A marketer’s guide to being CASL ready

Bret Conkin is the chief marketing officer for FundRazr, Canada’s biggest crowdfunding platform. He has prepared this list of tips for marketers, in advance of Canada’s Anti-Spam Legislation (CASL). This post appeared as part of our Twitter chat on Sept. 23, held at the hashtag #beCASLReady. Check out his post below for his tips!

If you send email from or to Canada, then you need to know about Canada’s Anti-Spam Legislation (CASL) so you can start preparing now. Here is a guide with some examples of the marketing impact of the new legislation on our business FundRazr. There is still some grey in some of the provisions, so stay tuned.

As background, FundRazr is Canada’s largest crowdfunding platform. We send email to over 20 countries including Canada, from Canada. We have 70,000 social media followers and we send a large amount of email and other commercial electronic communications like Facebook notifications.

What is the goal of CASL?

To prevent spamming, hacking, malware, fraud, harvesting and privacy invasions in Canada. Or in government-speak – in the interest of promoting “the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities.”

What are the most crucial parts of CASL that businesses need to know about and comply with?

1) Check your Consent. 2) Fix your Content. 3) Start Now. 4) Fewer headaches later. The sooner you adjust the less cleanup once CASL hits.
• Need permission before sending email.
• Need to be able to prove the permission with clear consent.
• No false or misleading subject lines or from names. Clearly define the sender.
• No pre-checked boxes on forms. Consent needs to be an affirmative action.
• Unsubscribe features must work and take place within 10 days. A valid unsubscribe link must work for 60 days after the send date.
• No sending an “Are you sure you want to unsubscribe?” email to confirm unsubscribes.
• Must include a valid postal mailing address and either: web address with contact form, email address or phone number.
• Both organizations must be disclosed if you are sending “on behalf of” another organization.
• Charities are included if they are selling or soliciting (e.g. donations).

One issue we’ve considered at FundRazr is around No-Reply emails like the Reply-To: The FundRazr Team [email protected] used for this newsletter.

Under CASL, disclosing the sender and making contact easy is prescribed. Like other businesses, we’ve used them in the past to avoid out-of-office replies flooding our inbox. We’ve decided to move away from this practice as the benefits of cleansing our list and making it easier for customers to talk to us far outweigh the drawbacks. See more at Elite Email Inc.’s blog post.

What are the biggest implications of CASL for businesses?

CASL changes the way we get permission and how we communicate online with severe repercussions for non-compliance. Records of clear consent need to be kept and date stamped. Partner programs are an example of an area where CASL has an impact.

We offer a Crowdfunding as a Service solution for other businesses wishing to offer crowdfunding to their customers who need funding, called Powered by FundRazr. All on-behalf electronic communications related to this plug-in offering will need to disclose both organizations, e.g. FundRazr and Collegiate Club Sports.

Another example is keeping business cards that prove the recipient shared their address with you (and did not specifically ask not to be sent emails.) Or better yet, using Card Munch or customer relationship management software – FundRazr uses Highrise – to date stamp the contact.

Businesses with an offline component like a storefront, tradeshows, or events need to find ways to keep records of consent when they gather emails without a business relationship – like a purchase or contract – in place.

What can businesses do to prepare for CASL?

1. Take inventory of databases – what’s being sent to whom and why:
At FundRazr, we have started to segment all databases by their consent level and exact timing. Prior to the legislation we classified the databases by month, which would be risky going forward.

2. Check existing consents and their wording:
Determine where consent obtained is expressed and where it may be implied (e.g. current business or non-business relationships).

3. Identify exceptions:

a. Family/personal relationships.
b. Inquiries/requests to/from recipient.
c. Employees of organizations or other organizations where business relationship exists.
d. Enforcing legal rights.
e. Visitors to Canada.
f. Transactional emails (without marketing language).

4. Robust data management:
For example managing two-year and six month time limits under CASL for implied consents, unless upgraded to express consent, with “stop send” dates in system.
At FundRazr, we cleanse our lists quarterly, do not mail to customers more than 12 months old and try and ensure express consent as much as possible.

5. Upgrading to express consents:
Send out re-confirmations (CASL-compliant requests) to achieve opt-in express consents, where necessary. E.g. Language like “We want to make sure our subscribers get the right information. Please verify your address here.”

6. Ensuring CASL-compliant unsubscribes:
This must be functional for at least 60 days, no cost to recipient, should use the same means as original CEM, includes either an electronic address or a link to which the unsubscribe may be sent, and is processed without delay and within 10 business days.
At FundRazr, we clean our lists of unsubscribes weekly and meet the other requirements, so this has not had a real impact.

7. Auditing Social Media Messages
Review communications. Check the function of your messages and where they’re sent. It’s also important to determine what is caught by CASL and the requirements for compliance. Here’s an additional resource from Davis LLP.

How can businesses maintain relationships with customers and start new ones with CASL coming into force?

Ensure consents; upgrade consents where necessary with existing customers and put in place database management mechanisms. Keep Privacy Policy and Terms of Service current and in compliance.
FundRazr’s Privacy Policy example can be viewed here.

What kinds of third-party services can companies turn to?

FundRazr uses Mailchimp and SendGrid, Mailchimp for campaigns and SendGrid for transactional emails. Mailchimp provides a great resource on anti-spam compliance here.

Elite Email also seems to be providing very good insights into CASL on its blog.

In other words, these services can help guide you as they help manage compliance on a by-market basis. Other benefits include deliverability and accessing the latest technology. When sending emails without third-party providers, ensure all aspects of CASL are followed.

Further, the social media platforms also provide regulatory compliance assistance for marketers using features like Facebook authentication. These platforms build in explicit consent mechanisms and can be very useful options for online businesses. Currently all FundRazr campaign creators must authenticate with Facebook or Google + which helps ensure explicit consent.

What are some good strategies to elicit consent from customers, in light of CASL?

Clear Terms of Service. Double opt-in. No pre-selected boxes on forms. Clear language. Understanding database management requirements.

What kinds of penalties can businesses expect for flouting CASL?

Maximum penalty for a violation is $1 million for an individual and $10 million for a business. Directors and officers can be personally liable. See more at this blog post from Davis LLP.

Can you share any tips for small businesses that need to be mindful of CASL?

Study the regulations and be ready beforehand. Note that the CAN-SPAM Act of 2003 and CASL regulations differ. FundRazr is already compliant with CAN-SPAM, but key differences that CASL introduces that we had to note include:

a. Text, social media notifications and messages, instant messaging and “computer programs” are now covered.
b. Opt-in vs. opt-out
c. More specific disclosures

CAN-SPAM only covered email and since FundRazr is a platform and social media application, we needed to review additional messaging to ensure compliance. The specific provision about express consent for software applications can be found here.

So, check out the resources included here and on and continue to do your homework. That way, your small business will be ready for all of the changes with CASL – and you’ll be ahead of the curve.

Bret Conkin
Bret Conkin
Bret Conkin is the Chief Crowd Evangelist of CrowdfundSuite, an alternative finance consultancy and campaign manager. CrowdfundSuite has helped international developers; hedge funds, entrepreneurs, film producers and hardware companies raise over $40 million online. Bret is an ambassador for the National Crowdfunding and Fintech Association of Canada and regular blogger and speaker at industry events.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.