July 1st, 2017 was a date that marketers in Canada were wary of: on this day, Canadian Anti Spam Law (CASL) provisions would have allowed lawsuits to be filed against individuals and organizations for alleged violations. However, this is no longer the case, as the provisions have been suspended indefinitely as of this writing. But this does not change the legality of CASL, which is quickly approaching its third anniversary. The monthly average volume of total email – which is split evenly between spam and legitimate messages – dropped 29%. (click to tweet)
Read on to get a snapshot of how the email marketing landscape in Canada has changed, and what you can do to ensure CASL compliance.
A brief summary
Are you unfamiliar with CASL? It was put in place to “protect Canadians while ensuring that businesses can continue to compete in the global marketplace”, and it affects organizations that send commercial electronic messages (which eventprofs typically do). The law stipulates that you need to have 3 things: the recipient’s consent, to identify yourself, and to offer an unsubscribe mechanism.
Stiff penalties
The maximum fine for businesses that break these rules is $10 million. Sanctions can vary depending on the degree of the offence, and the good news is there are no automatic fines issued. Still, it’s better to be safe than sorry: a Quebec company was fined $1.1 million in 2015. That case demonstrated that collecting emails in a dishonest way (using address-harvesting software of some sort) and not keeping detailed records that prove your subscribers’ consent are bound to get you into trouble.
One year later
Marketers struggled to adapt to the new laws and some businesses felt the urge to resend a request for consent to their entire list or worse, destroy their subscriber list and start over, which was unnecessary in the majority of cases. While there were grumblings from marketers about CASL hurting their competitiveness, there’s been a 37% reduction in global spam originating from Canada since the law was passed.
Two years later
Rogers Media, Porter Airlines, and Vancouver-based PlentyOfFish were the next organizations to receive fines for CASL compliance violations. A new law under CASL was introduced in 2015 regarding businesses installing software on other people’s computers, in an effort to combat malware. In December 2015, this law provided the means for a botnet takedown in Toronto to put a dent in the distribution of Dorkbot malware that affected over 1 million PCs worldwide.
Three years later
In August 2016, Kellogg Canada Inc. paid a $60,000 fine after a third party sent emails on its behalf without the required consent, underlining the importance of keeping detailed records of express and implied consent. The definition of implied consent was challenged for the first time in October 2016 when Blackstone Learning Solutions Group was fined $640,000 for mass-emailing employees of government institutions using publicly available email addresses. The company may have had implied consent, but having no records of where and when the emails were collected, as well as no proof of relevancy or potential withdrawal statements, is unlawful. After the appeal, the fine was reduced to $50,000.
CASL compliance
Here are some key things to remember about CASL in relation to your event marketing efforts. Firstly, if the CRTC is to investigate you, they will take your intentions into consideration. Demonstrating your willingness and efforts to comply with the law is very important, and can be proven through marketing plans that outline how you obtain your contacts, as well as staff training plans. When it comes to promotional eblasts, the opt-in language you use needs to be clear and transparent, and you must respect the 10 day deadline to cease sending emails if someone unsubscribes. You also need to implement an accurate, real-time storage system that allows you to prove each and every opt-in, updating the current status of each individual as their circumstances change. This should show where they came from and record complaints/resolutions.
CASL: A deep dive
With more than half of marketers saying they would increase email marketing budgets in 2017, and the consistent ROI it delivers, the temptation to grow subscriber lists to enormous levels and blast promos at will has been high for much of the 21st century. CASL was introduced to thwart the efforts of spammers in Canada in hopes of curing email clutter for the average consumer. You may not consider yourself a spammer as an event marketer, but CASL applies to you nonetheless. While you may perceive CASL compliance as one big headache, we want to encourage you to take the time to be discriminate about your email lists. Not only will your marketing efforts be in line with Canadian legislation, but your brand stands to benefit considerably as your open and click-through rates improve!
What follows is a deep dive on the ins and outs of CASL as laid out in the CASL Compliance eBook:
Consent
- Express consent is valid for as long as the person doesn’t unsubscribe.
- Existing business relationships (i.e. emailing a customer): valid for 2 years, with the burden of proof of tracking this on the marketer.
Also applies to existing non-business relationships (i.e. You are a charity, a political party or a candidate and the recipient has provided you with a gift, a donation or volunteer work. You are a club, association or voluntary organization and the recipient is one of your members).
- B2B marketers: if an email address is conspicuously published, and your message applies to them in a business/official capacity, and if no bots were used for collection, this form of consent has no time limit. Attach a screenshot of the published email to the file as proof.
- Personal Relationship Exemption: emails must be sent from an individual, not an organization. There is much to prove about your relationship with them, past exchanges, and how you know them personally.
Collecting consent
- Consent consists of a positive action. No pre-filled checkboxes or bundling consent with another transaction (eg. offering an eBook expecting an email in return).
- Mandatory statements:
- Identify what kind of messages you will send
- Identify your company name and address
- Identify the email or phone number of the person that will handle queries
- Inform people they can unsubscribe at any time
- About third parties: if your association wants to send a message to your email lists from one of your sponsors, you must clearly identify yourself and the fact that you are sending this message on behalf of your sponsors.
What is implied consent?
- Social media interactions (likes, votes, friends, followers…) do not count as legitimate personal relationships.
- As a customer, CASL allows the organization to email an individual for 2 years from the date of the last recorded transaction unless they unsubscribe.
- If a customer makes another purchase, the 2-year clock resets. But accurate and real-time record keeping designed to manage the changes in their email marketing relationships as defined by CASL is crucial.
- If a prospective customer inquires about your services, the 2-year clock also applies, and resets upon conversion from individual to customer, or upon re-inquiry.
No need to delete your prior list
- Along the way, in the normal course of business, the organization can invite them to re-opt in under CASL regulations so they have express consent under the new law.
- At DMAC, they assessed each name individually. If someone has not opened any of their last 5 messages, they unsubscribed them, even if the person has given express consent to email them.
- CASL can therefore foster good habits with regards to keeping your email list clean and efficient.
Defining a commercial electronic message checklist
- Is the message intended to generate business?
- Is the content intended to move the individual closer to buying?
- Is the message advertising, offering, or promoting a product or service?
- Is the message promoting a person?
CASL around the world
- How do you know if the person you are emailing is Canadian? Obviously, if their email address ends in .ca, they are very likely Canadian. The CRTC would take the position that the organization “must reasonably believe that the message would be received in Canada”.
- If they have a Global email address like gmail.com, yahoo.com, or hotmail.com, it is difficult to know where they are receiving the email. In these cases, an organization may not know where the recipient is located and the organization cannot be expected to comply to CASL.
- If you are CASL compliant for your Canadian email practices, you may want to simply carry them over to your international dealings as well, rather than trying to run two data management systems.
Still unsure about a specific CASL provision, or need help in becoming CASL compliant? Don’t hesitate to reach out to us!
Article by Justin Mulfati
Justin is passionate about bridging the gap between art and business, and is constantly on the lookout for great event marketing content to share with the sensov/ community.