Has your business already violated the world’s strictest anti-spam law?
The Canadian Anti-Spam Legislation (CASL) is one of the toughest electronic messaging laws in the world. The Canadian Radio-television and Telecommunications Commission (CRTC), the law’s main enforcement body, can fine businesses up to $10 million per violation. Several businesses and even one individual have already been fined for failure to comply with CASL.
These are serious consequences for a simple email. It’s a situation in which good intentions do not matter. What does matter is the ability to prove your efforts to be compliant with CASL standards and provide an enforcement plan with appropriate safeguards and training for your staff.
CASL gives the power back to the consumer, and companies need to review and follow all elements of the law from consent to unsubscribe to identification. Here are five tips to help you get compliant with CASL:
1. Know when CASL applies to you.
If you send business emails to people located in Canada, CASL applies to you. And it’s not just bulk emails; it applies to some personal business emails as well.
“There is some confusion about what is an electronic message,” explained Derek Lackey, president of the Direct Marketing Association of Canada, CEO of -30- Strategic Communications—a division of Newport Thomson—and author of “CASL Compliance: A Marketer’s Guide to Email Marketing to Canadians.” “It’s any message sent to an electronic address. If someone sends you a direct one-to-one email on LinkedIn, that falls under CASL. If someone sends you a text message, they need to have your permission to send that text.
“It doesn’t matter where the message comes from either. If you’re an individual or organization sending promotional or commercial messages to Canadians, you fall under CASL.”
2. Don’t treat parts of CASL as optional.
CASL is the law. Anyone who sends a commercial electronic message to a Canadian must obey CASL. There are no exceptions for the size of the company or where the company is located.
Lackey continued, “Businesses are either choosing to ignore it or self-select. They’re saying, I’ll take care of the unsubscribe portion, but the consent thing is silly. These people are making a conscious decision to take a chance.”
“Just because you have a working unsubscribe in every email does not make you compliant. That’s such a small piece of the picture.”
3. Understand the difference between obeying the law and compliance.
Obeying the law of CASL means getting consent, only sending emails if you have consent, having a working unsubscribe function and making your identity clear. That’s following the actual law of CASL.
But what if one of your employees accidentally sends an email to 10,000 people on your unsubscribe list? How do you prove to the CRTC that it was a genuine accident?
“It’s not good enough to just obey the law; you must have policies and procedures around your email marketing programs,” said Lackey. “You need to know how the people got on your list and why they’re there. You need to train your staff so they’re not breaking the law on your behalf. You need to track it all. That’s compliance.
“If you can prove you’ve trained your staff, you’ve got a manual, you’ve done the checklist, then the CRTC is going to say, ‘Okay, we buy that this was a one-time mistake.’ But if that mistake happens and you don’t have any of that back up in place? You’re going to get charged.”
4. Have a manual for your email marketing programs.
Lackey says he can determine in one question if a business is CASL compliant, “Can you show me your policies and procedures manual?”’
To be CASL compliant and prove it during a CRTC investigation, you need a written policies and procedures manual outlining your email marketing programs. And you need to demonstrate that your employees are familiar with its content. Without it, you’re not compliant.
5. Know your current consent relationship with every contact on your email list.
“Almost no one can answer this question: Do you know how every single individual on your email list got there and what your current consent relationship is?” said Lackey. “That is CASL. And as of July 1, it’s black and white. You either have consent or you don’t.”
It’s not enough just to obtain consent, you need to maintain records of that consent and ensure that your consent falls within the timeframe required by CASL.
There are many misconceptions surrounding CASL, and compliance audits are one way to clear up the myths surrounding CASL and help businesses design compliance programs.
“When I first encountered CASL, I would have agreed with some lawyers that it’s the worst written law that I’ve seen,” said Lackey. “But the more time I spend applying it, the more I realize that it is beautifully crafted because it lets your company be your company without prescribing what to do with your email program. Most companies don’t appreciate the latitude they were given.”
Get familiar with the law by downloading “CASL: The Five Types of Consent and How to Achieve Them” where you’ll learn more about the difference between express and implied consent, determine how the two-year limit will impact your database and review the types of documents you need to maintain for the CRTC.
More from Digiday
At the Las Vegas Grand Prix, Mastercard joins a pack of consumer brands flocking to Formula One
For marketers looking to align their brands with F1’s expanded appeal to audiences, the Las Vegas Grand Prix is providing a slip road into the sport.
News publishers may be flocking to Bluesky, but many aren’t leaving X
The Guardian and NPR have left X, but don’t expect a wave of publishers to follow suit. Execs said the platform is still useful for some traffic and engaging with fandoms – despite its toxicity.
Buying with bots: AI search raises the bar for tailored shopping and transparency
AI search platforms like Perplexity and Amazon are adding new ways to shop, but where do the generated recommendations come from?