Getting Ready For Canada’s Anti-Spam Legislation

Canada’s Anti-Spam Legislation (CASL) is coming into effect on July 1, 2014,
we wanted to make sure the small business owners in the Thexyz community
are properly prepared and compliant with the road ahead.

If you have not heard about this new legislation, CASL (Bill
C-28) is a new set of regulations
that aims to crack down on unwanted spam messages and is considered to be the toughest anti-spam law in the
world. CASL requires all businesses that are selling or promoting
products or services through email to prove they have consent to reach out to new,
existing and potential customers.

The CASL aims to reduce
spam, viruses and increase consumer confidence in e-commerce, failure to comply can result in tough penalties, up to
$1-million for an individual and up to $10-million for a business. Here’s
what you need to know, and some tips for making sure your business is
compliant.

Is just mass email affected?

CASL applies to any commercial electronic message (CEM)
sent by any medium, including your company’s email, SMS or social media account, that promotes your business or encourages
participation in a commercial activity, such as selling or promoting
products, services or a business event, that communicates directly with a
consumer. The only way you can send one of these direct messages
legally is by obtaining explicit or implied consent from the recipient
first.

What you should follow when sending CEMs

1. Consent:
You must have implied or expressed consent to send a message. If a CEM
is intended to be sent to a non-customer, then an analysis of whether
proper consent exists needs to occur before the electronic message is
sent. Express consent may be obtained orally or in writing, with clear
disclosure of the purpose for which the consent is being sought and a
statement that the recipient can withdraw his or her consent. In either
case, the onus is on the person who is sending the message to prove they
have obtained consent to send the message.

The Canadian Radio-Television and Telecommunications Commission (CRTC)
is enforcing compliance and recommends that organizations protect
themselves by tracking whether consent was obtained in writing or
orally, when it was obtained, why it was obtained and the manner in
which it was obtained.

2. Unsubscribe Mechanism: In every CEM you send you
must provide a way for recipients to unsubscribe from receiving messages
in the future. The unsubscribe mechanism should be accessible by the
same electronic means that the message was sent. For instance, a CEM
sent via SMS may state that an end-user can unsubscribe by texting the
word “STOP”. Another possibility is including a hyperlink clearly and
prominently in an email that allows the end-user to unsubscribe by
simply clicking it. The hyperlink may also be to a webpage that is
readily accessible without delay and is at no cost to the recipient, the unsubscribe request should come into effect within 10
days

3. Identification: You must clearly and simply
identify yourselves and anyone else on whose behalf the message is
sent.This includes providing your company’s name, mailing address and
either a telephone number providing access to an agent or a voice
messaging system, an email address or a website. You also need to include a sentence clearly stating that the
individual can opt out of your communications at any time. This message
should be located near the unsubscribe mechanism if possible.

Six simple tips for staying CASL compliant

1. Reach out to existing and prospect clients by email before July 1.
If you ask for their consent electronically, you must do so by July 1
and have them opt-in by checking a box that says they’re willing to
receive electronic communications. After July 1, this process will be an
offence.

2. Those who don’t have consent by July 1 will need to get it through
other means, such as a telephone call. Recall that consent under CASL
is also implied if you have an existing business relationship or
existing non-business relationship with the person or company.

3. Establish a procedure for new customers. You can ask for consent
when they are buying on your website or asking permission when taking
their first order, as long as the opt-in requirements are met (written
or oral).

4. Maintain an accurate and current list of recipients’ consent to
receive messages. Instances of express and implied consent should be
handled separately to ensure clarity and compliance.

5. Educate your employees on the new policies that need to be implemented as a result of the act.

6. Remember that consent isn’t transferrable. Beware of any
businesses bearing lists because if anyone claims you can “Blast your ad
to over 10,000 legitimate addresses for a price,” or “Buy a database with a
million email addresses for only $100,” they are selling you spam lists
that could result in receiving a large penalty.

If you still have any questions or comments regarding CASL
please feel free to leave them below and we’ll respond as soon as we
can.