Do you think it’s unreasonable to be fined 1 – 10 million dollars for sending an unsolicited email? Sure, who wouldn’t. The new CASL legislation, the first phase of which is coming into effect July 1st, 2014, is going to hold businesses accountable for their email broadcasts. And the fines are incredible—some would say unreasonable.
Regardless of what you think of the fines, CASL is making small to medium sized businesses ask a lot of questions. There is much speculation about what will be legal, and what will be illegal after the law takes effect. And with the first phase of CASL starting up at the end of this month, things just got real.
What is CASL for?
CASL is designed to protect Canadians from receiving unsolicited commercial electronic messages (CEM). That means any type of CEM including texts, emails, malware prompts… It is meant to foster a sense of protection for Canadians online.
Canada will now have one of the most stringent anti-spam laws in effect across the globe, and it is likely that other countries will follow suit. The plus side is, the law will discourage businesses from abusing email lists. Unfortunately, it will probably have little to no effect on actual spam. You’ll still get a ton of Viagra discount messages in your inbox.
Regardless of whether you agree with the law, you need to know how CASL affects your business.
Implied or Express Consent
Here’s the main benchmark by which to measure the people on your email list. There are two types of consent. Implied, and express (also referred to as explicit). An important point: implied consent is okay, express consent is best.
Implied consent means: anyone who you have an existing business relationship with, but who has not given you express consent to send them email correspondence.
People have a tendency to think that because you have a business relationship with them, you are automatically allowed to send them email correspondence. Not so, under CASL. At best, you have implied consent from this person, and that means something very specific under CASL.
Here’s an example of implied consent. I meet you at a conference. I give you my business card, and tell you you can put me on your e-mailing list. You can add me to your e-mailing list, because I have given you “implied consent”. You need to then track me in your database after that initial contact. If I don’t interact with you for two years, (meaning I do not email you, buy from you or otherwise contact you) then you have to remove me from your emailing list. Implied consent only lasts for two years, after the grace period that is in effect starting July 1st.
However, if I do happen to make contact with you at some point, other than to specifically tell you to stop sending me emails, the implied consent timeline resets. In other words, you’re good to send me emails for another two years, starting from the day I made contact with you.
You can see why this could be an administrative nightmare.
That’s why in every case, it is much better to encourage your contacts to give you their express consent. That way, you can continue to send them email correspondence, until they decide to opt out of your list.
Main points of Implied Consent:
- Existing business relationship
- Good for 2 years (resets if you do business with the person again or they contact you via email)
- People who post their email addresses online who don’t specify they don’t want any spam or unsolicited CEMs could potentially be giving you implied consent (even though this one is really dodgy).
Express consent means anyone who has “opted-in” to receive your emails. That usually means they filled out a form on your website stating that they wanted to get your newsletter, or other email update.
You can legally send CEMs to any recipient who has given you express consent, as long as the correspondence adheres to the rules.
Any CEM you send to someone who has given express consent has to contain the following:
- Your company name, physical mailing address and business information
- An easy, clear way for the recipient to opt out of your correspondence, at any time.
You’d also do well to clearly label the email correspondence, whether it’s a newsletter or whatever it is, so that the person can remember signing up for it.
Keep in mind that the opt-out procedure can’t contain any duplicitous snares, like “Are you sure you want to opt out?” Of course they want to opt out. They clicked the “Unsubscribe” link.
You also can’t try to fool someone into opting in to your email list. Remember those checkboxes that were automatically checked, stating that you give the company permission to send you emails? They will have to go away. They’re illegal, according to CASL regulations.
How do you collect email?
Are you aware of how you collect email addresses? Is there a process by which you filter people signing up for your newsletters to undergo a specific opt in procedure? In short, are you making sure you can prove that a person signed up to receive your stuff? If you’re not sure, then you need to look at how that process works. What are you telling people they’re signing up for? Is that what they end up receiving?
Are you tracking what people are signing up for? If there isn’t a clear method by which you can prove that a person signed up specifically for your correspondence, then you need to tighten that up.
Keep in mind that each separate email correspondence (each channel) should be clearly identified. For example, if you are telling someone that they can expect product updates from you, then send them product updates. Don’t then start sending them updates about something else. Make sure that you identify exactly what it is you will be marketing, and have a sign up process through which you can clearly prove that people have signed up. Each channel needs a method by which you can prove people’s opt in.
If you intend to continue “scraping” email addresses form the web to build up your lists, be aware that anyone who has specified that they do not wish to receive spam would not be considered “implied” consent. Regardless of how that would be monitored, it’s just not worth it to scrape email addresses from the open web to make up your email lists. Who does that, anyway?
Permission-Based Email Marketing
Think of a pristine email list, full of people who are interested in hearing from you. That’s what you could have after adhering to CASL’s regulations and cleaning up your email collection/distribution methods. Even though your overall recipient numbers may go down at first as you clean things up, over time your open and click rates will go up. That’s what CASL could potentially bring about; a shift in consciousness when it comes to email marketing. It isn’t about grabbing as many addresses as you can for the possibility that someone will click on a link. It’s more about “Permission-Based” email marketing, where people opt in to receive your emails because they are genuinely interested in what you have to say.
When you have a list full of people who have given you permission, it becomes less about “marketing” and more about having a discussion with your supporters and brand evangelists. What a wonderful world it would be!
There are some marvelous resources out there with tons of useful tips about how to be CASL compliant.
Javed Khan of Empression has done extensive speaking and training on the subject of CASL.
If you have specific questions about anything, we’d be glad to answer what we can.
TREEFROG IS AN EMAIL SERVICE PROVIDER, AND OUR E-MAIL BROADCASTING PROGRAM IS FULLY CASL COMPLIANT. THROUGH BUILDING THIS PLATFORM, WE HAVE LEARNED QUITE A BIT ABOUT WHAT IT TAKES TO BE CASL-FRIENDLY. PLEASE SEND US YOUR QUESTIONS!
DISCLAIMER: THIS ARTICLE IS FOR INFORMATION PURPOSES ONLY. FOR SPECIFIC DETAILS ABOUT CASL AND THE LEGAL IMPLICATIONS FOR YOUR BUSINESS, IT IS IN YOUR BEST INTERESTS TO CONSULT A LAWYER TO ANSWER YOUR QUESTIONS.