Canada’s Anti-Spam Legislation (CASL), the anti-spam bill that targets businesses that send email and other digital messages to people without permission, will start coming into effect July 1, 2014, according to an order made today by the federal government.
The bill gained Royal Assent in December 2010 but has been in limbo while debate around its exact regulations was at issue. Businesses wondering what exemptions would apply to sending email and what they would be required to do to gain permission to send email now have a more clear picture. The legislation carries penalties that start lower for first-time offenders, but can go as high as $1 million in fines for an individual and $10 million for companies. But businesses will have time to get ready for many of the new regulations in CASL as some do not come into effect in 2015 and 2017.
Industry Minister James Moore announced the finalized regulations and deadlines for coming into force today. It’s the final steps to a process that started in 2004 and is being described by some as the world’s most stringent anti-spam law. There will be three agencies responsible for enforcing CASL – the Competition Bureau of Canada, the Office of the Privacy Commissioner of Canada, and the Canadian Radio-television and Telecommunications Commission.
Excuses for wait around to implement CASL compliance have just evaporated, according to Robert Burko, president of Elite Email. There’s now a definitive deadline to make sure you’re following all the rules.
“While this new timeline is sure to send shockwaves through the marketing community… it could actually help legitimate marketers,” he writes in an e-mail to ITBusiness.ca. “The key thing on everyone’s mind should be making sure that over the next eight months, proper consent (as defined by CASL) is secured for everyone on your mailing list.”
First to come into effect next year are most of the regulations outlined in the act, which prevent sending an electronic message to person unless consent was received or implied. The messages must also identify the sender of the message, make the sender available for contact, and have an unsubscribe mechanism.
It’s important to keep in mind the obvious exceptions to CASL. Personal messages are not affected, of course, and messages sent within an organization are not affected.
* Messages between organizations that already have a relationship
* Messages sent for legal reasons, messages sent on behalf of registered charities
* Messages sent on behalf of a political party or candidate
* Messages that are sent based on a referral made by a third party
* Messages sent to existing family and personal relationships
While the bulk of the act will be in place within eight months, there are other aspects that will roll out over the next three years.
“It sort of appears like the government is doing a slow roll out of CASL enforcement,” Burko says. “At the outset, it seems like it will be the government enforcing the administrative monetary penalty, whereas in July 2017, individuals may apply to the courts to seek compensation for CASL violations.”
Regulations coming into effect Jan. 15, 2015 are those pertaining to computer program. Finally, on Jan. 15, 2017, regulations around the Private Right of Action will come into effect.
There’s a new rule book coming out for all digital marketers. It strikes at the core of many of the most common online marketing activities (like e-mail marketing), setting strict standards in the fight against unsolicited commercial messages.
This new set of guidelines is being bound right here in Canada. This rule book is known as CASL, aka Canada’s Anti-Spam Legislation aka FISA – Fighting Internet and Wireless Spam Act (or for those really wanting to get technical, “Bill C-28”). Since this new proposal received Royal Assent in 2010, it has slowly but surely popped up on the radar of many marketers. However, many still remain in the dark about the profound effect this new legislation will have on online marketing activities. CASL warrants the attention of marketers, especially so they don’t get blindsided when it takes effect.
The new law isn’t merely making suggestions at what should or should not be done. It actually carries a powerful punch in regards to the penalties that can be sought out for violators. Anyone can bring a lawsuit against a sender for a maximum penalty of $1 million in the case of an individual or $10 million in the case of a corporation. So, maybe if you’ve got millions of dollars hidden under your office desk, you don’t need to pay attention to this law, but I suspect for most marketers it’s a lot more cost effective to wise up and pay attention to the new rules.
Although the legislation is Canadian-based, it’s not a law that exclusively focuses on Canadians. Any “consumer electronic message” (abbreviated to “CEM”) that is accessed using a Canadian device is under the jurisdiction of CASL. This means that even if a completely American-based entity sends out a newsletter, if that is received by people using Canadian devices, then CASL is in full effect.
CASL will be enforced as of July 1, 2014. It’s been a long time coming, having received Royal Assent in December 2010. The reason for the delay is largely due to the complexity of the legislation. There are a lot of moving parts, a lot of broad changes, and lots of opinions coming out of the second draft of the regulation that was published in January 2013.
The current legislation is long, really long. If you want to read it in its entirety, you can see it online here. The government is attempting to make this legislation incredibly comprehensive, but here are some of the key highlights:
* Consent, Consent, Consent… and more rules about consent. A key focus of CASL is detailing the exact ways you can acquire consent to send CEMs. Moreover, it makes consent an absolute requirement in most scenarios.
