Get Ready for CASL (Canada’s Anti-Spam Law)

Get Ready for CASL (Canada’s Anti-Spam Law)

Please don’t sue us for telling you about the new anti-spam laws.

For those of you who haven’t heard, Canada’s new Anti-Spam Legislation (CASL) is coming into effect July 1st. Not sure what this is or how it may affect you? Then this is the spot for you! Full disclaimer before we start (and you may not believe this), but we’re not lawyers over here! This is our view on the matter and the law almost seems purposely vague so there is lots of wiggle room. For the real experts, please visit the links at the bottom of this page – especially since the details seem to change monthly.

What is it?

In an effort to stem the flow of unsolicited commercial electronic messages (CEM) we receive daily, the government of Canada is putting new legislation into effect that will force all Canadians to rethink our relationships before pressing send. What is an electronic message? Emails, texts, social media and instant messages. Pretty much everything except faxes. The true definition is still pretty vague but if a CEM links to a company, URL or any sort of promotion, then you could be found guilty.

So what?

Big fines that’s what. The CRTC is expected to crack down hard initially to make sure we take this seriously. The maximum personal file could be up to $1M and for corporations – $10M. That’s a lot of cheese. It’s important to walk into this with our eyes open, as ignorance could mean the end of your company.

Who is exempt?

Conveniently enough, politicians. No surprise there. If you’re NOT a politician (which you probably aren’t if you’re reading this), then the following also put you in the ‘a-OK to hit send’ category:

  • Immediate family members (husband, wife, parents, children).
  • People you can prove you have a personal relationship with (only individuals to individuals, not companies to individuals).
  • People can send you an email to inquire about your business.
  • If someone has emailed you asking for a response, then you are still allowed to email them back.
  • Inter-office communications, if they relate to your business (no more asking co-workers to sponsor your next run).
  • B2B communications are still OK, so long as the two organizations have a relationship and the email concerns activities of the organization.
  • 3rd party referrals are a one-time exception only. The referrer must have a joint relationship and disclose both parties. So, if you think your friend would enjoy a product or service, you can refer them, but then the company can only contact them once.
  • If you have engaged or purchased from a business, they can still send quotes, warranty information, receipts, etc. So, if you have NOT consented to an airline’s newsletter, they can still send you your ticket if you purchase a flight. Phew.

OK, so I am not exempt. What do I need?

If you are not exempt then you need to meet formality requirements and have consent (either expressed or implied).

What are the formality requirements?

All of your emails must have:

  1. Name of sender (this could be your business).
  2. Mailing address AND either your website OR email OR phone number.
  3. A functioning unsubscribe mechanism (this can still link to a website with an “are you sure” message, but if they are really, truly sure, you have to ensure they don’t receive any more messages within 10 days).

OK check, I have met those requirements. Now what’s all this about consent?

There are two types of consent – implied or express.

To get express consent, you must:

  • Say what you will be sending (e.g. news, coupons, cute cat photos, etc.).
  • Identify who you are.
  • Have a statement saying that “consent can be withdrawn at any time”.
  • Get (and keep records of) actual permission to send that person CEMs.

Implied consent is given if:

  • The recipient has personally and publicly posted their email address. This isn’t digging through LinkedIn or using some other email aggregator. This is a person posting their email on a website so people can contact them. Be sure to take a screen grab and save it to be on the safe side.
  • If someone gives you a business card, you can contact them UNLESS they have it written not to contact them on their card (I wonder who will be the first to do that?!).
  • If you have an existing relationship (business or personal) you can contact them for up to two years after your last business transaction. So, if you have a client you haven’t heard from for awhile, you can still reach out to them for up to two years.

So, the million (or $10 million) dollar question is – what about the emails already in my database?! 

First ask yourself – where did these emails come from, and do I have proof? If you have been getting people to opt in all along (and can back this up), then chances are you just need to send an email to have them comply with formalities. For example, if someone opted in to getting your email messages when signing up for a contest, you can issue an email to them reinstating who you are, what sort of communications you will send, reminding them they can opt out, and letting them know that they’ll stay on the list until they do so.

If you’re like the masses who have no clue where some of their emails came from, then you need to send out an email asking for express consent before July 1 (you’ve probably received a number of these in the last couple weeks). Some companies are reporting that they keep just 10% of their list. Yikes. Good news is you can use promotions, valuable content or contests to get people to sign up again. So, put on your marketing hat and be smart about enticing people to give you express consent.

Great. So what else do I need to do?

  • Keep records of consent. Start building out filing systems so you can easily access this information. Examples could be screen grabs, previous emails granting consent, business transactions, etc.
  • Make sure your opt in check box (on your email signup form) is CASL compliant. You cannot pre-check the checkbox for the user. They have to actively check it. You also need the words “You can withdraw your consent at any time” displayed.
  • Review your business insurance. Now is a good time to review our insurance and make sure you are covered for this sort of thing. With fines this large you’d be lucky to be still standing otherwise.
  • Make sure you have a functioning unsubscribe option. This seems pretty straight-forward. If you’re using blasting software like Mail Chimp or Constant Contact then this will already be covered. If you like to send out emails via Outlook or Gmail perhaps then you will need to offer a function to unsubscribe. At ZGM, we are simply adding a line to all outbound email signatures saying something to the effect of If you do not wish to receive emails from me please respond to this email with the subject “unsubscribe”. The trick will be to manually keep track of anyone who unsubscribes at that point. 
  • Review privacy and office policies. Make sure they reflect the new rules.
  • Check your computer program compliance. If you have a CRM, you might want to look into it more to make sure it’s up-to-date with the new law. We’re not going to touch this in a blog, but trust us, there is a lot you need to know. Visit the links at the bottom of the page to get the dirt.

Here are some more in-depth links from people way smarter (about law) than us:

Bennett Jones

Miller Thompson on Not-For-Profits

Davis LLP


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>