious violations of the Act can go as high as $1 million for individuals and $10 million for businesses.” So basically, if you engage in the activities listed above and don’t comply with CASL, then you’re in a world of trouble.
If you receive CEMs, then this is your opportunity to unsubscribe from those millions of newsletters that clog your inbox and to show your loyalty to those you still want to receive.
What are the current CASL challenges?
“I never put off till tomorrow what I can possibly do the day after.” – Oscar Wilde
It seems like the slow roll out of this legislation (passed in Dec 2010, phase 1 July 2014, phase 2 Jan 2015, and now phase 3) has meant complacency on the part of a lot of companies and organisations, who are still lagging on getting consent to send CEMs. The fact that old email lists were grandfathered and that there has been a 3-year period to collect consent seems to have, according to Drive Digital, lead to laziness on the part of a lot of businesses to get up to CASL-speed.
Another challenge is that there are two types of consent outlined by CASL: express and implied. Implied consent (if I understand the legalese on the CRTC website correctly) relates to the period from July 2014 to the “expiry date” of 1 July 2017, i.e. you’ve had these 3 years to continue sending CEMs to those you’ve had an existing business or non-business relationship with. However, after 1 July 2017 (and this is why this upcoming deadline is so critical), you need to have express consent to continue to send CEMs to these same people. What does this mean? If someone has been on your mailing list since before July 2014, they have to have given their consent to receive your CEMs, otherwise you are in violation of CASL.
For example, if someone signed up for your e-newsletter in 2013, then that is express consent and you can keep mailing them after July 1 2017. If you added them to your mailing list in 2013 because, say, they were a client of yours, but they did not specifically give consent (but didn’t unsubscribe either), you cannot keep emailing them after July 1 2017 unless you’ve asked them for consent.
You can start to see why some businesses have procrastinated!
So what can/should you do to comply with CASL?
A big change a lot of companies and organizations will need to make is around the language they use around opting in and opting out of communications. It’s no longer acceptable for you to have an “opt out” option; instead, consent has to be given by the user by actively checking an “opt in” box. So, instead of the default being “I want to opt out”, it needs to be “I want to opt in”. It’s a subtle but potentially damaging (if you don’t comply) difference.
To make sure you’re CASL ready come July 1:
- Make sure that you expressedly ask for consent (e.g. send out an email to all your e-newsletter contact lists asking if they want to keep receiving your newsletter)
- Include an opt-in check box that clearly and specifically asks if the person would like to receive information (e.g. promotions, newsletters, etc)
- Ensure all pre-checked boxes are updated to be unchecked by default moving forward
- Make that the name of your business/service/organisation is very clear on all correspondence (some organisations include their address, options for what types of messaging the user wants to receive, and as a best practice, a clear description of what form the correspondence will take)
- Include a clear, obvious “unsubscribe” button
Basically, when in doubt, ask for consent, make it easy for people to unsubscribe, and ensure the option to say YES rather than NO is explicit.
And despite what Oscar Wilde said, don’t procrastinate; July 1 is just around the corner.