Canada’s Anti-Spam Legislation (CASL) Is Looming – Here’s What You Need to Know
On July 1, 2014, the toughest anti-spam law to date — Canada’s Anti-Spam Legislation (CASL) — will take effect.
With fines up to $10 million per violation and potential criminal charges for companies that intentionally mislead recipients, ensuring compliance with CASL is something that should be a top priority for all marketers. Here we highlight the information you need to know to be ready it.
Who Does the Law Apply to?
CASL applies to all commercial electronic messages sent from, or received by, a Canadian mail server. So that means that even if your organization isn’t located in Canada but you have subscribers who are, your emails are likely subject to CASL. In addition to email, the law also covers other digital channels, such as text messages, instant messages, and social media messages.
What happens if you’re not sure where all the individuals in your database are located? There will be exemptions from CASL for senders who don’t have a “reasonable expectation” that a recipient is in Canada. Obviously, email addresses ending in “.ca” belong to subscribers in Canada. But what about Canadian recipients who use domains such as Yahoo! and Gmail? Keeping records on other subscriber demographic information, such as physical address, will now be even more important for marketers.
Other exemptions from CASL include the following:
- Messages sent from family and friends
- Messages sent within an organization
- Messages sent between organizations that have existing business relationships
- Messages sent in response to a request, complaint, or solicitation
- Messages sent by political and non-profit organizations for fundraising purposes.
How Does CASL Differ from U.S. CAN-SPAM?
The purpose of CASL is to help stop spamming, invasion of privacy, hacking, and address harvesting, as well as malware and spyware. To accomplish this, CASL goes a few steps further than the U.S. CAN-SPAM law. In addition to covering digital channels beyond email, CASL differs from CAN-SPAM by requiring organizations to obtain express permission from recipients before sending commercial emails. Under current U.S. law, companies are allowed to send a first email as long as recipients are given the opportunity to request that no further messages be sent. So that means marketers who obtain email addresses by purchasing or sharing lists, for example, likely will be in violation of CASL.
Unlike CAN-SPAM, CASL also requires that senders must:
- Explain why they are asking for consent
- Clearly identify themselves
- Include contact information
- Provide an explanation that consent can later be withdrawn.
These CASL regulations will apply even to contacts that organizations obtained before the law goes into effect in July; however, there will be exceptions granted during a transition period of 3 years. For example, organizations can send commercial emails without getting consent to recipients who have a “preexisting business relationship” with the sender, such as by having made a purchase or requesting information.
What You Need to Do Now to Ensure Compliance with CASL
There’s not much more than 3 months until CASL goes into effect, so here are some important steps your organization can take to help ensure compliance with it. Note that this list includes best practices that many organizations already have in place to help optimize deliverability and results for their permission-based email campaigns.
- Update your opt-in process. For example, eliminate prechecked boxes that are not compliant with the level of consent required by CASL. Plus, use a double opt-in process to confirm subscriptions, such as through a welcome email.
- Send a confirmation request to all your subscribers in Canada who didn’t opt-in to receive your emails.
- Always include your organization’s mailing address in your emails, as well as a statement indicating that the subscriber can unsubscribe at any time.
- Be sure your unsubscribe process is CASL-compliant. CASL requires unsubscribe requests to be processed immediately, unlike CAN-SPAM, which gives a 10-day grace period. Plus, unsubscribe processes must be kept alive for 60 days post-mailing and require no more than two clicks to unsubscribe.
- Review and beef up your data-retention policies. In the case of a complaint, the burden of proof of an existing relationship is on you, the marketer.
- Ensure your privacy policy for data collection is CASL-compliant.
- Keep impeccable records of the sources of your subscribers, as well as consent.
For more information about CASL and to keep up with all the latest developments, be sure to check out the Canadian government’s CASL website.