7 steps to take for CASL compliance

Complying with the new Canadian Anti-Spam Legislation (CASL) will require anyone that uses e-mail for business and commercial purposes to ingrain asking for informed consent into their DNA.

That was the key message at E-mailing Prospects – When is it OK?, an education seminar organized Wednesday by the Canadian Channel Chiefs Council (C4). Stephanie McManus, a lawyer with Compliance Support Services, walked attendees through the anti-spam legislation, which will mean major changes for those that use email as a part of their business.

“It doesn’t just concern spammers,” said McManus. “It touches on every form of electronic communications that’s out there and it’s one of the most onerous pieces of legislation out there in what it demands of email marketers.”

Many everyday business activities will be covered, such as sending an email to a customer or prospect, operating a company web site, making a mobile application available for download, and even installing computer software. Sending commercial messages such as emails, texts and instant messages are all captured. And while a “grace” period is currently underway where some of the rules are relaxed and “implied” consent is acceptable for communications, the law will be fully enforced by July 1, 2017 so now is the time to adjust your business processes.

What makes CASL tougher that similar legislation in other jurisdictions is the requirement for an express “opt-in” regime.

“You can’t just allow them an unsubscribe option as in other countries,” said McMannus. “You will need to have a record of express consent with each person you communicate electronically.”

The ongoing maintenance of that consent list will be one of the biggest challenges for companies, said McManus. Using an automated system such as Constant Contact will likely be necessary to avoid a significant logistical challenge. And there are specific rules around what constitutes consent.

The legislation casts a wide net, and it’s unclear how the government can reasonably hope to enforce and police compliance. Still, McManus said the key word to consider is commercial – if it’s about business it’s a commercial message. And after July 1, 2017, you won’t even be able to send someone an electronic message to ask for their consent.

“You must be cognizant in any conversation that may result in a business relationship that you should ask “can I communicate with you electronically?” and write down when and where,” said McManus.

There are several exemptions for the need for express consent, but they still require consent being requested in the first message. For example, if a colleague refers someone to you that they have a business relationship with, if someone hands you a business card, if a prospective client contacts you or if you have a personal relationship with them.

The legislation also requires express consent for installing programs, with requirements for disclosure of what the program does and options to uninstall.

Overall, the key, said McManus, will be recording consent for communications, including who it came from and at what time, as you need to be able to prove it if challenged.

“It’s going to have to become part of your DNA, the requesting consent and recording it,” said McManus. “That’s the only way to realistically comply with this law, making it part of your routine.”

With the enforcement of the legislation looming, McManus said companies need to put in place their CASL compliance plan now. She recommends following these seven key steps:

1/ Who should be on your team?

2/ What requirements apply to your business?

3/ Audit and document current practices

4/ Resolve preliminary “interpretation” issues

5/ Develop and document a CASL compliance plan

6/ Implement the CASL compliance plan

7/ Monitor, track and update the CASL compliance plan

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
Jeff Jedras is a technology journalist with IT World Canada and a member of the IT Business team. He began his career in technology journalism in the late 1990s, covering the Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada and the channel for Computer Dealer News. His writing has also appeared in the Vancouver Sun & the Ottawa Citizen.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs