Category “Online Privacy”

Brace Yourselves… CASL is Coming!

Wednesday, 22 March, 2017

Spam wallNoticed a lot of slightly desperate sounding emails popping up in your inbox recently asking if you still want to be friends a subscriber?  Well there’s a reason for that! On 1 July 2017,  Canada’s Anti-Spam Legislation (CASL) hits the deadline of its 3-year implementation plan that began in July 2014.

What is CASL? As the name suggests, it’s legislation put in place to reduce the amount of unwanted spam (wait, is any spam wanted?) we’re inundated with. Essentially it regulates commercial electronic messages (CEMs) sent to electronic addresses – including unsolicited emails, texts, and social media messages – and is an attempt to control the often hard-to-pin-down world of websites that capture and use your personal information.

It’s a blight on the scourge of unsolicited electronic messages. Yay!

CASL also, interestingly, prohibits and regulates the following:

  • the use of false or misleading representations online in the promotion of products or services (no false offers please!)
  • alteration of transmission data in an electronic message which results in the message being delivered to a different destination without express consent
  • installation of computer programs without the express consent of the owner of the computer system or its agent, such as an authorized employee
  • collection of personal information through accessing a computer system in violation of federal law
  • address harvesting, i.e. the collection of electronic addresses using computer programs or the use of these addresses without permission

Perhaps the complexity of all of this accounts for the 3-year roll out?

So, how does this affect you? 

Well, if you use electronic channels to promote or market your organisation, services, or products in, to, or from Canada, then you need to ensure that you’ve specifically asked for consent from those receiving your CEMs. Still not sure if this applies to you? The CASL website says it does if you answer “yes” to these three questions :

  1. Do you use email, SMS, social media or instant messaging to send commercial or promotional information about your organization to reach customers, prospects and other important audiences?
  2. Do you install software programs on people’s computers or mobile devices?
  3. Do you carry out these activities in or from Canada?

According to the Government of Canada, “Penalties for the most serious violations of the Act can go as high as $1 million for individuals and $10 million for businesses.” So basically, if you engage in the activities listed above and don’t comply with CASL, then you’re in a world of trouble.

If you receive CEMs, then this is your opportunity to unsubscribe from those millions of newsletters that clog your inbox and to show your loyalty to those you still want to receive.

What are the current CASL challenges?

“I never put off till tomorrow what I can possibly do the day after.” – Oscar Wilde

It seems like the slow roll out of this legislation (passed in Dec 2010, phase 1 July 2014, phase 2 Jan 2015, and now phase 3) has meant complacency on the part of a lot of companies and organisations, who are still lagging on getting consent to send CEMs. The fact that old email lists were grandfathered and that there has been a 3-year period to collect consent seems to have, according to Drive Digital, lead to laziness on the part of a lot of businesses to get up to CASL-speed.

Another challenge is that there are two types of consent outlined by CASL: express and implied. Implied consent (if I understand the legalese on the CRTC website correctly) relates to the period from July 2014 to the “expiry date” of 1 July 2017, i.e. you’ve had these 3 years to continue sending CEMs to those you’ve had an existing business or non-business relationship with. However, after 1 July 2017 (and this is why this upcoming deadline is so critical), you need to have express consent to continue to send CEMs to these same people. What does this mean? If someone has been on your mailing list since before July 2014, they have to have given their consent to receive your CEMs, otherwise you are in violation of CASL.

For example, if someone signed up for your e-newsletter in 2013, then that is express consent and you can keep mailing them after July 1 2017. If you added them to your mailing list in 2013 because, say, they were a client of yours, but they did not specifically give consent (but didn’t unsubscribe either), you cannot keep emailing them after July 1 2017 unless you’ve asked them for consent.

You can start to see why some businesses have procrastinated!

So what can/should you do to comply with CASL?

A big change a lot of companies and organizations will need to make is around the language they use around opting in and opting out of communications. It’s no longer acceptable for you to have an “opt out” option; instead, consent has to be given by the user by actively checking an “opt in” box. So, instead of the default being “I want to opt out”, it needs to be “I want to opt in”. It’s a subtle but potentially damaging (if you don’t comply) difference.

To make sure you’re CASL ready come July 1:

  • Make sure that you expressedly ask for consent (e.g. send out an email to all your e-newsletter contact lists asking if they want to keep receiving your newsletter)
  • Include an opt-in check box  that clearly and specifically asks if the person would like to receive information (e.g. promotions, newsletters, etc)
  • Ensure all pre-checked boxes are updated to be unchecked by default moving forward
  • Make that the name of your business/service/organisation is very clear on all correspondence (some organisations include their address, options for what types of messaging the user wants to receive, and as a best practice, a clear description of what form the correspondence will take)
  • Include a clear, obvious “unsubscribe” button

Basically, when in doubt, ask for consent, make it easy for people to unsubscribe, and ensure the option to say YES rather than NO is explicit.

And despite what Oscar Wilde said, don’t procrastinate; July 1 is just around the corner.

The Ugly Side of Social Networking: Have You Checked Your Privacy Settings?

Friday, 30 March, 2012

I know there has been a lot of media coverage about cyberbullying and with the new movie/documentary Bully coming out, I hope there will be even MORE awareness and coverage about this, but there is also another incredibly scary side of social networking sites and the amount of access to information there really is out there, brought to light by a recent UBC app* and then what I just came across today (ironically a friend shared it on Facebook), another app called Girls Around Me.

There is a great, detailed article about the app that you can check out called This Creepy App Isn’t Just Stalking Women Without Their Knowledge, It’s A Wake-Up Call About Facebook Privacy [Update] that explains how it works etc., but the principal message is watch what you post and who can read it. Too many people are naive about putting their information online and they don’t seem to check their privacy settings and ensure they don’t plaster contact info, locations, etc. everywhere online.

What creeps me out is that the site homepage wording seems to imply that the ‘check ins’ are related to the app/by consenting users of the app itself, instead of highlighting that these people don’t know that the information they’re using on other sites (e.g. Facebook) is being pulled into this app. Of course people are responsible for their own safety, but this seems just plain unethical.

I’ve been leery of Facebook Places and have NO desire to use Foursquare or any other check in or location based tool, but many people don’t seem to have the same qualms, nor think about the implications while they merrily provide the world with information on their every move.Kudos to Foursqaure, though, they’ve banned the application and have stopped the app developers from accessing Foursquare user information – a small victory!

It certainly is the ugly side of social networking; despite the fantastic access to information and the potential for knowledge sharing, there is such a thing as too much information! You don’t want to become a target. So check those privacy settings NOW, and educate yourself.

Be safe out there.

Geraldine

 

*I’m trying to locate information on this – I saw it on the news recently but haven’t been able to find any info about it – I’ll update you when I find the name and some more concrete details.