What is CASL?
The Canadian Anti Spam Legislation, better known as CASL, is governed by the CRTC (Canadian Radio Television and Telecommunications Commission) and was first introduced in 2014 to protect Canadians from unsolicited CEM’s (Commercial Electronic Messages), commonly known as spam mail. These laws work to eliminate not only spam mail but also Malware and Spyware initiatives.
When this law was established in 2014, CASL set in place a three year grace period to allow individuals and businesses the time necessary to modify and document their email lists in a way that complies with the upcoming 2017 guidelines. As of July 1st, 2017, the grace period will come to an end and businesses leveraging email marketing initiatives will have to fully comply with these anti-spam laws set in place by the CRTC or face legal repercussions. More information on the July 1st, 2017 CASL changes can be found on the Government of Canada website.
When does it apply?
CASL applies to any individual or business within Canada that collects customer information for the use of promoting goods, services or products, either through subscriptions, special offers or other sales efforts. Customer information can be collected through a number of initiatives such as newsletters, transaction orders, quotes, inquiries, and so on, but must be documented as per the CASL requirements and used in compliance with anti-spam laws.
While CASL governs Canadian CEM activity, businesses operating outside of Canada that send CEMs to recipients within Canada must comply with the CASL laws as well as their respective anti-spam laws.
What are the guidelines?
The CASL law prohibits individuals and businesses from sending CEM’s without the recipients implied or expressed consent, including messages to email addresses, social networks and text messages. CASL regulations also prohibit the installation of computer programs without expressed consent from the user, the use of false or misleading representations online in the promotion of products or services and, lastly, the collection of electronic addresses by the use of computer programs without permission.
In order to comply with the CASL Guidelines, senders are required to identify their brand and include the correct contact information within the CEM.
This contact information includes: a business email address, a valid mailing address, and phone number. As long as senders include 2 of the 3 above listed contact methods, they are in compliance with CASL standards.
The most significant change taking place to CASL guidelines as of July will be to how implied consent is obtained. In previous years, CASL characterized implied consent through a number of different methods. As of July 1st, 2017, CASL only characterizes a recipient under implied consent:
- If the recipient has made a purchase from your business within the last two years or
- If the recipient has made an inquiry into your business within the last six months.
Once the recipient has provided implied consent, they must then be asked to subscribe or “opt-in” to provide “expressed consent” and remain on the email list indefinitely. If recipients do not subscribe or opt-in to this email list, business owners must remove them from receiving future CEM’s or risk legal action. The objective of this process is to turn implied consent into expressed consent.
What are the consequences?
As of the 2017, CASL implementation, penalties will be applied to any business or individual that violates the above mentioned guidelines. Fines can reach up to a maximum of $1,000,000 for individual perpetrators or up to $10,000,000 for corporations that violate these laws. By July of 2017, individuals now have the right to take private action towards anyone that disobeys these anti-spam laws. For private proceedings, fines can range anywhere between $200 to $1,000,000, depending on the extent of the violation.