* When obtaining consent, it must be an affirmative action. This means you cannot pre-check a form field to obtain legitimate consent.
* Your message must have a working unsubscribe mechanism.
* Unsubscribes cannot be confirmed. So, there is no sending of “Are you sure you want to unsubscribe?” e-mails.
* No misleading or false subject lines or sender names. Essentially, you cannot hide who you are and must make it very clear.
* Must include a valid physical postal mailing address and one additional form of contacting the sender, which could be a Web form, email address or phone number.
* When sending on behalf of another organization, all organizations must be identified.
* If you send an initial e-mail to someone based on a referral, the person who made the referral must be stated in the message.
When should I start preparing?
While the new legislation isn’t going to be in effect for some time still, the truth is that the sooner you start preparing the better. In short, there’s no time like the present to take a good long look at your digital communication practices (for most organizations, the cornerstone of this is email marketing). Although the new rule book has not been set in stone, the underlying concepts are structured well enough that any marketer can take immediate action.
Plus, if you start taking the right steps today, you can do so calmly without being in a panic situation when CASL takes effect. Better to be ahead of the curve on this one!
With Canada’s Anti-Spam Legislation (CASL) slated to go into force soon, businesses will no longer be able to send commercial electronic messages like emails and text messages to their customers, unless they have explicit consent.
It’s a sea change for the world of marketing, and we wanted to help businesses prepare for it by hosting the #beCASLready chat. Thanks to everyone who participated, especially our guest experts, John Lawford, executive director of the Public Interest Advocacy Centre (@CanadaPIAC), and Bret Conkin, chief marketing officer at FundRazr (@bretconkin).
Read below to see what people were tweeting about:
As many Twitter chat participants observed, CASL is slated to prevent spamming and privacy invasions in Canada, as well as to foster good business practices. After all, businesses sending mass emails to customers is not necessarily a way to drive sales, and consumers want to see a drop in the amount of spam, as well as to maintain a modicum of control over commercial email.
However, as ITWorldCanada.com editor Howard Solomon observed, Canadian laws may not do much to prevent spam from landing in our inboxes, when the source of the spam is headquartered in other countries.
At the time of this chat, most participants agreed CASL would go into force by fall 2014. Since then, the federal government has announced it will be in force on July 1, 2014.
The biggest implication of CASL is that businesses have to seek permission from their customers to continue to send them messages. Communicating online carries severe repercussions if businesses do it badly, noted Bret Conkin of FundRazr.
To get that permission, businesses need to explicitly ask, and avoid just giving customers pre-checked boxes on forms, PIAC said.
Conkin added businesses should make sure they can prove they’ve received permission by capturing IP addresses, timestamps, as well as identifying a consent mechanism. Plus, marketers should carefully segment their databases.
To get in shape for CASL, businesses should take stock of their databases, go through existing consents, and identify exceptions, Conkin said. They should also ensure they’ve robustly managed their data, upgraded express consents, and ensured they’ve been compliant with people who have chosen to unsubscribe – and last but not least, they should audit their social media messages. Essentially, it comes down to managing lists properly, he added.
Third-party services can help businesses deliver their messages, while using the latest technology, Conkin observed. Some of the services named included MailChimp for campaigns, SendGrid for transactions, iContact, Benchmark, PinPointe, Constant Contact, Campaigner, Selligent, GetResponse, and Mailigen.
In asking for consent, PIAC also recommended avoiding offering customers deals or coupons to encourage them to opt in. The reality is, they would only give consent to get things – and they would probably revoke it soon afterwards, PIAC noted.
While the prospect of a $10 million penalty sounds huge, most Twitter chat participants agreed the federal government would likely give businesses a warning first. Then they might get a notice of violation, a small fine, and then potentially a bigger one, if the businesses were to continue to break the regulations surrounding CASL.
There’s a lot of fear around CASL, said one chat participant – however, the government has noted there will be a soft transition period.
Businesses also need to remember texts, social media notifications, instant messages, and computer programs all fall under CASL regulations, Conkin said.
We have all been the victims of “spam” at some point in our lives. It is almost daily that we receive some form of unsolicited e-mail message attempting to get us to buy something that we are not very interested in.
According to the Cisco 2008 Annual Security Report, Canada was ranked fourth on the spam by originating country list. E-mail messages, as most of us know, is a common vehicle for the delivery of online threats like spyware, phishing, and malware.
Many businesses, both Canadian and American, have an email marketing strategy. Currently, American businesses must ensure that their e-mail marketing efforts comply with the United States’ CAN-SPAM Act of 2003. Currently, Canadian businesses have no such requirement; however, this will change when Bill C-28 (Canada’s Anti Spam Law, or “CASL”) comes into force July 1, 2014.
