3 things you need to know about Canada’s Anti-Spam Legislation (CASL)
If you’ve only been casually aware of Canada’s Anti-Spam Legislation (CASL), you might be surprised at just how far-reaching the final legislation actually is. To give you a sense of the scope and potential repercussions of the legislation, I want to share elements of the law that will likely raise a few eyebrows and will almost certainly affect your company in profound ways.
Before we take a deeper dive, let me offer a one-sentence summary of CASL, so we have a shared understanding of what it means: As a business enterprise, you are responsible for securing the consent of any Canadian recipient before you send him or her a commercial electronic message (CEM).
For an example of a CASL-compliant subscription form (and our not-so-subtle way of asking for your consent), please visit our Subscription Center.
Now, let’s look at the three implications of the new law which begins to take effect on July 1, 2014.
1. CASL covers more than email. It includes social media, text messages and computer programs too.
While the legislation takes reasonable steps to prevent folks from sneaking malware or unwanted features onto computers, the issue of social media is a bit thornier.
All of the government rules governing the notion of consent – and I’ll direct you to our summary document, Canada’s Anti-Spam Legislation and Your Business, for a lucid description of the gnarly world of explicit and implicit consent – apply to social media. In other words, even on social media, your organization must get a recipient’s consent to contact him or her directly. (Of course, your organization is still able to post regular status updates, public tweets and the like; you just can’t contact someone directly without consent.)
One further thing to consider about social media: When someone chooses to ‘like’ your brand on Facebook or ‘follow’ your organization on Twitter, don’t assume that they’ve granted you permission for direct contact, because, according to CASL, they haven’t. You’ll likely need to develop a database (over and above the tools provided via most social media sites) to manage your organization’s social media contacts and document consent.
2. The potential financial consequences of not complying with the legislation are huge.
You might be aware that companies will be liable for government fines of up to $10 million, and individuals can be fined up to $1 million. But did you know that businesses might be responsible for the action of hired agents (employees of the companies you might engage to help with your external communications) as well as their own employees? Corporate executives and directors may also share personal liability for corporate violations. We expect that million-dollar fines would be reserved for the most egregious spammers, but we don’t know for sure.
What’s more, people (either individually or collectively) who have received an electronic communication without having provided consent may sue the corporation (and the employees or agents involved in the violation) starting in 2017.
3. CASL covers every Canadian your business might contact and every outbound CEM sent by your company, not just those managed by Marketing.
Whether a contact resides in your ERP or CRM system, whether it’s the contact information of someone who gave you a business card at a tradeshow, or it’s several email addresses in an ad hoc prospects-and-leads contact list buried on a salesperson’s hard drive, it’s covered by CASL. You’ll need to get consent from all these contacts and document them appropriately if you want to send them CEMs.
As you can imagine, documenting consent is no trivial effort. It means combing through existing databases of contacts to identify who can legally be sent CEMs after July 1, 2014, and who requires further confirmation. And it requires organizations to fully understand each and every way they are capturing contact information and reaching out to prospects and customers.
This law also applies to any mailing list your organization has rented from a third party. You’ll need to pay close attention to the reputation of list owners, to ensure that they and their lists adhere to CASL. What’s more, you can expect that list owners will require to be informed of anyone who asks to be excluded from the list, to ensure the list’s ongoing integrity. So I expect these third parties will pay close attention to the content you are sending their contacts, to help minimize the number of contacts who opt out of their lists.
Certainly, getting CASL-compliant will take work. When Quarry embarked on its journey to align with the legislation, we did not realize how extensive the effort would be. But as we gained a deeper understanding of the new set of rules and the implications for our organization, we realized that becoming CASL-compliant requires detailed planning, smart communications and thorough documentation of contacts’ consent.
If you’re interested in learning more about Canada’s Anti-Spam Legislation, I invite you to download our Canada’s Anti-Spam Legislation and Your Business summary of the act. Or if you have questions about CASL, don’t hesitate to email me directly. You have my consent.