Even if you’re not based in Canada, as long as you are sending Commercial Electronic Messages (CEMs) to e-mail addresses residing in Canada you will be subject to Bill C-28 – Canada’s Anti-Spam Legislation which will come into effect on July 1, 2014.
There are some excellent law firm micro sites and articles out there that have all of the legal nitty gritty you need. Some of my favourites are from Canadian firms, McMillan and Davis. However, as a legal and B2B marketer myself, I figured it would be helpful if I cut through a lot of the paperwork and gave you a high level overview on what you need to know.
What makes CASL so different from other Anti-Spam legislation around the world?
It applies to more than just email
CASL applies to “commercial electronic messages” or “CEM’s” which include e-mail, text, sound, voice or image. CAN-SPAM, for example, applies only to e-mail.
Your clients have to “Opt-In”.
CASL is based on an Opt-In model meaning the recipient has to actively give their consent to receive CEM’s from the sender. (See * below for more about some exemptions to this clause.) Other countries simply require an Opt-Out model whereby the consent to receive is implied unless the sender actively indicates that they do not wish to receive the communication.
And there’s a catch!
An electronic message that contains a request for consent to send CEM’s is considered to be a commercial electronic message covered under CASL. This means that an organization cannot contact a potential customer by email to obtain consent, unless there is a pre-existing relationship or the message is exempted under CASL. (See * below)
Unsubscribe mechanism – easy-to-use but they are a little bit longer.
Under CASL each CEM must contain an “Unsubscribe” mechanism that,
“must be able to be readily performed … should be accessed without difficulty or delay, and should be simple, quick, and easy for the consumer to use.”
This would imply some kind of automated and more functional “unsubscribe” feature is required. Under CAN-SPAM the requirement is simply required to be a,
“functioning return electronic mail address or other Internet mechanism.”
Under CASL, the unsubscribe must be active for 60 days as opposed to CAN-SPAM’s 30 days.
Identifying content requirements
As opposed to the basic identifying content required under other laws, e.g. a valid physical postal address of sender”, CASL requires that you “clearly and prominently” disclose the following information in your CEM:
- Mailing address;
- And either, (a) a telephone number with active response voice-mail, (b) an e-mail address or (c) a web address.
Penalities – they mean it!
If you violate CASL, you would be subject to a maximum penalty of $1,000,000 per violation in the case of an individual, and $10,000,000 per violation “in the case of another person”.
And don’t think that just because you’re not in Canada you won’t be liable under CASL. The CTRC (Canadian Radio-television and Communications Commission) is working with their foreign counterparts to conduct investigations and enforce CASL on their behalf.
So what’s a marketer to do?
Well there are some practical things that you need to look at that we covered in a previous post. In addition, it’s good to understand the relationships behind your mailing list as the Bill’s various exemptions may come into play.
CASL Exemptions include
* There are certain types of situations (such as when consent is implied), and certain types of messages, which are exempted from the consent requirement which legal marketers and other B2B businesses may use to support the position that they can contact potential clients by email.
1. Implied Consent if Existing Business Relationship.
If there is an “existing business relationship” with the party to whom you are sending the CEM you have a two year period within which you can contact them without gaining “express consent”. Practically speaking this means that you must ensure that your CRM system of other databases of client email addresses keep track of when (the actual date) a transaction or a request for information last took place, in order to be able to benefit from the implied consent under CASL.
Now what an “existing business relationship” means under CASL is a bit wordy but here it is for your reading pleasure.
An “existing business relationship” is a business relationship between the person to whom the message is sent (customer) and any person who sent or caused or permitted the message to be sent (sender), arising from:
the purchase or lease of a product, goods, a service, land or an interest or right in land, within the two-year period immediately before the day on which the message was sent or the bartering of any activity mentioned in this paragraph; the acceptance by the customer, within the two-year period immediately before the day on which the message was sent, of a business, investment or gaming opportunity offered;
a written contract entered into between the customer and any of those other persons in respect of a matter not referred above [under the two bullets above], if the contract is currently in existence or expired within the two-year period immediately before the day on which the message was sent; or
an inquiry or application, within the six-month period immediately before the day on which the message was sent, made by the customer, in respect of anything mentioned above (purchase or lease, business or investment or gaming opportunity etc.)
2. Implied Consent if the Business Contacted has Published or Disclosed an Email Address.
CASL states that consent is implied if the person to whom the message is sent has “conspicuously published”, or has caused to be conspicuously published, the electronic address to which the message is sent (for example, the email address is made available on his or her business website), the publication is not accompanied by a statement that the person does not wish to receive unsolicited commercial electronic messages at the electronic address and the message is relevant to the person’s business, role, functions or duties in a business or official capacity.
Similarly, CASL states that consent is implied if the person to whom the message is sent has disclosed (for instance, he or she has provided his or her business card at an industry conference), to the sender, the electronic address to which the message is sent without indicating a wish not to receive unsolicited CEMs at the electronic address, and the message is relevant to the person’s business, role, functions or duties in a business or official capacity.
The big question with these types of implied consent provisions is how to decide if the “message is relevant to the person’s business, role, functions or duties in a business or official capacity”. For example, my business email address is made available on the fSquared Marketing website and is not accompanied by a statement that I do not wish to receive unsolicited commercial electronic messages. While a third party could probably legally contact me in to promote a conference related to legal marketing and business development (arguably my areas of expertise), it is less clear whether a third party marketer could legally contact me to sell me or my firm printing services, offices supplies or video production.
3. Exclusions for Employees and Business types of Email Messages
So if a CEM is sent by an employee, representative, contractor or franchisee of an organization to another employee, representative, contractor or franchisee of the organization and that concerns the affairs of the organization, or to an employee, representative, contractor or franchisee of another organization if the organizations have a relationship at the time the message was sent and the message concerns the activities of the organization, they should be excluded.
4. Referral Marketing and CASL
Finally, marketers may use the referral marketing provision to avoid having to obtain an opt-in (express) consent.
What this means is that the consent requirement does not apply to the first CEM that is sent by a person for the purpose of contacting the individual to whom the message is sent following any referral by any individual who has;
- an existing business relationship with the person who sends the message,
- as well as with the individual to whom the message is sent;
- provided that the CEM discloses the full name of the individual or individuals who made the referral and;
- states that the message is sent as a result of the referral.
Still Confused about CASL?
You’re not the only one. I recently spoke with Eloise Gratton, Co-Chair of the Privacy Practice at McMillan, and an expert in CASL, about the practicalities of implementing CASL on a daily basis.
When I asked Eloise specifically about the Implied Consent provision in relation to B2B marketing she answered as follows:
“It’s very grey so I think it’s kind of on a case by case basis. We still don’t have guidance (from the CRTC) on how they’re going to interpret this wording so it’s grey. Again if you’re a law firm you’re going to have to be a little more careful than if you’re a new online marketing business.“
It is in fact so grey that I now feel the need for the following caveat …
While the above information does not constitute legal advice, we would be happy to chat to you about the practical implications of implementing CASL within your firm.