Essentially, what CASL does is prohibit the sending of unsolicited commercial electronic messages unless “the person to whom the message is sent has consented to receiving it, whether the consent is express or implied.” It is worth noting that it covers electronic messages and not just electronic mail, unlike CAN-SPAM. These messages must also contain identifying information and a way for the recipient to contact the sender. If a business runs afoul of these requirements, they may be subject to sanctions. There will be a maximum $10 million penalty for CASL contravention by businesses, which one should note is significantly higher than those under CAN-SPAM.
For all intents and purposes, if you are using a popular e-mail marketing package, and following best business practices of confirmed opt-in or double opt-in then you are most likely in compliance for e-mail purposes with CASL and CAN-SPAM. However, other areas are not so clear.
A good illustration of the importance of the difference between CASL and CAN-SPAM are those pesky LinkedIn messages where some person in your network (or not) wants to sell some service to you. In my opinion, this would run afoul of CASL, because you had not agreed to be solicited but would most likely be in compliance with CAN-SPAM, since you had not opted out of such an electronic message.
Perhaps the most important distinction between CASL and CAN-SPAM is the difference in consent requirements contained in each piece of legislation.
CASL requires that customers must “opt-in” to accepting the message, whereas CAN-SPAM requires that the user to “opt-out” from receiving any further electronic messages from the sender. In other words, the CASL requires that users explicitly indicate that they wish to receive the message in question. In contrast, CAN-SPAM assumes that recipients of an unsolicited message have implicitly consented to receiving said message until they indicate that they no longer wish to receive it.
This being said, there are circumstances in which the CASL assumes implicit consent to receive unsolicited emails, such as if a user has “conspicuously published” their e-mail address and did not indicate that they do not wish to receive unsolicited e-mails.
In their blog “Opt-in vs. Confirmed Opt-in vs. Double Opt-in,” MailChimp has a very good description of the differences between Opt-out, Opt-in, Confirmed Opt-in, and Double Opt-in (the MailChimp recommended practice). In a nut shell, “opt-out” is where you have a checkbox on your site that is automatically checked which the user has to deselect to opt-out of receiving e-mail communications. With an “opt-in” consent process, you are asking someone to explicitly opt-in to receiving e-mail communications. A “Confirmed opt-in” or “Double Opt-in” consent process means your customer has to explicitly indicate that they want to receive your email not once, but twice. This is the most stringent consent process and is the best indicator that the user does genuinely want to receive your email newsletter.
Practically speaking, if you are a company who uses MailChimp or Constant Contact (two of the most popular email marketing platforms) then you are most likely following best business practices and doing more than is required to be in compliance with the legislation. MailChimp email newsletter signup forms use a double opt-in consent mechanism and ConstantContact explicitly says that it “…does not allow the uploading of purchased or rented lists, lists obtained from third parties or associations, or lists that have been appended. All lists presented to Constant Contact must be “opt-in” or “confirmed opt-in,” (ConstantContact Confirmed Opt-in User Guide).
E-mail marketing has traditionally been and even today is a very effective form of marketing. The passage of CASL will likely be anti-climactic for many businesses.
For those who still send unsolicited e-mail messages using questionable marketing lists, your days will be numbered. What remains to be seen though is how broadly the term “electronic messages” will be interpreted by CRTC. Will it be interpreted narrowly to only include e-mail messages or more broadly to include messages through Facebook, popup-ads, or LinkedIn solicitations?
Until we know how these issues will be decided, it seems to me that following best practices in all areas of online communications is not only a good rule of thumb, but will also keep you in the right side of the law.
Try this riddle: Name something that you don’t want but you get lots of it everyday. Something that you can read, but you can also eat. Something that no one really reads, but many people write.
Stumped? The answer is spam.
Adam Kardash, was formerly a partner at Heenan Blaikie LLP. He focuses on privacy and information management law and he’s here to tell us all about spam. Or more specifically, Canada’s effort to eradicate it.
Canada’s Anti-Spam Legislation, known as CASL promises to cut down on the amount of spam that floods our inboxes. It will require businesses to receive consent from a person before sending them a commercial e-mail. It’s coming into force July 1, 2014.
Brian Jackson: Adam, this legislation received Royal Assent in December 2010. Why is it taking so long to come into effect and why is it unclear about when that will happen?
Adam Kardash: The act was passed but it won’t come into full force until the regulations are worked out. The Industry Canada regulations haven’t been worked out yet and there’s been a lot of concern from businesses about the unintended impact of this legislation. So between the behind the scenes and formal consultations, it’s just taken a lot of time. There’s three bodies involved in enforcement, the Office of the Privacy Commissioner of Canada, the Canadian Radio-television Telecommunications Commission, and the Competition Bureau of Canada.
Brian: Who should be paying attention to this legislation?
Adam: In short, all businesses should be worried. It’s very broad scope in legislations and all businesses will be caught, especially those businesses that have large databases for email or purposes of text messaging. They’ll be impacted significantly.
Brian: What are the risks of not complying?
Adam: This is what’s of concern to organizations, the fines are steep. There’s administrative monetary penalties of up to $10 million per contravention. Most importantly there’s a private right of action of up to $200 per violation, so a single e-mail or text message is considered a contravention of the law, so it’s a big concern.
Brian: Is dealing with CASL something I can get started with now or should I wait for the final legislation?
Adam: Many organizations have begun their compliance efforts and there’s two key parts. First you have to do an inventory of all the commercial electronic messages that you are currently or intending on sending. After that, you have to go through and bucket each type into the different type of categories, and then you have to figure out what your compliance obligations are for each category. It’s quite technical.
So why does everyone hate spam so much anyway and why would the government want to take action against it? We take a look at the history of spam and some of the negative effects in has on our planet (literally).
Meet the Father of Spam. If you’ve ever received spam on your computer, your smartphone or your Facebook page, it can arguably trace its lineage to the unsolicited marketing e-mail sent some 34 years ago by Gary Thuerk. The message was sent to about 400 users of the more than 2,600 people using ARPANET, the predecessor of the Internet. That e-mail earned Thuerk $12 million in sales of computer parts, the ire of ARPANET users, and the moniker Father of Spam.
Today more than 70 per cent of all email is spam. Spam wastes time, cost money, eats up computing power, spreads malware and is just plain annoying. But Ottawa has plans to put your inbox on a spam-free diet.
Thanks to social networking, spam has gone viral.
Security software firm Symantec Corp. reports that scammers have even found a way to exploit the recently popular Pinterest social network. Pinterest allows users to create virtual cork boards, pin content from other external Web pages onto these boards, and then share their boards with others.
If an unsuspecting Pinterest user clicks on the link for one of the scam images, he or she is taken to an external website. The website states that in order to take advantage of the offer, they must re-pin the offer onto their own Pinterest board. This helps propagate the scam, as it now gains further credibility by being posted by a trusted source. Some of the trusted source’s followers subsequently fall for the same scam, then their followers as well, and so on.
We are now getting spam in our mobile phones as well. Spam calls don’t only waste your time, they also cost you money. Text messages can cost money if you’re on pay-as-you-go plans, and sales calls deplete your valuable voice minutes.
Our email junk folders are overflowing with spam but this and the next slide says that spam is also contributing to green house gas emissions. A 2009 report by security software company McAfee and climate change researchers from ICF International calculated that a single spam message’s carbon footprint is equal to that of a car driven for about three feet.
The amount of energy needed to transmit, process and filter spam globally is equal to 33 billion kilowatt-hours a year. That’s enough electricity for 2.4 million homes or the same green house gas emissions produced by 3.1 million passenger cars guzzling 2 billion gallons of gas.
Energy expended on a single spam email is enough to propel a car three feet. Multiply that by 95 trillion spam messages sent in 2010 and you’ve got enough fuel to take a road trip around the world 2 million times.
Energy spent viewing and deleting spam, searching for false positives and spam filtering are the top three sources of carbon emissions associated with spam. Interestingly enough, the effort to create spam campaigns, send out spam and harvest users address account for much less CO2 emissions.
So you get spam in your inbox and you just delete it. No sweat. Not really, because according to WebpageFX the time spent by everyone reading and manually deleting spam is 4,700 times more than the man hours spent building the world’s tallest building.
Some people are lucky enough not to receive any spam calls. Others get it frequently. Here are four ways to help you cope with mobile spam. (Image from gottobemobile.com)
Prepare your company for CASL by watching this webinar from legal experts at Osler LLP.
Watch this trailer and click here for the full on-demand comprehensive webinar:
Align your brand with leading journalistic reviews on topics of your choice. Demonstrate your company’s expertise. Build awareness and leads.
Formatted much like a digital magazine and viewable on any device, Page Books provide you with the perfect opportunity to profile your brand and/or your expertise together with a collection of syndicated content sourced from IT World Canada media properties.
FOR MORE INFORMATION ABOUT PageBooks, CONTACT:
Brad McBride, VP Sales, firstname.lastname@example.org, 416.290.0240, ext. 354
David Hamilton, Senior Account Manager, email@example.com, 416.290.0240, ext. 125
Desere Cowin, Senior Account Executive, firstname.lastname@example.org, 416.290.0240, ext. 174